2 Unix SMB/CIFS implementation.
3 Wrapper for krb5_init_context
5 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Stefan Metzmacher 2004
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/kerberos.h"
26 #include "auth/kerberos/kerberos.h"
27 #include "lib/socket/socket.h"
28 #include "lib/stream/packet.h"
29 #include "system/network.h"
30 #include "param/param.h"
31 #include "libcli/resolve/resolve.h"
32 #include "../lib/tsocket/tsocket.h"
33 #include "krb5_init_context.h"
34 #ifdef SAMBA4_USES_HEIMDAL
35 #include "../lib/dbwrap/dbwrap.h"
36 #include "../lib/dbwrap/dbwrap_rbt.h"
37 #include "../lib/util/util_tdb.h"
38 #include <krb5/send_to_kdc_plugin.h>
42 context structure for operations on cldap packets
44 struct smb_krb5_socket {
45 struct socket_context *sock;
48 struct tevent_fd *fde;
51 DATA_BLOB request, reply;
53 struct packet_context *packet;
56 #ifdef SAMBA4_USES_HEIMDAL
61 static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
63 #ifdef SAMBA4_USES_HEIMDAL
64 if (ctx->pvt_log_data) {
65 /* Otherwise krb5_free_context will try and close what we
66 * have already free()ed */
67 krb5_set_warn_dest(ctx->krb5_context, NULL);
68 krb5_closelog(ctx->krb5_context,
69 (krb5_log_facility *)ctx->pvt_log_data);
72 krb5_free_context(ctx->krb5_context);
76 #ifdef SAMBA4_USES_HEIMDAL
77 /* We never close down the DEBUG system, and no need to unreference the use */
78 static void smb_krb5_debug_close(void *private_data) {
83 #ifdef SAMBA4_USES_HEIMDAL
84 static void smb_krb5_debug_wrapper(
85 #ifdef HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT
87 #endif /* HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT */
88 const char *timestr, const char *msg, void *private_data)
90 DEBUGC(DBGC_KERBEROS, 3, ("Kerberos: %s\n", msg));
94 #ifdef SAMBA4_USES_HEIMDAL
96 handle recv events on a smb_krb5 socket
98 static void smb_krb5_socket_recv(struct smb_krb5_socket *smb_krb5)
100 TALLOC_CTX *tmp_ctx = talloc_new(smb_krb5);
104 smb_krb5->status = socket_pending(smb_krb5->sock, &dsize);
105 if (!NT_STATUS_IS_OK(smb_krb5->status)) {
106 talloc_free(tmp_ctx);
110 blob = data_blob_talloc(tmp_ctx, NULL, dsize);
111 if (blob.data == NULL && dsize != 0) {
112 smb_krb5->status = NT_STATUS_NO_MEMORY;
113 talloc_free(tmp_ctx);
117 smb_krb5->status = socket_recv(smb_krb5->sock, blob.data, blob.length, &nread);
118 if (!NT_STATUS_IS_OK(smb_krb5->status)) {
119 talloc_free(tmp_ctx);
125 smb_krb5->status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
126 talloc_free(tmp_ctx);
130 DEBUG(4,("Received smb_krb5 packet of length %d\n",
133 talloc_steal(smb_krb5, blob.data);
134 smb_krb5->reply = blob;
135 talloc_free(tmp_ctx);
138 static NTSTATUS smb_krb5_full_packet(void *private_data, DATA_BLOB data)
140 struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
141 talloc_steal(smb_krb5, data.data);
142 smb_krb5->reply = data;
143 smb_krb5->reply.length -= 4;
144 smb_krb5->reply.data += 4;
149 handle request timeouts
151 static void smb_krb5_request_timeout(struct tevent_context *event_ctx,
152 struct tevent_timer *te, struct timeval t,
