diff options
| author | Günther Deschner <gd@samba.org> | 2015-10-02 04:23:59 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2015-10-02 07:29:43 +0200 |
| commit | 6755376cedaf0c88230b47e04c584c7d9fce13e3 (patch) | |
| tree | d7147132cd6e1863cd048550f1fbf3332f834c16 | |
| parent | e524ab9f7ee9f4aff50dd5bc42312f9000bf1c6e (diff) | |
| download | samba-6755376cedaf0c88230b47e04c584c7d9fce13e3.tar.gz | |
kerberos: make sure we only use prompter type when available.
We also verified that we cannot simply remove the prompter as several older
versions of Heimdal would crash.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct 2 07:29:43 CEST 2015 on sn-devel-104
| -rw-r--r-- | source3/libads/kerberos.c | 12 | ||||
| -rwxr-xr-x | source4/heimdal_build/wscript_configure | 1 | ||||
| -rw-r--r-- | wscript_configure_system_mitkrb5 | 2 |
3 files changed, 14 insertions, 1 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 7fe864bf96e..9a7a1e70b1d 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -47,6 +47,16 @@ kerb_prompter(krb5_context ctx, void *data, krb5_prompt prompts[]) { if (num_prompts == 0) return 0; +#if HAVE_KRB5_PROMPT_TYPE + + /* + * only heimdal has a prompt type and we need to deal with it here to + * avoid loops. + * + * removing the prompter completely is not an option as at least these + * versions would crash: heimdal-1.0.2 and heimdal-1.1. Later heimdal + * version have looping detection and return with a proper error code. + */ if ((num_prompts == 2) && (prompts[0].type == KRB5_PROMPT_TYPE_NEW_PASSWORD) && @@ -63,7 +73,7 @@ kerb_prompter(krb5_context ctx, void *data, */ return KRB5KDC_ERR_KEY_EXPIRED; } - +#endif /* HAVE_KRB5_PROMPT_TYPE */ memset(prompts[0].reply->data, '\0', prompts[0].reply->length); if (prompts[0].reply->length > 0) { if (data) { diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index 710a53de85a..2635b8aeb73 100755 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -168,6 +168,7 @@ conf.define('HAVE_KRB5_PRINCIPAL_SET_REALM', 1) conf.define('HAVE_KRB5_PRINCIPAL_SET_TYPE', 1) conf.define('HAVE_KRB5_PRINCIPAL_GET_TYPE', 1) conf.define('HAVE_KRB5_WARNX', 1) +conf.define('HAVE_KRB5_PROMPT_TYPE', 1) heimdal_includedirs = [] heimdal_libdirs = [] diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5 index 351e9d83a6d..4b3a69fa344 100644 --- a/wscript_configure_system_mitkrb5 +++ b/wscript_configure_system_mitkrb5 @@ -137,6 +137,8 @@ conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h', define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS') conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h', define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ') +conf.CHECK_STRUCTURE_MEMBER('krb5_prompt', 'type', headers='krb5.h', + define='HAVE_KRB5_PROMPT_TYPE') conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h') |