The branch, v3-6-test has been updated via bc593e2 s3-libsmb: Remove obsolete smb_krb5_locate_kdc. from a9fc50f s3: Fix #9037, BSD has -lmd instead of -lmd5
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit bc593e2ddfb33d88d2b58a0e721d448bbd30426c Author: Andreas Schneider <a...@samba.org> Date: Wed Nov 30 17:58:30 2011 +0100 s3-libsmb: Remove obsolete smb_krb5_locate_kdc. Signed-off-by: Günther Deschner <g...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> Fix bug #9111 - Fix compilation with newer MIT kerberos which hides internal symbols. ----------------------------------------------------------------------- Summary of changes: source3/configure.in | 1 - source3/include/krb5_protos.h | 4 -- source3/libsmb/clikrb5.c | 89 ----------------------------------------- source3/utils/net_lookup.c | 42 +++++++++++--------- source3/wscript | 2 +- 5 files changed, 24 insertions(+), 114 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 11cb33d..aae2be0 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3871,7 +3871,6 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS) - AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS) diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h index 7b53389..55e353d 100644 --- a/source3/include/krb5_protos.h +++ b/source3/include/krb5_protos.h @@ -71,10 +71,6 @@ bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr); int create_kerberos_key_from_string(krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool no_salt); bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt); krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt); -krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#if defined(HAVE_KRB5_LOCATE_KDC) -krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters); -#endif krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes); bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx, krb5_context context, diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index b0743e4..7958205 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -488,95 +488,6 @@ bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_ #endif } -#if !defined(HAVE_KRB5_LOCATE_KDC) - -/* krb5_locate_kdc is an internal MIT symbol. MIT are not yet willing to commit - * to a public interface for this functionality, so we have to be able to live - * without it if the MIT libraries are hiding their internal symbols. - */ - -#if defined(KRB5_KRBHST_INIT) -/* Heimdal */ - krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters) -{ - krb5_krbhst_handle hnd; - krb5_krbhst_info *hinfo; - krb5_error_code rc; - int num_kdcs, i; - struct sockaddr *sa; - struct addrinfo *ai; - - *addr_pp = NULL; - *naddrs = 0; - - rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd); - if (rc) { - DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc))); - return rc; - } - - for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++) - ; - - krb5_krbhst_reset(ctx, hnd); - - if (!num_kdcs) { - DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n")); - krb5_krbhst_free(ctx, hnd); - return -1; - } - - sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs ); - if (!sa) { - DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n")); - krb5_krbhst_free(ctx, hnd); - naddrs = 0; - return -1; - } - - memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs ); - - for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) { - -#if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO) - rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai); - if (rc) { - DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n", error_message(rc))); - continue; - } -#endif - if (hinfo->ai && hinfo->ai->ai_family == AF_INET) - memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr)); - } - - krb5_krbhst_free(ctx, hnd); - - *naddrs = num_kdcs; - *addr_pp = sa; - return 0; -} - -#else /* ! defined(KRB5_KRBHST_INIT) */ - - krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, - struct sockaddr **addr_pp, int *naddrs, int get_masters) -{ - DEBUG(0, ("unable to explicitly locate the KDC on this platform\n")); - return KRB5_KDC_UNREACH; -} - -#endif /* KRB5_KRBHST_INIT */ - -#else /* ! HAVE_KRB5_LOCATE_KDC */ - - krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, - struct sockaddr **addr_pp, int *naddrs, int get_masters) -{ - return krb5_locate_kdc(ctx, realm, addr_pp, naddrs, get_masters); -} - -#endif /* HAVE_KRB5_LOCATE_KDC */ - #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME) void krb5_free_unparsed_name(krb5_context context, char *val) { diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c index 06aedbd..7150254 100644 --- a/source3/utils/net_lookup.c +++ b/source3/utils/net_lookup.c @@ -276,10 +276,11 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv) #ifdef HAVE_KRB5 krb5_error_code rc; krb5_context ctx; - struct sockaddr_in *addrs; - int num_kdcs,i; - krb5_data realm; - char **realms; + struct ip_service *kdcs; + const char *realm; + int num_kdcs = 0; + int i; + NTSTATUS status; initialize_krb5_error_table(); rc = krb5_init_context(&ctx); @@ -289,34 +290,37 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv) return -1; } - if (argc>0) { - realm.data = CONST_DISCARD(char *, argv[0]); - realm.length = strlen(argv[0]); + if (argc > 0) { + realm = argv[0]; } else if (lp_realm() && *lp_realm()) { - realm.data = lp_realm(); - realm.length = strlen((const char *)realm.data); + realm = lp_realm(); } else { + char **realms; + rc = krb5_get_host_realm(ctx, NULL, &realms); if (rc) { DEBUG(1,("krb5_gethost_realm failed (%s)\n", error_message(rc))); return -1; } - realm.data = (char *) *realms; - realm.length = strlen((const char *)realm.data); + realm = (const char *) *realms; } - rc = smb_krb5_locate_kdc(ctx, &realm, (struct sockaddr **)(void *)&addrs, &num_kdcs, 0); - if (rc) { - DEBUG(1, ("smb_krb5_locate_kdc failed (%s)\n", error_message(rc))); + status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status))); return -1; } - for (i=0;i<num_kdcs;i++) - if (addrs[i].sin_family == AF_INET) - d_printf("%s:%hd\n", inet_ntoa(addrs[i].sin_addr), - ntohs(addrs[i].sin_port)); - return 0; + for (i = 0; i < num_kdcs; i++) { + char addr[INET6_ADDRSTRLEN]; + + print_sockaddr(addr, sizeof(addr), &kdcs[i].ss); + + d_printf("%s:%hd\n", addr, kdcs[i].port); + } + + return 0; #endif DEBUG(1, ("No kerberos support\n")); return -1; diff --git a/source3/wscript b/source3/wscript index 0d32561..1ea3559 100644 --- a/source3/wscript +++ b/source3/wscript @@ -639,7 +639,7 @@ msg.msg_acctrightslen = sizeof(fd); krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey -krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes +krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes krb5_get_default_in_tkt_etypes krb5_free_data_contents krb5_principal_get_comp_string krb5_free_unparsed_name krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init -- Samba Shared Repository