155 struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
156 DEBUG(5,("Timed out smb_krb5 packet\n"));
157 smb_krb5->status = NT_STATUS_IO_TIMEOUT;
160 static void smb_krb5_error_handler(void *private_data, NTSTATUS status)
162 struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
163 smb_krb5->status = status;
167 handle send events on a smb_krb5 socket
169 static void smb_krb5_socket_send(struct smb_krb5_socket *smb_krb5)
175 len = smb_krb5->request.length;
176 status = socket_send(smb_krb5->sock, &smb_krb5->request, &len);
178 if (!NT_STATUS_IS_OK(status)) return;
180 TEVENT_FD_READABLE(smb_krb5->fde);
182 TEVENT_FD_NOT_WRITEABLE(smb_krb5->fde);
188 handle fd events on a smb_krb5_socket
190 static void smb_krb5_socket_handler(struct tevent_context *ev, struct tevent_fd *fde,
191 uint16_t flags, void *private_data)
193 struct smb_krb5_socket *smb_krb5 = talloc_get_type(private_data, struct smb_krb5_socket);
194 switch (smb_krb5->hi->proto) {
195 case KRB5_KRBHST_UDP:
196 if (flags & TEVENT_FD_READ) {
197 smb_krb5_socket_recv(smb_krb5);
200 if (flags & TEVENT_FD_WRITE) {
201 smb_krb5_socket_send(smb_krb5);
206 case KRB5_KRBHST_TCP:
207 if (flags & TEVENT_FD_READ) {
208 packet_recv(smb_krb5->packet);
211 if (flags & TEVENT_FD_WRITE) {
212 packet_queue_run(smb_krb5->packet);
217 case KRB5_KRBHST_HTTP:
223 static krb5_error_code smb_krb5_send_and_recv_func_int(struct smb_krb5_context *smb_krb5_context,
224 struct tevent_context *ev,
225 krb5_krbhst_info *hi,
227 smb_krb5_send_to_kdc_func func,
230 const krb5_data *send_buf,
237 struct smb_krb5_socket *smb_krb5;
241 TALLOC_CTX *frame = talloc_stackframe();
246 send_blob = data_blob_const(send_buf->data, send_buf->length);
248 for (a = ai; a; a = a->ai_next) {
249 struct socket_address *remote_addr;
250 smb_krb5 = talloc(frame, struct smb_krb5_socket);
257 switch (a->ai_family) {
271 status = NT_STATUS_INVALID_PARAMETER;
273 case KRB5_KRBHST_UDP:
274 status = socket_create(smb_krb5, name,
278 case KRB5_KRBHST_TCP:
279 status = socket_create(smb_krb5, name,
283 case KRB5_KRBHST_HTTP:
287 if (!NT_STATUS_IS_OK(status)) {
288 talloc_free(smb_krb5);
292 remote_addr = socket_address_from_sockaddr(smb_krb5, a->ai_addr, a->ai_addrlen);
294 talloc_free(smb_krb5);
298 status = socket_connect_ev(smb_krb5->sock, NULL, remote_addr, 0, ev);
299 if (!NT_STATUS_IS_OK(status)) {
300 talloc_free(smb_krb5);
304 /* Setup the FDE, start listening for read events
305 * from the start (otherwise we may miss a socket
306 * drop) and mark as AUTOCLOSE along with the fde */
308 /* This is equivalent to EVENT_FD_READABLE(smb_krb5->fde) */
309 smb_krb5->fde = tevent_add_fd(ev, smb_krb5->sock,
310 socket_get_fd(smb_krb5->sock),
312 smb_krb5_socket_handler, smb_krb5);
313 /* its now the job of the event layer to close the socket */
314 tevent_fd_set_close_fn(smb_krb5->fde, socket_tevent_fd_close_fn);
315 socket_set_flags(smb_krb5->sock, SOCKET_FLAG_NOCLOSE);
317 tevent_add_timer(ev, smb_krb5,
318 timeval_current_ofs(timeout, 0),
319 smb_krb5_request_timeout, smb_krb5);
321 smb_krb5->status = NT_STATUS_OK;
