Adapt sign_authdata in our KDB module for krb5 v1.18

author Isaac Boukris <iboukris@gmail.com>

Mon, 16 Sep 2019 13:40:12 +0000 (16:40 +0300)

committer Isaac Boukris <iboukris@sn-devel-184>

Tue, 10 Mar 2020 13:02:27 +0000 (13:02 +0000)
author Isaac Boukris <iboukris@gmail.com>
Mon, 16 Sep 2019 13:40:12 +0000 (16:40 +0300)
committer Isaac Boukris <iboukris@sn-devel-184>
Tue, 10 Mar 2020 13:02:27 +0000 (13:02 +0000)
diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c

index c5157d6ed1b9f55a6467b13eb20a9a857e706c37..02bbdca9f548b90d37f2c2966f24a8f4d556bcc2 100644 (file)
--- a/source4/kdc/mit-kdb/kdb_samba.c
+++ b/source4/kdc/mit-kdb/kdb_samba.c
@@ -139,7 +139,7 @@ static void kdb_samba_db_free_principal_e_data(krb5_context context,
  
  kdb_vftabl kdb_function_table = {
         .maj_ver                   = KRB5_KDB_DAL_MAJOR_VERSION,
-       .min_ver                   = 1,
+       .min_ver                   = KRB5_KDB_DAL_MAJOR_VERSION == 6 ? 1 : 0,
  
         .init_library              = kdb_samba_init_library,
         .fini_library              = kdb_samba_fini_library,
diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h

index 22ef9085b6ada143bfcca0208af069ecf77df2ba..ad4f6e2757398b6fdd02b9533292d607274f6aa2 100644 (file)
--- a/source4/kdc/mit-kdb/kdb_samba.h
+++ b/source4/kdc/mit-kdb/kdb_samba.h
@@ -114,6 +114,7 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
  
  /* from kdb_samba_policies.c */
  
+#if KRB5_KDB_API_VERSION < 10
  krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
                                             unsigned int flags,
                                             krb5_const_principal client_princ,
@@ -127,6 +128,26 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
                                             krb5_timestamp authtime,
                                             krb5_authdata **tgt_auth_data,
                                             krb5_authdata ***signed_auth_data);
+#else
+krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+                                           unsigned int flags,
+                                           krb5_const_principal client_princ,
+                                           krb5_const_principal server_princ,
+                                           krb5_db_entry *client,
+                                           krb5_db_entry *server,
+                                           krb5_db_entry *krbtgt,
+                                           krb5_db_entry *local_krbtgt,
+                                           krb5_keyblock *client_key,
+                                           krb5_keyblock *server_key,
+                                           krb5_keyblock *krbtgt_key,
+                                           krb5_keyblock *local_krbtgt_key,
+                                           krb5_keyblock *session_key,
+                                           krb5_timestamp authtime,
+                                           krb5_authdata **tgt_auth_data,
+                                           void *authdata_info,
+                                           krb5_data ***auth_indicators,
+                                           krb5_authdata ***signed_auth_data);
+#endif
  
  krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
                                              krb5_kdc_req *kdcreq,
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c

index fc80329f2216ec45b1e059d7663ad05f04e434df..586cf81451dbc4e20b93ed407d7af8962b80f724 100644 (file)
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -287,6 +287,7 @@ done:
         return code;
  }
  
+#if KRB5_KDB_API_VERSION < 10
  krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
                                             unsigned int flags,
                                             krb5_const_principal client_princ,
@@ -301,6 +302,27 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
                                             krb5_authdata **tgt_auth_data,
                                             krb5_authdata ***signed_auth_data)
  {
+#else
+krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+                                           unsigned int flags,
+                                           krb5_const_principal client_princ,
+                                           krb5_const_principal server_princ,
+                                           krb5_db_entry *client,
+                                           krb5_db_entry *server,
+                                           krb5_db_entry *krbtgt,
+                                           krb5_db_entry *local_krbtgt,
+                                           krb5_keyblock *client_key,
+                                           krb5_keyblock *server_key,
+                                           krb5_keyblock *krbtgt_key,
+                                           krb5_keyblock *local_krbtgt_key,
+                                           krb5_keyblock *session_key,
+                                           krb5_timestamp authtime,
+                                           krb5_authdata **tgt_auth_data,
+                                           void *authdata_info,
+                                           krb5_data ***auth_indicators,
+                                           krb5_authdata ***signed_auth_data)
+{
+#endif
         krb5_const_principal ks_client_princ;
         krb5_authdata **authdata = NULL;
         krb5_boolean is_as_req;
@@ -308,6 +330,11 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
         krb5_pac pac = NULL;
         krb5_data pac_data;
  
+#if KRB5_KDB_API_VERSION >= 10
+       krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
+       krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
+#endif
+
         /* Prefer canonicalised name from client entry */
         if (client != NULL) {
                 ks_client_princ = client->princ;
author	Isaac Boukris <iboukris@gmail.com>
	Mon, 16 Sep 2019 13:40:12 +0000 (16:40 +0300)
committer	Isaac Boukris <iboukris@sn-devel-184>
	Tue, 10 Mar 2020 13:02:27 +0000 (13:02 +0000)
source4/kdc/mit-kdb/kdb_samba.c		patch \| blob \| blame \| history
source4/kdc/mit-kdb/kdb_samba.h		patch \| blob \| blame \| history
source4/kdc/mit-kdb/kdb_samba_policies.c		patch \| blob \| blame \| history