return heim_initlog(context->hcontext, program, fac);
}
+struct krb5_addlog_func_wrapper {
+ krb5_context context;
+ krb5_log_log_func_t log_func;
+ krb5_log_close_func_t close_func;
+ void *data;
+};
+
+static void HEIM_CALLCONV krb5_addlog_func_wrapper_log(heim_context hcontext,
+ const char *prefix,
+ const char *msg,
+ void *data)
+{
+ struct krb5_addlog_func_wrapper *w =
+ (struct krb5_addlog_func_wrapper *)data;
+
+ w->log_func(w->context,
+ prefix,
+ msg,
+ w->data);
+}
+
+static void HEIM_CALLCONV krb5_addlog_func_wrapper_close(void *data)
+{
+ struct krb5_addlog_func_wrapper *w =
+ (struct krb5_addlog_func_wrapper *)data;
+
+ w->close_func(w->data);
+ free(w);
+}
+
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addlog_func(krb5_context context,
- krb5_log_facility *fac,
- int min,
- int max,
- krb5_log_log_func_t log_func,
- krb5_log_close_func_t close_func,
- void *data)
- KRB5_DEPRECATED_FUNCTION("Use X instead")
+ krb5_log_facility *fac,
+ int min,
+ int max,
+ krb5_log_log_func_t log_func,
+ krb5_log_close_func_t close_func,
+ void *data)
{
- return ENOTSUP;
+ struct krb5_addlog_func_wrapper *w = NULL;
+
+ w = calloc(1, sizeof(*w));
+ if (w == NULL)
+ return heim_enomem(context->hcontext);
+
+ w->context = context;
+ w->log_func = log_func;
+ w->close_func = close_func;
+ w->data = data;
+
+ return heim_addlog_func(context->hcontext, fac, min, max,
+ krb5_addlog_func_wrapper_log,
+ krb5_addlog_func_wrapper_close,
+ w);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
lib/roken/socket.c
lib/roken/roken_gethostby.c
lib/roken/mkostemp.c
+ lib/roken/getuserinfo.c
'''
HEIMDAL_LIBRARY('roken',
if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
+ HEIMDAL_ERRTABLE('HEIMDAL_NEGOEX_ERR_ET', 'lib/gssapi/spnego/negoex_err.et')
HEIMDAL_ERRTABLE('HEIMDAL_GKRB5_ERR_ET', 'lib/gssapi/krb5/gkrb5_err.et')
HEIMDAL_ASN1('HEIMDAL_GSSAPI_ASN1',
lib/gssapi/spnego/context_stubs.c
lib/gssapi/spnego/cred_stubs.c
lib/gssapi/spnego/accept_sec_context.c
+ lib/gssapi/spnego/negoex_ctx.c
+ lib/gssapi/spnego/negoex_err.c
+ lib/gssapi/spnego/negoex_util.c
'''
HEIMDAL_AUTOPROTO_PRIVATE('lib/gssapi/spnego/spnego-private.h',
HEIMDAL_GSSAPI_KRB5_SOURCE = '''
lib/gssapi/krb5/copy_ccache.c
lib/gssapi/krb5/delete_sec_context.c
+ lib/gssapi/krb5/duplicate_cred.c
lib/gssapi/krb5/init_sec_context.c
lib/gssapi/krb5/context_time.c
lib/gssapi/krb5/init.c
lib/gssapi/krb5/aeap.c
lib/gssapi/krb5/pname_to_uid.c
lib/gssapi/krb5/authorize_localname.c
+ lib/gssapi/krb5/gkrb5_err.c
'''
HEIMDAL_AUTOPROTO_PRIVATE('lib/gssapi/krb5/gsskrb5-private.h',
HEIMDAL_GSSAPI_KRB5_SOURCE)
+ HEIMDAL_GSSAPI_MECH_SOURCE = '''
+ lib/gssapi/mech/cred.c
+ lib/gssapi/mech/context.c
+ lib/gssapi/mech/gss_krb5.c
+ lib/gssapi/mech/gss_mech_switch.c
+ lib/gssapi/mech/gss_process_context_token.c
+ lib/gssapi/mech/gss_buffer_set.c
+ lib/gssapi/mech/gss_aeap.c
+ lib/gssapi/mech/gss_add_cred.c
+ lib/gssapi/mech/gss_add_cred_from.c
+ lib/gssapi/mech/gss_acquire_cred_from.c
+ lib/gssapi/mech/gss_cred.c
+ lib/gssapi/mech/gss_add_oid_set_member.c
