#include "includes.h"
#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
#include <keyutils.h>
#include <getopt.h>
samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER=no)])
if test x"$samba_cv_HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER" = x"yes"; then
- AC_DEFINE(KRB5_DEPRECATED, 1,
- [Whether to use deprecated krb5 interfaces])
- else
- AC_DEFINE(KRB5_DEPRECATED,,
+ AC_DEFINE(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER, 1,
[Whether to use deprecated krb5 interfaces])
fi
fi
#include "../libds/common/flags.h"
+/*
+ * This should be under the HAVE_KRB5 flag but since they're used
+ * in lp_kerberos_method(), they ned to be always available
+ */
+#define KERBEROS_VERIFY_SECRETS 0
+#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
+#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
+#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
+
+/*
+ * If you add any entries to the above, please modify the below expressions
+ * so they remain accurate.
+ */
+#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
+#define USE_SYSTEM_KEYTAB \
+ ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
+ (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
+
#define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00")
#define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00")
#define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00")
/* Kerberos environment variable names */
#define KRB5_ENV_CCNAME "KRB5CCNAME"
-/* Heimdal uses a slightly different name */
-#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
-#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
-#endif
-
-/* The older versions of heimdal that don't have this
- define don't seem to use it anyway. I'm told they
- always use a subkey */
-#ifndef HAVE_AP_OPTS_USE_SUBKEY
-#define AP_OPTS_USE_SUBKEY 0
-#endif
-
#define WELL_KNOWN_GUID_COMPUTERS "AA312825768811D1ADED00C04FD8D5CD"
#define WELL_KNOWN_GUID_USERS "A9D1CA15768811D1ADED00C04FD8D5CD"
-#ifndef KRB5_ADDR_NETBIOS
-#define KRB5_ADDR_NETBIOS 0x14
-#endif
-
-#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
-#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
-#endif
-
-#ifdef HAVE_KRB5
-typedef struct {
-#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
- krb5_address **addrs;
-#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
- krb5_addresses *addrs;
-#else
-#error UNKNOWN_KRB5_ADDRESS_TYPE
-#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
-} smb_krb5_addresses;
-
-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
-#define KRB5_KEY_TYPE(k) ((k)->keytype)
-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
-#define KRB5_KEY_DATA_CAST void
-#else /* MIT */
-#define KRB5_KEY_TYPE(k) ((k)->enctype)
-#define KRB5_KEY_LENGTH(k) ((k)->length)
-#define KRB5_KEY_DATA(k) ((k)->contents)
-#define KRB5_KEY_DATA_CAST krb5_octet
-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
-
-#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
-#define KRB5_KT_KEY(k) (&(k)->key)
-#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
-#define KRB5_KT_KEY(k) (&(k)->keyblock)
-#else
-#error krb5_keytab_entry has no key or keyblock member
-#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
-
-#endif /* HAVE_KRB5 */
-
enum ads_extended_dn_flags {
ADS_EXTENDED_DN_HEX_STRING = 0,
ADS_EXTENDED_DN_STRING = 1 /* not supported on win2k */
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-/* work around broken krb5.h on sles9 */
-#ifdef SIZEOF_LONG
-#undef SIZEOF_LONG
-#endif
-
#include "../replace/replace.h"
/* make sure we have included the correct config.h */
#endif
#endif /* HAVE_NETGROUP */
-#if HAVE_KRB5_H
-#include <krb5.h>
-#else
+#ifndef HAVE_KRB5_H
#undef HAVE_KRB5
#endif
#define XATTR_REPLACE 0x2 /* set value, fail if attr does not exist */
#endif
-/*
- * This should be under the HAVE_KRB5 flag but since they're used
- * in lp_kerberos_method(), they ned to be always available
- */
-#define KERBEROS_VERIFY_SECRETS 0
-#define KERBEROS_VERIFY_SYSTEM_KEYTAB 1
-#define KERBEROS_VERIFY_DEDICATED_KEYTAB 2
-#define KERBEROS_VERIFY_SECRETS_AND_KEYTAB 3
-
-/*
- * If you add any entries to the above, please modify the below expressions
- * so they remain accurate.
