From patchwork Wed Mar 31 16:13:40 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Torsten Kurbad <samba-technical@tk-webart.de>
X-Patchwork-Id: 89983
Received: from lists.samba.org (fn.samba.org [216.83.154.106])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o2VGKR1V010774
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 31 Mar 2010 16:21:03 GMT
Received: from fn.samba.org (localhost [127.0.0.1])
	by lists.samba.org (Postfix) with ESMTP id B8C7EAD0D4;
	Wed, 31 Mar 2010 10:20:27 -0600 (MDT)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fn.samba.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=3.8 tests=AWL,BAYES_00,LONGWORDS,
	RCVD_NUMERIC_HELO autolearn=no version=3.2.5
X-Original-To: linux-cifs-client@lists.samba.org
Delivered-To: linux-cifs-client@lists.samba.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Wed, 31 Mar 2010 16:21:05 +0000 (UTC)
X-Greylist: delayed 401 seconds by postgrey-1.32 at fn.samba.org;
	Wed, 31 Mar 2010 10:20:23 MDT
Received: from mail.cldns.de (mail.cldns.de [217.115.147.25])
	by lists.samba.org (Postfix) with SMTP id 0523FAC598
	for <linux-cifs-client@lists.samba.org>;
	Wed, 31 Mar 2010 10:20:22 -0600 (MDT)
Received: (qmail 2843 invoked by uid 0); 31 Mar 2010 16:13:40 -0000
Received: from 134.2.190.254 ([134.2.190.254])
	by mail.cldns.de ([217.115.147.25])
	with ESMTP via SSL; 31 Mar 2010 16:13:40 -0000
Date: Wed, 31 Mar 2010 18:13:40 +0200
From: Torsten Kurbad <samba-technical@tk-webart.de>
To: jlayton@samba.org
Message-ID: <20100331181340.17466c86@atalante.iwm-kmrc.de>
Organization: TK WebArt
X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.9; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Cc: linux-cifs-client@lists.samba.org
Subject: [linux-cifs-client] Patch to get cifs.upcall to compile with Heimdal
X-BeenThere: linux-cifs-client@lists.samba.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Linux CIFS VFS client <linux-cifs-client.lists.samba.org>
List-Unsubscribe: <https://lists.samba.org/mailman/options/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/pipermail/linux-cifs-client>
List-Post: <mailto:linux-cifs-client@lists.samba.org>
List-Help: <mailto:linux-cifs-client-request@lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=subscribe>
Sender: linux-cifs-client-bounces@lists.samba.org
Errors-To: linux-cifs-client-bounces@lists.samba.org


diff -urN cifs-utils-4.1.orig//cifs.upcall.c cifs-utils-4.1//cifs.upcall.c
--- cifs-utils-4.1.orig//cifs.upcall.c	2010-03-23 14:47:07.000000000 +0100
+++ cifs-utils-4.1//cifs.upcall.c	2010-03-31 17:53:39.425556256 +0200
@@ -31,7 +31,11 @@
 
 #include <string.h>
 #include <getopt.h>
+#ifdef HAVE_KRB5_KRB5_H
 #include <krb5/krb5.h>
+#elif defined(HAVE_KRB5_H)
+#include <krb5.h>
+#endif
 #include <syslog.h>
 #include <dirent.h>
 #include <sys/types.h>
@@ -275,7 +279,8 @@
 		goto out_free_principal;
 	}
 
-	in_creds.keyblock.enctype = 0;
+	/* Removed to support Heimdal */
+	// in_creds.keyblock.enctype = 0; */
 	ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);
 	krb5_free_principal(context, in_creds.server);
 	if (ret) {
@@ -294,7 +299,11 @@
 		goto out_free_creds;
 	}
 
+#ifdef HAVE_KRB5_AUTH_CON_GETSENDSUBKEY
 	ret = krb5_auth_con_getsendsubkey(context, auth_context, &tokb);
+#else
+	ret = krb5_auth_con_getlocalsubkey(context, auth_context, &tokb);
+#endif
 	if (ret) {
 		syslog(LOG_DEBUG, "%s: unable to get session key for %s",
 				__func__, principal);
@@ -302,7 +311,12 @@
 	}
 
