diff options
author | nalin <nalin@517b70f8-ed25-0410-8bf6-f5db08f7b76e> | 2005-11-02 23:10:01 +0000 |
---|---|---|
committer | nalin <nalin@517b70f8-ed25-0410-8bf6-f5db08f7b76e> | 2005-11-02 23:10:01 +0000 |
commit | dad3cb195802282569999bface564bbc5d22a0f1 (patch) | |
tree | 1d3ba6da10419600d0e78930888fdf11bd5795d2 | |
parent | b0b87bb0cd2ec02d562a4c091b64520e539b6e02 (diff) |
* configure.ac: test for differences between the Heimdal and MIT Kerberos APIs
* src/krb5-auth-dialog.c: abstract out differences in how credential flags
and realm names are stored.
git-svn-id: http://svn.gnome.org/svn/krb5-auth-dialog/trunk@41 517b70f8-ed25-0410-8bf6-f5db08f7b76e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | configure.ac | 45 | ||||
-rw-r--r-- | src/krb5-auth-dialog.c | 98 |
3 files changed, 138 insertions, 12 deletions
@@ -1,3 +1,10 @@ +2005-11-02 Nalin Dahyabhai <nalin@redhat.com> + + * configure.ac: test for differences between the Heimdal and MIT + Kerberos APIs + * src/krb5-auth-dialog.c: abstract out differences in how credential + flags and realm names are stored. + 2005-11-01 Christopher Aillon <caillon@redhat.com> * configure.ac: Release 0.4 diff --git a/configure.ac b/configure.ac index 5c55243..52497b4 100644 --- a/configure.ac +++ b/configure.ac @@ -28,11 +28,6 @@ PKG_CHECK_MODULES(GNOME, libgnomeui-2.0 >= 2.4.0 ]) -AC_ARG_WITH(heimdal, [ --with-heimdal ], with_heimdal="$withval", with_heimdal="no" ) -if test "x$with_heimdal" != "xno"; then - AC_DEFINE_UNQUOTED(HEIMDAL, "", "") -fi - AC_PATH_PROG([KRB5_CONFIG], krb5-config, none, $PATH:/usr/kerberos/bin) if test "x$KRB5_CONFIG" != "xnone"; then KRB5_LIBS="`${KRB5_CONFIG} --libs krb5`" @@ -41,6 +36,46 @@ if test "x$KRB5_CONFIG" != "xnone"; then AC_SUBST(KRB5_LIBS) fi +dnl Check for API differences between Heimdal and MIT Kerberos +savedCFLAGS="$CFLAGS" +CFLAGS="$KRB5_CFLAGS $CFLAGS" +AC_CHECK_MEMBERS(krb5_creds.ticket_flags,,,[#include <krb5.h>]) +AC_CHECK_MEMBERS(krb5_creds.flags.b.forwardable,,,[#include <krb5.h>]) +AC_CHECK_MEMBERS(krb5_creds.flags.b.renewable,,,[#include <krb5.h>]) +AC_CHECK_MEMBERS(krb5_creds.flags.b.proxiable,,,[#include <krb5.h>]) +AC_CHECK_MEMBERS(krb5_creds.flags,,,[#include <krb5.h>]) +AC_CHECK_DECLS([KDC_OPT_FORWARDABLE,KDC_OPT_RENEWABLE,KDC_OPT_PROXIABLE]) +AC_CHECK_DECLS([TKT_FLG_FORWARDABLE,TKT_FLG_RENEWABLE,TKT_FLG_PROXIABLE]) +AC_MSG_CHECKING(if a krb5_principal->realm is a char*) +AC_COMPILE_IFELSE([ +$ac_includes_default +#include <krb5.h> +#include <string.h> +int +main(int argc, char **argv) +{ + static krb5_principal foo; + return strlen(foo->realm); +}],[AC_DEFINE(HAVE_KRB5_PRINCIPAL_REALM_AS_STRING,1,[Define if the realm of a krb5_principal is a char*]) +AC_MSG_RESULT(yes)], +AC_MSG_RESULT(no)) + +AC_MSG_CHECKING(if a krb5_principal->realm is a krb5_data) +AC_COMPILE_IFELSE([ +$ac_includes_default +#include <krb5.h> +int +main(int argc, char **argv) +{ + static krb5_principal foo; + static krb5_data bar; + foo->realm = bar; + return 0; +}],[AC_DEFINE(HAVE_KRB5_PRINCIPAL_REALM_AS_DATA,1,[Define if the realm of a krb5_principal is a krb5_data]) +AC_MSG_RESULT(yes)], +AC_MSG_RESULT(no)) +CFLAGS="$savedCFLAGS" + dnl NetworkManager AC_MSG_CHECKING([whether to enable NetworkManager support]) diff --git a/src/krb5-auth-dialog.c b/src/krb5-auth-dialog.c index 907531b..8852cc7 100644 --- a/src/krb5-auth-dialog.c +++ b/src/krb5-auth-dialog.c @@ -271,6 +271,66 @@ credentials_expiring (gpointer *data) return TRUE; } +#if