- */
-#define USE_KERBEROS_KEYTAB (KERBEROS_VERIFY_SECRETS != lp_kerberos_method())
-#define USE_SYSTEM_KEYTAB \
- ((KERBEROS_VERIFY_SECRETS_AND_KEYTAB == lp_kerberos_method()) || \
- (KERBEROS_VERIFY_SYSTEM_KEYTAB == lp_kerberos_method()))
-
-#if defined(HAVE_KRB5)
-krb5_error_code smb_krb5_parse_name(krb5_context context,
- const char *name, /* in unix charset */
- krb5_principal *principal);
-
-krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_const_principal principal,
- char **unix_name);
-
-#ifndef HAVE_KRB5_SET_REAL_TIME
-krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
-#endif
-
-krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
-
-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
-krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
-#endif
-
-#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
-void krb5_free_unparsed_name(krb5_context ctx, char *val);
-#endif
-
-/* Stub out initialize_krb5_error_table since it is not present in all
- * Kerberos implementations. If it's not present, it's not necessary to
- * call it.
- */
-#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE
-#define initialize_krb5_error_table()
-#endif
-
-/* Samba wrapper function for krb5 functionality. */
-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
-int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
-bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
-krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#if defined(HAVE_KRB5_LOCATE_KDC)
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#endif
-krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
-bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
-krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
-krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype);
-void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
-bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
-void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
-NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
- DATA_BLOB *pac_data_blob,
- krb5_context context,
- krb5_keyblock *service_keyblock,
- krb5_const_principal client_principal,
- time_t tgs_authtime,
- struct PAC_DATA **pac_data_out);
-void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
- struct PAC_SIGNATURE_DATA *sig);
-krb5_error_code smb_krb5_verify_checksum(krb5_context context,
- const krb5_keyblock *keyblock,
- krb5_keyusage usage,
- krb5_checksum *cksum,
- uint8 *data,
- size_t length);
-time_t get_authtime_from_tkt(krb5_ticket *tkt);
-void smb_krb5_free_ap_req(krb5_context context,
- krb5_ap_req *ap_req);
-krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context,
- const krb5_data *inbuf,
- krb5_kvno *kvno,
- krb5_enctype *enctype);
-krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_data *inbuf,
- krb5_const_principal server,
- krb5_keytab keytab,
- krb5_flags *ap_req_options,
- krb5_ticket **ticket,
- krb5_keyblock **keyblock);
-krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
- const char *name,
- krb5_principal *principal);
-bool smb_krb5_principal_compare_any_realm(krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2);
-int cli_krb5_get_ticket(const char *principal, time_t time_offset,
- DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
- uint32 extra_ap_opts, const char *ccname,
- time_t *tgs_expire,
- const char *impersonate_princ_s);
-krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
-krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
-krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
-krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
-NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
-krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
-void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
-krb5_error_code handle_krberror_packet(krb5_context context,
- krb5_data *packet);
-
-void smb_krb5_get_init_creds_opt_free(krb5_context context,
- krb5_get_init_creds_opt *opt);
-krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
- krb5_get_init_creds_opt **opt);
-krb5_error_code smb_krb5_mk_error(krb5_context context,
- krb5_error_code error_code,
- const krb5_principal server,
- krb5_data *reply);
-krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
-krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
- krb5_enctype enctype,
- char **etype_s);
-krb5_error_code smb_krb5_open_keytab(krb5_context context,
- const char *keytab_name,
- bool write_access,
- krb5_keytab *keytab);
-krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_keytab keytab,
- const char **keytab_name);
-int smb_krb5_kt_add_entry_ext(krb5_context context,
- krb5_keytab keytab,
- krb5_kvno kvno,
- const char *princ_s,
- krb5_enctype *enctypes,
- krb5_data password,
- bool no_salt,
- bool keep_old_entries);
-krb5_error_code smb_krb5_get_credentials(krb5_context context,
- krb5_ccache ccache,
- krb5_principal me,
- krb5_principal server,
- krb5_principal impersonate_princ,
- krb5_creds **out_creds);
-krb5_error_code smb_krb5_get_creds(const char *server_s,
- time_t time_offset,
- const char *cc,
- const char *impersonate_princ_s,
- krb5_creds **creds_p);
-char *smb_krb5_principal_get_realm(krb5_context context,
- krb5_principal principal);
-#endif /* HAVE_KRB5 */
-
-
#ifdef HAVE_LDAP
/* function declarations not included in proto.h */
--- /dev/null
+/* work around broken krb5.h on sles9 */
+#ifdef SIZEOF_LONG
+#undef SIZEOF_LONG
+#endif
+
+
+#if defined(HAVE_KRB5)
+krb5_error_code smb_krb5_parse_name(krb5_context context,
+ const char *name, /* in unix charset */
+ krb5_principal *principal);
+
+krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ char **unix_name);
+
+#ifndef HAVE_KRB5_SET_REAL_TIME
+krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds);
+#endif
+
+krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc);
+
+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
+krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock);
+#endif
+
+#ifndef HAVE_KRB5_FREE_UNPARSED_NAME
+void krb5_free_unparsed_name(krb5_context ctx, char *val);
+#endif
+
+/* Stub out initialize_krb5_error_table since it is not present in all
+ * Kerberos implementations. If it's not present, it's not necessary to
+ * call it.