+ lib/gssapi/mech/gss_compare_name.c
+ lib/gssapi/mech/gss_release_oid_set.c
+ lib/gssapi/mech/gss_create_empty_oid_set.c
+ lib/gssapi/mech/gss_decapsulate_token.c
+ lib/gssapi/mech/gss_inquire_cred_by_oid.c
+ lib/gssapi/mech/gss_canonicalize_name.c
+ lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
+ lib/gssapi/mech/gss_inquire_names_for_mech.c
+ lib/gssapi/mech/gss_inquire_mechs_for_name.c
+ lib/gssapi/mech/gss_wrap_size_limit.c
+ lib/gssapi/mech/gss_names.c
+ lib/gssapi/mech/gss_verify.c
+ lib/gssapi/mech/gss_display_name.c
+ lib/gssapi/mech/gss_duplicate_oid.c
+ lib/gssapi/mech/gss_duplicate_cred.c
+ lib/gssapi/mech/gss_display_status.c
+ lib/gssapi/mech/gss_release_buffer.c
+ lib/gssapi/mech/gss_release_oid.c
+ lib/gssapi/mech/gss_test_oid_set_member.c
+ lib/gssapi/mech/gss_release_cred.c
+ lib/gssapi/mech/gss_set_sec_context_option.c
+ lib/gssapi/mech/gss_export_name.c
+ lib/gssapi/mech/gss_seal.c
+ lib/gssapi/mech/gss_acquire_cred.c
+ lib/gssapi/mech/gss_unseal.c
+ lib/gssapi/mech/gss_verify_mic.c
+ lib/gssapi/mech/gss_accept_sec_context.c
+ lib/gssapi/mech/gss_inquire_cred_by_mech.c
+ lib/gssapi/mech/gss_indicate_mechs.c
+ lib/gssapi/mech/gss_delete_sec_context.c
+ lib/gssapi/mech/gss_sign.c
+ lib/gssapi/mech/gss_utils.c
+ lib/gssapi/mech/gss_init_sec_context.c
+ lib/gssapi/mech/gss_oid_equal.c
+ lib/gssapi/mech/gss_oid.c
+ lib/gssapi/mech/gss_oid_to_str.c
+ lib/gssapi/mech/gss_mo.c
+ lib/gssapi/mech/gss_context_time.c
+ lib/gssapi/mech/gss_encapsulate_token.c
+ lib/gssapi/mech/gss_get_mic.c
+ lib/gssapi/mech/gss_import_sec_context.c
+ lib/gssapi/mech/gss_inquire_cred.c
+ lib/gssapi/mech/gss_wrap.c
+ lib/gssapi/mech/gss_import_name.c
+ lib/gssapi/mech/gss_duplicate_name.c
+ lib/gssapi/mech/gss_unwrap.c
+ lib/gssapi/mech/gss_export_sec_context.c
+ lib/gssapi/mech/gss_inquire_context.c
+ lib/gssapi/mech/gss_release_name.c
+ lib/gssapi/mech/gss_set_cred_option.c
+ lib/gssapi/mech/gss_pseudo_random.c
+ lib/gssapi/mech/gssspi_exchange_meta_data.c
+ lib/gssapi/mech/gssspi_query_mechanism_info.c
+ lib/gssapi/mech/gssspi_query_meta_data.c
+ ../heimdal_build/gssapi-glue.c
+ '''
+
HEIMDAL_LIBRARY('gssapi',
- HEIMDAL_GSSAPI_SPNEGO_SOURCE + HEIMDAL_GSSAPI_KRB5_SOURCE + '''
- lib/gssapi/mech/context.c lib/gssapi/mech/gss_krb5.c lib/gssapi/mech/gss_mech_switch.c
- lib/gssapi/mech/gss_process_context_token.c lib/gssapi/mech/gss_buffer_set.c
- lib/gssapi/mech/gss_aeap.c lib/gssapi/mech/gss_add_cred.c lib/gssapi/mech/gss_cred.c
- lib/gssapi/mech/gss_add_oid_set_member.c lib/gssapi/mech/gss_compare_name.c lib/gssapi/mech/gss_release_oid_set.c
- lib/gssapi/mech/gss_create_empty_oid_set.c lib/gssapi/mech/gss_decapsulate_token.c lib/gssapi/mech/gss_inquire_cred_by_oid.c
- lib/gssapi/mech/gss_canonicalize_name.c lib/gssapi/mech/gss_inquire_sec_context_by_oid.c lib/gssapi/mech/gss_inquire_names_for_mech.c
- lib/gssapi/mech/gss_inquire_mechs_for_name.c lib/gssapi/mech/gss_wrap_size_limit.c lib/gssapi/mech/gss_names.c
- lib/gssapi/mech/gss_verify.c lib/gssapi/mech/gss_display_name.c