322 smb_krb5->reply = data_blob(NULL, 0);
325 case KRB5_KRBHST_UDP:
326 TEVENT_FD_WRITEABLE(smb_krb5->fde);
327 smb_krb5->request = send_blob;
329 case KRB5_KRBHST_TCP:
331 smb_krb5->packet = packet_init(smb_krb5);
332 if (smb_krb5->packet == NULL) {
333 talloc_free(smb_krb5);
336 packet_set_private(smb_krb5->packet, smb_krb5);
337 packet_set_socket(smb_krb5->packet, smb_krb5->sock);
338 packet_set_callback(smb_krb5->packet, smb_krb5_full_packet);
339 packet_set_full_request(smb_krb5->packet, packet_full_request_u32);
340 packet_set_error_handler(smb_krb5->packet, smb_krb5_error_handler);
341 packet_set_event_context(smb_krb5->packet, ev);
342 packet_set_fde(smb_krb5->packet, smb_krb5->fde);
344 smb_krb5->request = data_blob_talloc(smb_krb5, NULL, send_blob.length + 4);
345 RSIVAL(smb_krb5->request.data, 0, send_blob.length);
346 memcpy(smb_krb5->request.data+4, send_blob.data, send_blob.length);
347 packet_send(smb_krb5->packet, smb_krb5->request);
349 case KRB5_KRBHST_HTTP:
353 while ((NT_STATUS_IS_OK(smb_krb5->status)) && !smb_krb5->reply.length) {
354 if (tevent_loop_once(ev) != 0) {
360 /* After each and every event loop, reset the
361 * send_to_kdc pointers to what they were when
362 * we entered this loop. That way, if a
363 * nested event has invalidated them, we put
364 * it back before we return to the heimdal
366 ret = smb_krb5_set_send_to_kdc_func(smb_krb5_context,
367 NULL, /* send_to_realm */
376 if (NT_STATUS_EQUAL(smb_krb5->status, NT_STATUS_IO_TIMEOUT)) {
377 talloc_free(smb_krb5);
381 if (!NT_STATUS_IS_OK(smb_krb5->status)) {
382 struct tsocket_address *addr = socket_address_to_tsocket_address(smb_krb5, remote_addr);
383 const char *addr_string = NULL;
385 addr_string = tsocket_address_inet_addr_string(addr, smb_krb5);
389 DEBUG(2,("Error reading smb_krb5 reply packet: %s from %s\n", nt_errstr(smb_krb5->status),
391 talloc_free(smb_krb5);
395 ret = krb5_data_copy(recv_buf, smb_krb5->reply.data, smb_krb5->reply.length);
400 talloc_free(smb_krb5);
408 return KRB5_KDC_UNREACH;
411 krb5_error_code smb_krb5_send_and_recv_func(struct smb_krb5_context *smb_krb5_context,
413 krb5_krbhst_info *hi,
415 const krb5_data *send_buf,
421 struct tevent_context *ev;
422 TALLOC_CTX *frame = talloc_stackframe();
428 /* If no event context was available, then create one for this loop */
429 ev = samba_tevent_context_init(frame);
435 ev = talloc_get_type_abort(data, struct tevent_context);
438 ret = krb5_krbhst_get_addrinfo(smb_krb5_context->krb5_context, hi, &ai);
444 ret = smb_krb5_send_and_recv_func_int(smb_krb5_context,
446 smb_krb5_send_and_recv_func,
447 data, timeout, send_buf, recv_buf);
452 krb5_error_code smb_krb5_send_and_recv_func_forced_tcp(struct smb_krb5_context *smb_krb5_context,
455 const krb5_data *send_buf,
458 krb5_error_code k5ret;
459 krb5_krbhst_info hi = {
460 .proto = KRB5_KRBHST_TCP,
462 struct tevent_context *ev;
463 TALLOC_CTX *frame = talloc_stackframe();
468 /* no event context is passed in, create one for this loop */
469 ev = samba_tevent_context_init(frame);