+ */
+#ifndef HAVE_INITIALIZE_KRB5_ERROR_TABLE
+#define initialize_krb5_error_table()
+#endif
+
+/* Samba wrapper function for krb5 functionality. */
+bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
+int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
+bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
+krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
+krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
+#if defined(HAVE_KRB5_LOCATE_KDC)
+krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
+#endif
+krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
+bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote);
+krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
+krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context, krb5_principal host_princ, int enctype);
+void kerberos_set_creds_enctype(krb5_creds *pcreds, int enctype);
+bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2);
+void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
+NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data_blob,
+ krb5_context context,
+ krb5_keyblock *service_keyblock,
+ krb5_const_principal client_principal,
+ time_t tgs_authtime,
+ struct PAC_DATA **pac_data_out);
+void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
+ struct PAC_SIGNATURE_DATA *sig);
+krb5_error_code smb_krb5_verify_checksum(krb5_context context,
+ const krb5_keyblock *keyblock,
+ krb5_keyusage usage,
+ krb5_checksum *cksum,
+ uint8 *data,
+ size_t length);
+time_t get_authtime_from_tkt(krb5_ticket *tkt);
+void smb_krb5_free_ap_req(krb5_context context,
+ krb5_ap_req *ap_req);
+krb5_error_code smb_krb5_get_keyinfo_from_ap_req(krb5_context context,
+ const krb5_data *inbuf,
+ krb5_kvno *kvno,
+ krb5_enctype *enctype);
+krb5_error_code krb5_rd_req_return_keyblock_from_keytab(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_data *inbuf,
+ krb5_const_principal server,
+ krb5_keytab keytab,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket,
+ krb5_keyblock **keyblock);
+krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
+ const char *name,
+ krb5_principal *principal);
+bool smb_krb5_principal_compare_any_realm(krb5_context context,
+ krb5_const_principal princ1,
+ krb5_const_principal princ2);
+int cli_krb5_get_ticket(const char *principal, time_t time_offset,
+ DATA_BLOB *ticket, DATA_BLOB *session_key_krb5,
+ uint32 extra_ap_opts, const char *ccname,
+ time_t *tgs_expire,
+ const char *impersonate_princ_s);
+krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
+krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
+krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
+krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
+NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
+krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
+void smb_krb5_free_error(krb5_context context, krb5_error *krberror);
+krb5_error_code handle_krberror_packet(krb5_context context,
+ krb5_data *packet);
+
+void smb_krb5_get_init_creds_opt_free(krb5_context context,
+ krb5_get_init_creds_opt *opt);
+krb5_error_code smb_krb5_get_init_creds_opt_alloc(krb5_context context,
+ krb5_get_init_creds_opt **opt);
+krb5_error_code smb_krb5_mk_error(krb5_context context,
+ krb5_error_code error_code,
+ const krb5_principal server,
+ krb5_data *reply);
+krb5_enctype smb_get_enctype_from_kt_entry(krb5_keytab_entry *kt_entry);
+krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
+ krb5_enctype enctype,
+ char **etype_s);
+krb5_error_code smb_krb5_open_keytab(krb5_context context,
+ const char *keytab_name,
+ bool write_access,
+ krb5_keytab *keytab);
+krb5_error_code smb_krb5_keytab_name(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_keytab keytab,
+ const char **keytab_name);
+int smb_krb5_kt_add_entry_ext(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_enctype *enctypes,
