← Back to branch summary

~ubuntu-branches/ubuntu/maverick/samba/maverick-security

« back to all changes in this revision

Viewing changes to source3/include/smb_krb5.h

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2010-01-29 06:16:15 UTC
  • mfrom: (0.27.9 upstream) (0.34.4 squeeze)
  • Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld
Tags: 2:3.4.5~dfsg-1ubuntu1
https://launchpad.net/bugs/462169
https://launchpad.net/bugs/493565
* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control: 
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apoort hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
    family... it's obviously /not/ an address family, but it's what gets
    sent when using NM, so we'll cope for now.  (LP: #462169). Taken from karmic-proposed.
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Dropped patches:
    - debian/patches/security-CVE-2009-3297.patch: No longer needed
    - debian/patches/fix-too-many-open-files.patch: No longer needed

Show diffs side-by-side

added added

removed removed

Lines of Context:
source3/include/smb_krb5.h
 
1
#ifndef _HEADER_smb_krb5_h
 
2
#define _HEADER_smb_krb5_h
 
3
 
 
4
#define KRB5_PRIVATE    1       /* this file uses PRIVATE interfaces! */
 
5
/* this file uses DEPRECATED interfaces! */
 
6
 
 
7
#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
 
8
#define KRB5_DEPRECATED 1
 
9
#else
 
10
#define KRB5_DEPRECATED
 
11
#endif
 
12
 
 
13
#if HAVE_KRB5_H
 
14
#include <krb5.h>
 
15
#endif
 
16
 
 
17
#ifndef KRB5_ADDR_NETBIOS
 
18
#define KRB5_ADDR_NETBIOS 0x14
 
19
#endif
 
20
 
 
21
#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
 
22
#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
 
23
#endif
 
24
 
 
25
/* Heimdal uses a slightly different name */
 
26
#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5)
 
27
#define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5
 
28
#endif
 
29
 
 
30
/* The older versions of heimdal that don't have this
 
31
   define don't seem to use it anyway.  I'm told they
 
32
   always use a subkey */
 
33
#ifndef HAVE_AP_OPTS_USE_SUBKEY
 
34
#define AP_OPTS_USE_SUBKEY 0
 
35
#endif
 
36
 
 
37
#ifdef HAVE_KRB5
 
38
typedef struct {
 
39
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
 
40
        krb5_address **addrs;
 
41
#elif defined(HAVE_KRB5_ADDRESSES) /* Heimdal */
 
42
        krb5_addresses *addrs;
 
43
#else
 
44
#error UNKNOWN_KRB5_ADDRESS_TYPE
 
45
#endif /* defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) */
 
46
} smb_krb5_addresses;
 
47
 
 
48
#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
 
49
#define KRB5_KEY_TYPE(k)        ((k)->keytype)
 
50
#define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
 
51
#define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
 
52
#define KRB5_KEY_DATA_CAST      void
 
53
#else /* MIT */
 
54
#define KRB5_KEY_TYPE(k)        ((k)->enctype)
 
55
#define KRB5_KEY_LENGTH(k)      ((k)->length)
 
56
#define KRB5_KEY_DATA(k)        ((k)->contents)
 
57
#define KRB5_KEY_DATA_CAST      krb5_octet
 
58
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
 
59
 
 
60
#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY               /* MIT */
 
61
#define KRB5_KT_KEY(k)          (&(k)->key)
 
62
#elif HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK          /* Heimdal */
 
63
#define KRB5_KT_KEY(k)          (&(k)->keyblock)
 
64
#else
 
65
#error krb5_keytab_entry has no key or keyblock member
 
66
#endif /* HAVE_KRB5_KEYTAB_ENTRY_KEY */
 
67
 
 
68
#endif /* HAVE_KRB5 */
 
69
 
 
70
#include "krb5_protos.h"
 
71
 
 
72
#endif /* _HEADER_smb_krb5_h */