475 /* No need to pass in send_and_recv functions, we won't nest on this private event loop */
476 k5ret = smb_krb5_send_and_recv_func_int(smb_krb5_context, ev, &hi, ai, NULL, NULL,
477 timeout, send_buf, recv_buf);
482 static struct db_context *smb_krb5_plugin_db;
484 struct smb_krb5_send_to_kdc_state {
486 struct smb_krb5_context *smb_krb5_context;
487 smb_krb5_send_to_realm_func send_to_realm;
488 smb_krb5_send_to_kdc_func send_to_kdc;
492 static int smb_krb5_send_to_kdc_state_destructor(struct smb_krb5_send_to_kdc_state *state)
494 TDB_DATA key = make_tdb_data((uint8_t *)&state->key_ptr, sizeof(state->key_ptr));
497 status = dbwrap_delete(smb_krb5_plugin_db, key);
498 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
499 status = NT_STATUS_OK;
501 if (!NT_STATUS_IS_OK(status)) {
505 state->smb_krb5_context = NULL;
509 krb5_error_code smb_krb5_set_send_to_kdc_func(struct smb_krb5_context *smb_krb5_context,
510 smb_krb5_send_to_realm_func send_to_realm,
511 smb_krb5_send_to_kdc_func send_to_kdc,
514 intptr_t key_ptr = (intptr_t)smb_krb5_context->krb5_context;
515 TDB_DATA key = make_tdb_data((uint8_t *)&key_ptr, sizeof(key_ptr));
516 intptr_t value_ptr = (intptr_t)NULL;
517 TDB_DATA value = make_tdb_data(NULL, 0);
518 struct db_record *rec = NULL;
519 struct smb_krb5_send_to_kdc_state *state = NULL;
522 rec = dbwrap_fetch_locked(smb_krb5_plugin_db, smb_krb5_context, key);
527 value = dbwrap_record_get_value(rec);
528 if (value.dsize != 0) {
529 SMB_ASSERT(value.dsize == sizeof(value_ptr));
530 memcpy(&value_ptr, value.dptr, sizeof(value_ptr));
531 state = talloc_get_type_abort((const void *)value_ptr,
532 struct smb_krb5_send_to_kdc_state);
533 if (send_to_realm == NULL && send_to_kdc == NULL) {
534 status = dbwrap_record_delete(rec);
536 if (!NT_STATUS_IS_OK(status)) {
541 state->send_to_realm = send_to_realm;
542 state->send_to_kdc = send_to_kdc;
543 state->private_data = private_data;
548 if (send_to_kdc == NULL && send_to_realm == NULL) {
553 state = talloc_zero(smb_krb5_context,
554 struct smb_krb5_send_to_kdc_state);
559 state->key_ptr = key_ptr;
560 state->smb_krb5_context = smb_krb5_context;
561 state->send_to_realm = send_to_realm;
562 state->send_to_kdc = send_to_kdc;
563 state->private_data = private_data;
565 value_ptr = (intptr_t)state;
566 value = make_tdb_data((uint8_t *)&value_ptr, sizeof(value_ptr));
568 status = dbwrap_record_store(rec, value, TDB_INSERT);
570 if (!NT_STATUS_IS_OK(status)) {
573 talloc_set_destructor(state, smb_krb5_send_to_kdc_state_destructor);
578 static krb5_error_code smb_krb5_plugin_init(krb5_context context, void **pctx)
584 static void smb_krb5_plugin_fini(void *ctx)
588 static void smb_krb5_send_to_kdc_state_parser(TDB_DATA key, TDB_DATA value,
591 struct smb_krb5_send_to_kdc_state **state =
592 (struct smb_krb5_send_to_kdc_state **)private_data;
595 SMB_ASSERT(value.dsize == sizeof(value_ptr));
596 memcpy(&value_ptr, value.dptr, sizeof(value_ptr));
597 *state = talloc_get_type_abort((const void *)value_ptr,
598 struct smb_krb5_send_to_kdc_state);
601 static struct smb_krb5_send_to_kdc_state *