+ krb5_data password,
+ bool no_salt,
+ bool keep_old_entries);
+krb5_error_code smb_krb5_get_credentials(krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal me,
+ krb5_principal server,
+ krb5_principal impersonate_princ,
+ krb5_creds **out_creds);
+krb5_error_code smb_krb5_get_creds(const char *server_s,
+ time_t time_offset,
+ const char *cc,
+ const char *impersonate_princ_s,
+ krb5_creds **creds_p);
+char *smb_krb5_principal_get_realm(krb5_context context,
+ krb5_principal principal);
+#endif /* HAVE_KRB5 */
+
--- /dev/null
+#ifndef _HEADER_smb_krb5_h
+#define _HEADER_smb_krb5_h
+
+#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
+/* this file uses DEPRECATED interfaces! */
+
+#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
+#define KRB5_DEPRECATED 1
+#else
+#define KRB5_DEPRECATED
+#endif
+
+#if HAVE_KRB5_H
+#include <krb5.h>
+#endif
+
+#ifndef KRB5_ADDR_NETBIOS
+#define KRB5_ADDR_NETBIOS 0x14
+#endif
+
+#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
+#endif
+
+/* Heimdal uses a slightly different name */
+#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
+#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
+#endif
+
+/* The older versions of heimdal that don't have this
+ define don't seem to use it anyway. I'm told they
+ always use a subkey */
+#ifndef HAVE_AP_OPTS_USE_SUBKEY
+#define AP_OPTS_USE_SUBKEY 0
+#endif
+
+#ifdef HAVE_KRB5
+typedef struct {
+#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
+ krb5_address **addrs;
+#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
+ krb5_addresses *addrs;
+#else
+#error UNKNOWN_KRB5_ADDRESS_TYPE
+#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
+} smb_krb5_addresses;
+
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
+#define KRB5_KEY_TYPE(k) ((k)->keytype)
+#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
+#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
+#define KRB5_KEY_DATA_CAST void
+#else /* MIT */
+#define KRB5_KEY_TYPE(k) ((k)->enctype)
+#define KRB5_KEY_LENGTH(k) ((k)->length)
+#define KRB5_KEY_DATA(k) ((k)->contents)
+#define KRB5_KEY_DATA_CAST krb5_octet
+#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
+
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
+#define KRB5_KT_KEY(k) (&(k)->key)
+#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
+#define KRB5_KT_KEY(k) (&(k)->keyblock)
+#else
+#error krb5_keytab_entry has no key or keyblock member
+#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
+
+#endif /* HAVE_KRB5 */
+
+#include "krb5_protos.h"
+
+#endif /* _HEADER_smb_krb5_h */
*/
#include "includes.h"
+#include "smb_krb5.h"
/*
build a ADS_STATUS structure
#include "includes.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
#ifndef __LIBNET_H__
#define __LIBNET_H__
+#include "smb_krb5.h"
#include "libnet/libnet_keytab.h"
#include "libnet/libnet_samsync.h"
#include "libnet/libnet_dssync.h"
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
static const struct {
int prot;
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
-/* this file uses DEPRECATED interfaces! */
-
#include "includes.h"
+#include "smb_krb5.h"
#ifdef HAVE_KRB5
#include "includes.h"
#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
/*
generate a negTokenInit packet given a GUID, a list of supported
#include "../librpc/gen_ndr/ndr_schannel.h"
#include "../libcli/auth/schannel.h"
#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
#include "utils/ntlm_auth.h"
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
#include <iniparser.h>
#ifndef PAM_WINBIND_CONFIG_FILE
#include "includes.h"
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
+#include "smb_krb5.h"
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/cli_samr.h"
+#include "smb_krb5.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
git.samba.org / samba.git / commitdiff