fi
done
dnl We didn't find a usable Kerberos environment
- if test "x$require_krb5" = "xyes" && "x$KRBDIR" = "x"; then
+ if test "x$require_krb5" = "xyes" -a "x$KRBDIR" = "x"; then
if test "x$krb5_with" = "x"; then
AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
else
dnl Check for krb5int_derive_key
AC_CHECK_LIB($gssapi_lib, krb5int_derive_key,
- AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available]), ,$KRBLIBS)
+ [HAVE_KRB5INT_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available])], ,$KRBLIBS)
dnl Check for krb5_derive_key
AC_CHECK_LIB($gssapi_lib, krb5_derive_key,
- AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available]), ,$KRBLIBS)
+ [HAVE_KRB5_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available])], ,$KRBLIBS)
AS_IF([test "x$HAVE_KRB5INT_DERIVE_KEY" = "x1" -o "x$HAVE_KRB5_DERIVE_KEY" = "x1"],
[AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])],
#ifndef _CONTEXT_H_
#define _CONTEXT_H_
+#include <krb5.h>
+
/* Hopefully big enough to hold any serialized context */
#define MAX_CTX_LEN 4096
#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
#if HAVE_KRB5INT_DERIVE_KEY
-extern int krb5int_derive_key();
-extern int krb5_k_create_key();
+/* Taken from crypto_int.h */
+enum deriv_alg {
+ DERIVE_RFC3961, /* RFC 3961 section 5.1 */
+#ifdef CAMELLIA
+ DERIVE_SP800_108_CMAC, /* NIST SP 800-108 with CMAC as PRF */
+#endif
+};
+
+extern krb5_error_code krb5int_derive_key(const void *enc,
+ krb5_key inkey, krb5_key *outkey,
+ const krb5_data *in_constant,
+ enum deriv_alg alg);
+extern krb5_error_code krb5_k_create_key(krb5_context context,
+ const krb5_keyblock *key_data,
+ krb5_key *out);
#else /* !HAVE_KRB5INT_DERIVE_KEY */
-extern int krb5_derive_key();
+
+extern krb5_error_code krb5_derive_key(const void *enc,
+ const krb5_keyblock *inkey,
+ krb5_keyblock *outkey,
+ const krb5_data *in_constant);
#endif
int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf,
extern void krb5int_enc_des3;
extern void krb5int_enc_aes128;
extern void krb5int_enc_aes256;
-#if HAVE_KRB5INT_DERIVE_KEY
-/* Taken from crypto_int.h */
-enum deriv_alg {
- DERIVE_RFC3961, /* RFC 3961 section 5.1 */
-#ifdef CAMELLIA
- DERIVE_SP800_108_CMAC, /* NIST SP 800-108 with CMAC as PRF */
-#endif
-};
-#endif /* HAVE_KRB5INT_DERIVE_KEY */
static void
key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)