602 smb_krb5_send_to_kdc_get_state(krb5_context context)
604 intptr_t key_ptr = (intptr_t)context;
605 TDB_DATA key = make_tdb_data((uint8_t *)&key_ptr, sizeof(key_ptr));
606 struct smb_krb5_send_to_kdc_state *state = NULL;
609 status = dbwrap_parse_record(smb_krb5_plugin_db, key,
610 smb_krb5_send_to_kdc_state_parser,
612 if (!NT_STATUS_IS_OK(status)) {
619 static krb5_error_code smb_krb5_plugin_send_to_kdc(krb5_context context,
621 krb5_krbhst_info *ho,
626 struct smb_krb5_send_to_kdc_state *state = NULL;
628 state = smb_krb5_send_to_kdc_get_state(context);
630 return KRB5_PLUGIN_NO_HANDLE;
633 if (state->send_to_kdc == NULL) {
634 return KRB5_PLUGIN_NO_HANDLE;
637 return state->send_to_kdc(state->smb_krb5_context,
639 ho, timeout, in, out);
642 static krb5_error_code smb_krb5_plugin_send_to_realm(krb5_context context,
644 krb5_const_realm realm,
649 struct smb_krb5_send_to_kdc_state *state = NULL;
651 state = smb_krb5_send_to_kdc_get_state(context);
653 return KRB5_PLUGIN_NO_HANDLE;
656 if (state->send_to_realm == NULL) {
657 return KRB5_PLUGIN_NO_HANDLE;
660 return state->send_to_realm(state->smb_krb5_context,
662 realm, timeout, in, out);
665 static krb5plugin_send_to_kdc_ftable smb_krb5_plugin_ftable = {
666 KRB5_PLUGIN_SEND_TO_KDC_VERSION_2,
667 smb_krb5_plugin_init,
668 smb_krb5_plugin_fini,
669 smb_krb5_plugin_send_to_kdc,
670 smb_krb5_plugin_send_to_realm
675 smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
676 struct loadparm_context *lp_ctx,
677 krb5_context *_krb5_context)
680 #ifdef SAMBA4_USES_HEIMDAL
682 const char *config_file, *realm;
684 krb5_context krb5_ctx;
686 ret = smb_krb5_init_context_common(&krb5_ctx);
691 /* The MIT Kerberos build relies on using the system krb5.conf file.
692 * If you really want to use another file please set KRB5_CONFIG
694 #ifdef SAMBA4_USES_HEIMDAL
695 config_file = lpcfg_config_path(tmp_ctx, lp_ctx, "krb5.conf");
697 krb5_free_context(krb5_ctx);
701 /* Use our local krb5.conf file by default */
702 ret = krb5_prepend_config_files_default(config_file, &config_files);
704 DEBUG(1,("krb5_prepend_config_files_default failed (%s)\n",
705 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
706 krb5_free_context(krb5_ctx);
710 ret = krb5_set_config_files(krb5_ctx, config_files);
711 krb5_free_config_files(config_files);
713 DEBUG(1,("krb5_set_config_files failed (%s)\n",
714 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
715 krb5_free_context(krb5_ctx);
720 * This is already called in smb_krb5_init_context_common(),
721 * but krb5_set_config_files() may resets it.
723 krb5_set_dns_canonicalize_hostname(krb5_ctx, false);
725 realm = lpcfg_realm(lp_ctx);
727 ret = krb5_set_default_realm(krb5_ctx, realm);
729 DEBUG(1,("krb5_set_default_realm failed (%s)\n",
730 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
731 krb5_free_context(krb5_ctx);
736 if (smb_krb5_plugin_db == NULL) {
738 * while krb5_plugin_register() takes a krb5_context,
739 * plugins are registered into a global list, so
740 * we only do that once
742 * We maintain a separate dispatch table for per
743 * krb5_context state.