 	*mechtoken = data_blob(apreq_pkt.data, apreq_pkt.length);
+
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
+	*sess_key = data_blob(tokb->keyvalue.data, tokb->keyvalue.length);
+#else /* MIT */
 	*sess_key = data_blob(tokb->contents, tokb->length);
+#endif
 
 	krb5_free_keyblock(context, tokb);
 out_free_creds:
diff -urN cifs-utils-4.1.orig//configure.ac cifs-utils-4.1//configure.ac
--- cifs-utils-4.1.orig//configure.ac	2010-03-23 14:47:07.000000000 +0100
+++ cifs-utils-4.1//configure.ac	2010-03-31 17:54:31.847532077 +0200
@@ -25,15 +25,39 @@
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h limits.h mntent.h netdb.h stddef.h stdint.h stdlib.h string.h strings.h sys/mount.h sys/param.h sys/socket.h sys/time.h syslog.h unistd.h], , [AC_MSG_ERROR([necessary header(s) not found])])
 
 if test $enable_cifsupcall != "no"; then
-	AC_CHECK_HEADERS([krb5/krb5.h], ,[
-				if test "$enable_cifsupcall" = "yes"; then
-					AC_MSG_ERROR([krb5/krb5.h not found, consider installing krb5-libs-devel.])
-				else
-					AC_MSG_WARN([krb5/krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall.])
-					enable_cifsupcall="no"
-				fi
-			])
+	AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
+	if test x$ac_cv_header_krb5_krb5_h != xyes ; then
+		if test x$ac_cv_header_krb5_h != xyes ; then
+			if test "$enable_cifsupcall" = "yes"; then
+				AC_MSG_ERROR([krb5.h not found, consider installing krb5-libs-devel.])
+			else
+				AC_MSG_WARN([krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall.])
+				enable_cifsupcall="no"
+			fi
+		fi
+	fi
+fi
+
+if test $enable_cifsupcall != "no"; then
+	if test x$ac_cv_header_krb5_krb5_h = xyes ; then
+		krb5_include="#include <krb5/krb5.h>"
+	fi
+	if test x$ac_cv_header_krb5_h = xyes ; then
+		krb5_include="#include <krb5.h>"
+	fi
+
+	AC_CACHE_CHECK([for keyvalue in krb5_keyblock],
+		[ac_cv_have_krb5_keyblock_keyvalue],[
+			AC_TRY_COMPILE([$krb5_include],
+			[krb5_keyblock key; key.keyvalue.data = NULL;],
+			ac_cv_have_krb5_keyblock_keyvalue=yes,
+			ac_cv_have_krb5_keyblock_keyvalue=no)])
+	if test x"$ac_cv_have_krb5_keyblock_keyvalue" = x"yes" ; then
+		AC_DEFINE(HAVE_KRB5_KEYBLOCK_KEYVALUE,1,
+			[Whether the krb5_keyblock struct has a keyvalue property])
+	fi
 fi
+
 if test $enable_cifsupcall != "no"; then
 	AC_CHECK_HEADERS([talloc.h], , [
 				if test "$enable_cifsupcall" = "yes"; then
@@ -55,6 +79,10 @@
 			])
 fi
 
+if test $enable_cifsupcall != "no"; then
+	AC_CHECK_LIB([krb5], [krb5_init_context])
+fi
+
 # Checks for typedefs, structures, and compiler characteristics.
 AC_HEADER_STDBOOL
 AC_TYPE_UID_T
@@ -73,6 +101,11 @@
 # check for required functions
 AC_CHECK_FUNCS([alarm atexit endpwent getmntent getpass gettimeofday inet_ntop memset realpath setenv strchr strdup strerror strncasecmp strndup strpbrk strrchr strstr strtol strtoul uname], , [AC_MSG_ERROR([necessary functions(s) not found])])
 
+# determine whether we can use MIT's new 'krb5_auth_con_getsendsubkey' to extract the signing key
+if test $enable_cifsupcall != "no"; then
+	AC_CHECK_FUNCS([krb5_auth_con_getsendsubkey])
+fi
+
 # non-critical functions (we have workarounds for these)
 if test $enable_cifsupcall != "no"; then
 	AC_CHECK_FUNCS([krb5_principal_get_realm krb5_free_unparsed_name])