From: Todd C. Miller Date: Thu, 23 Oct 2008 16:06:23 +0000 (+0000) Subject: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. X-Git-Tag: SUDO_1_7_0~73 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=13e2ccea68d64f4cb976e9404e91349d4bc7a125;p=sudo Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at all. Add configure tests to handle all the cases. --- diff --git a/auth/kerb5.c b/auth/kerb5.c index 69ab9da0a..d228407e3 100644 --- a/auth/kerb5.c +++ b/auth/kerb5.c @@ -74,6 +74,24 @@ static struct _sudo_krb5_data { } sudo_krb5_data = { NULL, NULL, NULL }; typedef struct _sudo_krb5_data *sudo_krb5_datap; +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC +static krb5_error_code +krb5_get_init_creds_opt_alloc(context, opts) + krb5_context context; + krb5_get_init_creds_opt **opts; +{ + *opts = emalloc(sizeof(krb5_get_init_creds_opt)); + return 0; +} + +static void +krb5_get_init_creds_opt_free(opts) + krb5_get_init_creds_opt *opts; +{ + free(opts); +} +#endif + int kerb5_init(pw, promptp, auth) struct passwd *pw; @@ -220,10 +238,10 @@ kerb5_verify(pw, pass, auth) done: if (opts) { -#ifdef HAVE_HEIMDAL - krb5_get_init_creds_opt_free(opts); -#else +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS krb5_get_init_creds_opt_free(sudo_context, opts); +#else + krb5_get_init_creds_opt_free(opts); #endif } if (creds) diff --git a/config.h.in b/config.h.in index ddb71b7f7..66901192f 100644 --- a/config.h.in +++ b/config.h.in @@ -210,6 +210,12 @@ /* Define to 1 if you use Kerberos V. */ #undef HAVE_KERB5 +/* Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function. */ +#undef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC + +/* Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments. */ +#undef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS + /* Define to 1 if you have the `krb5_init_secure_context' function. */ #undef HAVE_KRB5_INIT_SECURE_CONTEXT diff --git a/configure b/configure index cdcfa85de..9ff25ea35 100755 --- a/configure +++ b/configure @@ -21073,7 +21073,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext LIBS="${LIBS} ${SUDO_LIBS}" -for ac_func in krb5_verify_user krb5_init_secure_context + +for ac_func in krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -21166,6 +21167,69 @@ _ACEOF fi done + { echo "$as_me:$LINENO: checking whether krb5_get_init_creds_opt_free takes a two argument2" >&5 +echo $ECHO_N "checking whether krb5_get_init_creds_opt_free takes a two argument2... $ECHO_C" >&6; } +if test "${sudo_cv_krb5_get_init_creds_opt_free_two_args+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ + + krb5_context context = NULL; + krb5_get_init_creds_opt *opts = NULL; + krb5_get_init_creds_opt_free(context, opts); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + sudo_cv_krb5_get_init_creds_opt_free_two_args=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + sudo_cv_krb5_get_init_creds_opt_free_two_args=no + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +fi +{ echo "$as_me:$LINENO: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5 +echo "${ECHO_T}$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; } + if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1 +_ACEOF + + fi LIBS="$_LIBS" fi @@ -24831,6 +24895,14 @@ fi + + + + + + + + diff --git a/configure.in b/configure.in index 01a4fb096..c2bdbba4b 100644 --- a/configure.in +++ b/configure.in @@ -2146,7 +2146,23 @@ if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then AUTH_OBJS="$AUTH_OBJS kerb5.o" _LIBS="$LIBS" LIBS="${LIBS} ${SUDO_LIBS}" - AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) + AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc) + AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2, + sudo_cv_krb5_get_init_creds_opt_free_two_args, [ + AC_TRY_COMPILE([#include ], + [ + krb5_context context = NULL; + krb5_get_init_creds_opt *opts = NULL; + krb5_get_init_creds_opt_free(context, opts); + ], + [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], + [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] + ) + ] + ) + if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then + AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) + fi LIBS="$_LIBS" fi @@ -2540,6 +2556,10 @@ AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) +AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) +AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.]) +AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) +AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])