- lib/gssapi/mech/gss_duplicate_oid.c lib/gssapi/mech/gss_display_status.c lib/gssapi/mech/gss_release_buffer.c
- lib/gssapi/mech/gss_release_oid.c lib/gssapi/mech/gss_test_oid_set_member.c
- lib/gssapi/mech/gss_release_cred.c
- lib/gssapi/mech/gss_set_sec_context_option.c lib/gssapi/mech/gss_export_name.c lib/gssapi/mech/gss_seal.c
- lib/gssapi/mech/gss_acquire_cred.c lib/gssapi/mech/gss_unseal.c lib/gssapi/mech/gss_verify_mic.c
- lib/gssapi/mech/gss_accept_sec_context.c lib/gssapi/mech/gss_inquire_cred_by_mech.c lib/gssapi/mech/gss_indicate_mechs.c
- lib/gssapi/mech/gss_delete_sec_context.c lib/gssapi/mech/gss_sign.c lib/gssapi/mech/gss_utils.c
- lib/gssapi/mech/gss_init_sec_context.c lib/gssapi/mech/gss_oid_equal.c lib/gssapi/mech/gss_oid.c
- lib/gssapi/mech/gss_oid_to_str.c lib/gssapi/mech/gss_mo.c
- lib/gssapi/mech/gss_context_time.c lib/gssapi/mech/gss_encapsulate_token.c lib/gssapi/mech/gss_get_mic.c
- lib/gssapi/mech/gss_import_sec_context.c lib/gssapi/mech/gss_inquire_cred.c lib/gssapi/mech/gss_wrap.c
- lib/gssapi/mech/gss_import_name.c lib/gssapi/mech/gss_duplicate_name.c lib/gssapi/mech/gss_unwrap.c
- lib/gssapi/mech/gss_export_sec_context.c lib/gssapi/mech/gss_inquire_context.c lib/gssapi/mech/gss_release_name.c
- lib/gssapi/mech/gss_set_cred_option.c lib/gssapi/mech/gss_pseudo_random.c ../heimdal_build/gssapi-glue.c''',
- includes='../heimdal/lib/gssapi ../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech',
+ HEIMDAL_GSSAPI_SPNEGO_SOURCE +
+ HEIMDAL_GSSAPI_KRB5_SOURCE +
+ HEIMDAL_GSSAPI_MECH_SOURCE,
+ includes='../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech',
+ cflags_end=bld.env.HEIMDAL_PICKY_PERMIT_IMPLICIT_FALLTHROUGH_CFLAGS,
deps='hcrypto asn1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_GSSAPI_ASN1 roken krb5 com_err wind heimbase',
vnum='2.0.0',
version_script='lib/gssapi/version-script.map',
HEIMDAL_ERRTABLE('HEIMDAL_K5E1_ERR_ET', 'lib/krb5/k5e1_err.et')
+ HEIMDAL_ERRTABLE('HEIMDAL_KX509_ERR_ET', 'lib/krb5/kx509_err.et')
+
HEIMDAL_ERRTABLE('HEIMDAL_HEIM_ERR_ET', 'lib/base/heim_err.et')
KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list(
store.c store-int.c store_emem.c store_fd.c
store_mem.c store_stdio.c ticket.c time.c transited.c
version.c warn.c krb5_err.c sp800-108-kdf.c
- aname_to_localname.c kuserok.c
+ aname_to_localname.c kuserok.c kx509.c
+ mk_cred.c kx509_err.c
k524_err.c krb_err.c k5e1_err.c''')] + ["../heimdal_build/krb5-glue.c"]
HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,
version_script='lib/krb5/version-script.map',
includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include',
+<<<<<<< HEAD
deps='roken wind asn1 hx509 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT',
+=======
+ deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT',
+ cflags_end=bld.env.HEIMDAL_PICKY_PERMIT_IMPLICIT_FALLTHROUGH_CFLAGS +['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(),
+ #cflags_end=bld.dynconfig_cflags('LOCALSTATEDIR'),
+>>>>>>> 4aaa171a2632... SPLIT...
