AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt);
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt);
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#if defined(HAVE_KRB5_LOCATE_KDC)
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#endif
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
krb5_context context,
#endif
}
-#if !defined(HAVE_KRB5_LOCATE_KDC)
-
-/* krb5_locate_kdc is an internal MIT symbol. MIT are not yet willing to commit
- * to a public interface for this functionality, so we have to be able to live
- * without it if the MIT libraries are hiding their internal symbols.
- */
-
-#if defined(KRB5_KRBHST_INIT)
-/* Heimdal */
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters)
-{
- krb5_krbhst_handle hnd;
- krb5_krbhst_info *hinfo;
- krb5_error_code rc;
- int num_kdcs, i;
- struct sockaddr *sa;
- struct addrinfo *ai;
-
- *addr_pp = NULL;
- *naddrs = 0;
-
- rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd);
- if (rc) {
- DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc)));
- return rc;
- }
-
- for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++)
- ;
-
- krb5_krbhst_reset(ctx, hnd);
-
- if (!num_kdcs) {
- DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n"));
- krb5_krbhst_free(ctx, hnd);
- return -1;
- }
-
- sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs );
- if (!sa) {
- DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n"));
- krb5_krbhst_free(ctx, hnd);
- naddrs = 0;
- return -1;
- }
-
- memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs );
-
- for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) {
-
-#if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO)
- rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai);
- if (rc) {
- DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n", error_message(rc)));
- continue;
- }
-#endif
- if (hinfo->ai && hinfo->ai->ai_family == AF_INET)
- memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr));
- }
-
- krb5_krbhst_free(ctx, hnd);
-
- *naddrs = num_kdcs;
- *addr_pp = sa;
- return 0;
-}
-
-#else /* ! defined(KRB5_KRBHST_INIT) */
-
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
- struct sockaddr **addr_pp, int *naddrs, int get_masters)
-{
- DEBUG(0, ("unable to explicitly locate the KDC on this platform\n"));
- return KRB5_KDC_UNREACH;
-}
-
-#endif /* KRB5_KRBHST_INIT */
-
-#else /* ! HAVE_KRB5_LOCATE_KDC */
-
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
- struct sockaddr **addr_pp, int *naddrs, int get_masters)
-{
- return krb5_locate_kdc(ctx, realm, addr_pp, naddrs, get_masters);
-}
-
-#endif /* HAVE_KRB5_LOCATE_KDC */
-
#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
void krb5_free_unparsed_name(krb5_context context, char *val)
{
#ifdef HAVE_KRB5
krb5_error_code rc;
krb5_context ctx;
- struct sockaddr_in *addrs;
- int num_kdcs,i;
- krb5_data realm;
- char **realms;
+ struct ip_service *kdcs;
+ const char *realm;
+ int num_kdcs = 0;
+ int i;
+ NTSTATUS status;
initialize_krb5_error_table();
rc = krb5_init_context(&ctx);
return -1;
}
- if (argc>0) {
- realm.data = CONST_DISCARD(char *, argv[0]);
- realm.length = strlen(argv[0]);
+ if (argc > 0) {
+ realm = argv[0];
} else if (lp_realm() && *lp_realm()) {
- realm.data = lp_realm();
- realm.length = strlen((const char *)realm.data);
+ realm = lp_realm();
} else {
+ char **realms;
+
rc = krb5_get_host_realm(ctx, NULL, &realms);
if (rc) {
DEBUG(1,("krb5_gethost_realm failed (%s)\n",
error_message(rc)));
return -1;
}
- realm.data = (char *) *realms;
- realm.length = strlen((const char *)realm.data);
+ realm = (const char *) *realms;
}
- rc = smb_krb5_locate_kdc(ctx, &realm, (struct sockaddr **)(void *)&addrs, &num_kdcs, 0);
- if (rc) {
- DEBUG(1, ("smb_krb5_locate_kdc failed (%s)\n", error_message(rc)));
+ status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status)));
return -1;
}
- for (i=0;i<num_kdcs;i++)
- if (addrs[i].sin_family == AF_INET)
- d_printf("%s:%hd\n", inet_ntoa(addrs[i].sin_addr),
- ntohs(addrs[i].sin_port));
- return 0;
+ for (i = 0; i < num_kdcs; i++) {
+ char addr[INET6_ADDRSTRLEN];
+
+ print_sockaddr(addr, sizeof(addr), &kdcs[i].ss);
+
+ d_printf("%s:%hd\n", addr, kdcs[i].port);
+ }
+
+ return 0;
#endif
DEBUG(1, ("No kerberos support\n"));
return -1;
krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype
krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
-krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes
+krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
krb5_get_default_in_tkt_etypes krb5_free_data_contents
krb5_principal_get_comp_string krb5_free_unparsed_name
krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init