The branch, v3-6-test has been updated
via bc593e2 s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
from a9fc50f s3: Fix #9037, BSD has -lmd instead of -lmd5
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit bc593e2ddfb33d88d2b58a0e721d448bbd30426c
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 30 17:58:30 2011 +0100
s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
Signed-off-by: Günther Deschner <g...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Fix bug #9111 - Fix compilation with newer MIT kerberos which hides internal
symbols.
-----------------------------------------------------------------------
Summary of changes:
source3/configure.in | 1 -
source3/include/krb5_protos.h | 4 --
source3/libsmb/clikrb5.c | 89 -----------------------------------------
source3/utils/net_lookup.c | 42 +++++++++++---------
source3/wscript | 2 +-
5 files changed, 24 insertions(+), 114 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index 11cb33d..aae2be0 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3871,7 +3871,6 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_string_to_key_salt, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_setkey, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_setuseruserkey, $KRB5_LIBS)
- AC_CHECK_FUNC_EXT(krb5_locate_kdc, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_permitted_enctypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_get_default_in_tkt_etypes, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_data_contents, $KRB5_LIBS)
diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index 7b53389..55e353d 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -71,10 +71,6 @@ bool setup_kaddr( krb5_address *pkaddr, struct
sockaddr_storage *paddr);
int create_kerberos_key_from_string(krb5_context context, krb5_principal
host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype, bool
no_salt);
bool get_auth_data_from_tkt(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data,
krb5_ticket *tkt);
krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt);
-krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#if defined(HAVE_KRB5_LOCATE_KDC)
-krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
struct sockaddr **addr_pp, int *naddrs, int get_masters);
-#endif
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype
**enctypes);
bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
krb5_context context,
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index b0743e4..7958205 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -488,95 +488,6 @@ bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data,
DATA_BLOB *unwrapped_
#endif
}
-#if !defined(HAVE_KRB5_LOCATE_KDC)
-
-/* krb5_locate_kdc is an internal MIT symbol. MIT are not yet willing to commit
- * to a public interface for this functionality, so we have to be able to live
- * without it if the MIT libraries are hiding their internal symbols.
- */
-
-#if defined(KRB5_KRBHST_INIT)
-/* Heimdal */
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
struct sockaddr **addr_pp, int *naddrs, int get_masters)
-{
- krb5_krbhst_handle hnd;
- krb5_krbhst_info *hinfo;
- krb5_error_code rc;
- int num_kdcs, i;
- struct sockaddr *sa;
- struct addrinfo *ai;
-
- *addr_pp = NULL;
- *naddrs = 0;
-
- rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd);
- if (rc) {
- DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed
(%s)\n", error_message(rc)));
- return rc;
- }
-
- for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0);
num_kdcs++)
- ;
-
- krb5_krbhst_reset(ctx, hnd);
-
- if (!num_kdcs) {
- DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n"));
- krb5_krbhst_free(ctx, hnd);
- return -1;
- }
-
- sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs );
- if (!sa) {
- DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n"));
- krb5_krbhst_free(ctx, hnd);
- naddrs = 0;
- return -1;
- }
-
- memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs );
-
- for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) ==
0); i++) {
-
-#if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO)
- rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai);
- if (rc) {
- DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n",
error_message(rc)));
- continue;
- }
-#endif
- if (hinfo->ai && hinfo->ai->ai_family == AF_INET)
- memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct
sockaddr));
- }
-
- krb5_krbhst_free(ctx, hnd);
-
- *naddrs = num_kdcs;
- *addr_pp = sa;
- return 0;
-}
-
-#else /* ! defined(KRB5_KRBHST_INIT) */
-
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
- struct sockaddr **addr_pp, int *naddrs, int get_masters)
-{
- DEBUG(0, ("unable to explicitly locate the KDC on this platform\n"));
- return KRB5_KDC_UNREACH;
-}
-
-#endif /* KRB5_KRBHST_INIT */
-
-#else /* ! HAVE_KRB5_LOCATE_KDC */
-
- krb5_error_code smb_krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
- struct sockaddr **addr_pp, int *naddrs, int get_masters)
-{
- return krb5_locate_kdc(ctx, realm, addr_pp, naddrs, get_masters);
-}
-
-#endif /* HAVE_KRB5_LOCATE_KDC */
-
#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
void krb5_free_unparsed_name(krb5_context context, char *val)
{
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index 06aedbd..7150254 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -276,10 +276,11 @@ static int net_lookup_kdc(struct net_context *c, int
argc, const char **argv)
#ifdef HAVE_KRB5
krb5_error_code rc;
krb5_context ctx;
- struct sockaddr_in *addrs;
- int num_kdcs,i;
- krb5_data realm;
- char **realms;
+ struct ip_service *kdcs;
+ const char *realm;
+ int num_kdcs = 0;
+ int i;
+ NTSTATUS status;
initialize_krb5_error_table();
rc = krb5_init_context(&ctx);
@@ -289,34 +290,37 @@ static int net_lookup_kdc(struct net_context *c, int
argc, const char **argv)
return -1;
}
- if (argc>0) {
- realm.data = CONST_DISCARD(char *, argv[0]);
- realm.length = strlen(argv[0]);
+ if (argc > 0) {
+ realm = argv[0];
} else if (lp_realm() && *lp_realm()) {
- realm.data = lp_realm();
- realm.length = strlen((const char *)realm.data);
+ realm = lp_realm();
} else {
+ char **realms;
+
rc = krb5_get_host_realm(ctx, NULL, &realms);
if (rc) {
DEBUG(1,("krb5_gethost_realm failed (%s)\n",
error_message(rc)));
return -1;
}
- realm.data = (char *) *realms;
- realm.length = strlen((const char *)realm.data);
+ realm = (const char *) *realms;
}
- rc = smb_krb5_locate_kdc(ctx, &realm, (struct sockaddr **)(void
*)&addrs, &num_kdcs, 0);
- if (rc) {
- DEBUG(1, ("smb_krb5_locate_kdc failed (%s)\n",
error_message(rc)));
+ status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status)));
return -1;
}
- for (i=0;i<num_kdcs;i++)
- if (addrs[i].sin_family == AF_INET)
- d_printf("%s:%hd\n", inet_ntoa(addrs[i].sin_addr),
- ntohs(addrs[i].sin_port));
- return 0;
+ for (i = 0; i < num_kdcs; i++) {
+ char addr[INET6_ADDRSTRLEN];
+
+ print_sockaddr(addr, sizeof(addr), &kdcs[i].ss);
+
+ d_printf("%s:%hd\n", addr, kdcs[i].port);
+ }
+
+ return 0;
#endif
DEBUG(1, ("No kerberos support\n"));
return -1;
diff --git a/source3/wscript b/source3/wscript
index 0d32561..1ea3559 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -639,7 +639,7 @@ msg.msg_acctrightslen = sizeof(fd);
krb5_set_real_time krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
krb5_set_default_tgs_ktypes krb5_principal2salt krb5_use_enctype
krb5_string_to_key krb5_get_pw_salt krb5_string_to_key_salt
krb5_auth_con_setkey
-krb5_auth_con_setuseruserkey krb5_locate_kdc krb5_get_permitted_enctypes
+krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
krb5_get_default_in_tkt_etypes krb5_free_data_contents
krb5_principal_get_comp_string krb5_free_unparsed_name
krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
--
Samba Shared Repository