defined(HAVE_KRB5_CREDS_TICKET_FLAGS) && defined(HAVE_DECL_TKT_FLG_FORWARDABLE) +static int +get_cred_forwardable(krb5_creds *creds) +{ + return creds->ticket_flags & TKT_FLG_FORWARDABLE; +} +#elif defined(HAVE_KRB5_CREDS_FLAGS_B_FORWARDABLE) +static int +get_cred_forwardable(krb5_creds *creds) +{ + return creds->flags.b.forwardable; +} +#elif defined(HAVE_KRB5_CREDS_FLAGS) && defined(HAVE_DECL_KDC_OPT_FORWARDABLE) +static int +get_cred_forwardable(krb5_creds *creds) +{ + return creds->flags & KDC_OPT_FORWARDABLE; +} +#endif + +#if defined(HAVE_KRB5_CREDS_TICKET_FLAGS) && defined(HAVE_DECL_TKT_FLG_RENEWABLE) +static int +get_cred_renewable(krb5_creds *creds) +{ + return creds->ticket_flags & TKT_FLG_RENEWABLE; +} +#elif defined(HAVE_KRB5_CREDS_FLAGS_B_RENEWABLE) +static int +get_cred_renewable(krb5_creds *creds) +{ + return creds->flags.b.renewable; +} +#elif defined(HAVE_KRB5_CREDS_FLAGS) && defined(HAVE_DECL_KDC_OPT_RENEWABLE) +static int +get_cred_renewable(krb5_creds *creds) +{ + return creds->flags & KDC_OPT_RENEWABLE; +} +#endif + +#if defined(HAVE_KRB5_CREDS_TICKET_FLAGS) && defined(HAVE_DECL_TKT_FLG_PROXIABLE) +static int +get_cred_proxiable(krb5_creds *creds) +{ + return creds->ticket_flags & TKT_FLG_PROXIABLE; +} +#elif defined(HAVE_KRB5_CREDS_FLAGS_B_PROXIABLE) +static int +get_cred_proxiable(krb5_creds *creds) +{ + return creds->flags.b.proxiable; +} +#elif defined(HAVE_KRB5_CREDS_FLAGS) && defined(HAVE_DECL_KDC_OPT_PROXIABLE) +static int +get_cred_proxiable(krb5_creds *creds) +{ + return creds->flags & KDC_OPT_PROXIABLE; +} +#endif + static void set_options_using_creds(krb5_context context, krb5_creds *creds, @@ -279,11 +339,11 @@ set_options_using_creds(krb5_context context, krb5_deltat renew_lifetime; int flag; - flag = (creds->ticket_flags & TKT_FLG_FORWARDABLE) != 0; + flag = get_cred_forwardable(creds) != 0; krb5_get_init_creds_opt_set_forwardable(opts, flag); - flag = (creds->ticket_flags & TKT_FLG_PROXIABLE) != 0; + flag = get_cred_proxiable(creds) != 0; krb5_get_init_creds_opt_set_proxiable(opts, flag); - flag = (creds->ticket_flags & TKT_FLG_RENEWABLE) != 0; + flag = get_cred_renewable(creds) != 0; if (flag && (creds->times.renew_till > creds->times.starttime)) { renew_lifetime = creds->times.renew_till - creds->times.starttime; @@ -363,6 +423,30 @@ out: return retval; } +#if defined(HAVE_KRB5_PRINCIPAL_REALM_AS_STRING) +static size_t +get_principal_realm_length(krb5_principal p) +{ + return strlen(p->realm); +} +static const char * +get_principal_realm_data(krb5_principal p) +{ + return p->realm; +} +#elif defined(HAVE_KRB5_PRINCIPAL_REALM_AS_DATA) +static size_t +get_principal_realm_length(krb5_principal p) +{ + return p->realm.length; +} +static const char * +get_principal_realm_data(krb5_principal p) +{ + return p->realm.data; +} +#endif + static gboolean get_tgt_from_ccache (krb5_context context, krb5_creds *creds) { @@ -380,12 +464,12 @@ get_tgt_from_ccache (krb5_context context, krb5_creds *creds) { memset(&tgt_principal, 0, sizeof(tgt_principal)); if (krb5_build_principal_ext(context, &tgt_principal, - principal->realm.length, - principal->realm.data, + get_principal_realm_length(principal), + get_principal_realm_data(principal), KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, - principal->realm.length, - principal->realm.data, + get_principal_realm_length(principal), + get_principal_realm_data(principal), 0) == 0) { memset(creds, 0, sizeof(*creds)); memset(&mcreds, 0, sizeof(mcreds)); |