745 ret = krb5_plugin_register(krb5_ctx, PLUGIN_TYPE_DATA,
746 KRB5_PLUGIN_SEND_TO_KDC,
747 &smb_krb5_plugin_ftable);
749 DEBUG(1,("krb5_plugin_register(KRB5_PLUGIN_SEND_TO_KDC) failed (%s)\n",
750 smb_get_krb5_error_message(krb5_ctx, ret, tmp_ctx)));
751 krb5_free_context(krb5_ctx);
754 smb_krb5_plugin_db = db_open_rbt(NULL);
755 if (smb_krb5_plugin_db == NULL) {
756 DEBUG(1,("db_open_rbt() failed\n"));
757 krb5_free_context(krb5_ctx);
762 *_krb5_context = krb5_ctx;
766 krb5_error_code smb_krb5_init_context(void *parent_ctx,
767 struct loadparm_context *lp_ctx,
768 struct smb_krb5_context **smb_krb5_context)
773 #ifdef SAMBA4_USES_HEIMDAL
774 krb5_log_facility *logf;
777 tmp_ctx = talloc_new(parent_ctx);
778 *smb_krb5_context = talloc_zero(tmp_ctx, struct smb_krb5_context);
780 if (!*smb_krb5_context || !tmp_ctx) {
781 talloc_free(tmp_ctx);
785 ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
787 DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
788 error_message(ret)));
789 talloc_free(tmp_ctx);
792 (*smb_krb5_context)->krb5_context = kctx;
794 talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
796 #ifdef SAMBA4_USES_HEIMDAL
797 /* TODO: Should we have a different name here? */
798 ret = krb5_initlog(kctx, "Samba", &logf);
801 DEBUG(1,("krb5_initlog failed (%s)\n",
802 smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
803 talloc_free(tmp_ctx);
806 (*smb_krb5_context)->pvt_log_data = logf;
808 ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
809 smb_krb5_debug_wrapper,
810 smb_krb5_debug_close, NULL);
812 DEBUG(1,("krb5_addlog_func failed (%s)\n",
813 smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
814 talloc_free(tmp_ctx);
817 krb5_set_warn_dest(kctx, logf);
819 talloc_steal(parent_ctx, *smb_krb5_context);
820 talloc_free(tmp_ctx);
825 #ifdef SAMBA4_USES_HEIMDAL
826 krb5_error_code smb_krb5_context_set_event_ctx(struct smb_krb5_context *smb_krb5_context,
827 struct tevent_context *ev,
828 struct tevent_context **previous_ev)
835 *previous_ev = smb_krb5_context->current_ev;
837 smb_krb5_context->current_ev = talloc_reference(smb_krb5_context, ev);
838 if (!smb_krb5_context->current_ev) {
842 /* Set use of our socket lib */
843 ret = smb_krb5_set_send_to_kdc_func(smb_krb5_context,
844 NULL, /* send_to_realm */
845 smb_krb5_send_and_recv_func,
848 TALLOC_CTX *tmp_ctx = talloc_new(NULL);
849 DEBUG(1,("smb_krb5_set_send_recv_func failed (%s)\n",
850 smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, tmp_ctx)));
851 talloc_free(tmp_ctx);
852 talloc_unlink(smb_krb5_context, smb_krb5_context->current_ev);
853 smb_krb5_context->current_ev = NULL;
859 krb5_error_code smb_krb5_context_remove_event_ctx(struct smb_krb5_context *smb_krb5_context,
860 struct tevent_context *previous_ev,
861 struct tevent_context *ev)
864 talloc_unlink(smb_krb5_context, ev);
865 /* If there was a mismatch with things happening on a stack, then don't wipe things */
866 smb_krb5_context->current_ev = previous_ev;
867 /* Set use of our socket lib */
868 ret = smb_krb5_set_send_to_kdc_func(smb_krb5_context,
869 NULL, /* send_to_realm */
870 smb_krb5_send_and_recv_func,
873 TALLOC_CTX *tmp_ctx = talloc_new(NULL);
874 DEBUG(1,("smb_krb5_set_send_recv_func failed (%s)\n",
875 smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, tmp_ctx)));
876 talloc_free(tmp_ctx);