vnum='26.0.0',
)
KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c']
)
if not bld.CONFIG_SET('USING_SYSTEM_HEIMBASE'):
- HEIMBASE_SOURCE = '''
+ HEIMBASE_SOURCE_COMMON = '''
lib/base/array.c
lib/base/bool.c
lib/base/bsearch.c
lib/base/json.c
lib/base/heim_err.c
'''
+ HEIMBASE_SOURCE = HEIMBASE_SOURCE_COMMON + '''
+ lib/base/config_file.c
+ lib/base/context.c
+ lib/base/expand_path.c
+ lib/base/log.c
+ lib/base/plugin.c
+ lib/base/warn.c
+ '''
HEIMDAL_AUTOPROTO('lib/base/heimbase-protos.h',
HEIMBASE_SOURCE,
group='hostcc_build_source')
HEIMBASE_SOURCE,
includes='../heimdal/lib/base ../heimdal/include ../heimdal/lib/krb5',
deps='roken replace com_err',
+ #cflags_end=bld.dynconfig_cflags('LOCALSTATEDIR'),
+ cflags_end=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(),
version_script='lib/base/version-script.map',
vnum='1.0.0',
)
- HEIMBASE_HOSTCC_SOURCE = HEIMBASE_SOURCE + '''
+ HEIMBASE_HOSTCC_SOURCE = HEIMBASE_SOURCE_COMMON + '''
lib/com_err/com_err.c
lib/com_err/error.c
'''
irpc_handle, &req);
}
-static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
+static krb5_error_code hdb_samba4_auth_status(krb5_context context,
+ HDB *db,
hdb_entry_ex *entry,
- struct sockaddr *from_addr,
- struct timeval *start_time,
+ const struct timeval *start_time,
+ const struct sockaddr *from_addr,
const char *original_client_name,
- const char *auth_type,
- int hdb_auth_status)
+ int hdb_auth_status,
+ const char *auth_details,
+ const char *pa_type)
{
struct samba_kdc_db_context *kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
},
.service_description = "Kerberos KDC",
.auth_description = "ENC-TS Pre-authentication",
- .password_type = auth_type,
+ .password_type = auth_details,
.logon_id = logon_id
};
}
case HDB_AUTH_INVALID_SIGNATURE:
break;
+ case HDB_AUTH_CLIENT_LOCKED_OUT:
case HDB_AUTH_CORRECT_PASSWORD:
case HDB_AUTH_WRONG_PASSWORD:
+ case HDB_AUTH_GENERIC_SUCCESS:
+ case HDB_AUTH_GENERIC_FAILURE:
+ case HDB_AUTH_PKINIT_SUCCESS:
+ case HDB_AUTH_PKINIT_FAILURE:
{
TALLOC_CTX *frame = talloc_stackframe();
struct samba_kdc_entry *p = talloc_get_type(entry->ctx,
if (kdc_db_ctx->rodc) {
send_bad_password_netlogon(frame, kdc_db_ctx, &ui);
}
- } else {
+ } else if (hdb_auth_status == HDB_AUTH_CLIENT_LOCKED_OUT) {
+ status = NT_STATUS_ACCOUNT_LOCKED_OUT;
+ } else if (hdb_auth_status == HDB_AUTH_CORRECT_PASSWORD) {
+ status = NT_STATUS_OK;
+ } else if (hdb_auth_status == HDB_AUTH_GENERIC_SUCCESS) {
status = NT_STATUS_OK;
+ } else if (hdb_auth_status == HDB_AUTH_GENERIC_FAILURE) {
+ status = NT_STATUS_NO_KERB_KEY;
+ status = NT_STATUS_UNSUPPORTED_PREAUTH;
+ status = NT_STATUS_LOGON_FAILURE;
+ } else if (hdb_auth_status == HDB_AUTH_PKINIT_SUCCESS) {
+ status = NT_STATUS_OK;
+ } else if (hdb_auth_status == HDB_AUTH_PKINIT_FAILURE) {
+ status = NT_STATUS_PKINIT_FAILURE;
+ } else {
+ status = NT_STATUS_INTERNAL_ERROR;
}
log_authentication_event(kdc_db_ctx->msg_ctx,