diff options
author | Simo Sorce <idra@samba.org> | 2012-05-02 12:53:34 -0400 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2012-05-23 17:51:49 +0300 |
commit | 302abe61900af3bd9b4fffe1b9e9d7e39cac599a (patch) | |
tree | bde83a2922b74b5631856bc65972ff3d2dacf13f | |
parent | c54fe86a63f73543eaf9b031e146d5f647c05830 (diff) | |
download | samba-302abe61900af3bd9b4fffe1b9e9d7e39cac599a.tar.gz samba-302abe61900af3bd9b4fffe1b9e9d7e39cac599a.tar.bz2 samba-302abe61900af3bd9b4fffe1b9e9d7e39cac599a.zip |
auth and s4-rpc_server: Do not use features we currently can't implement with MIT Kerbros build
-rw-r--r-- | auth/credentials/credentials_krb5.c | 5 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 684f2440fd..2a23688ffd 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -533,6 +533,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } +#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_default_in_tkt_etypes */ /* * transfer the enctypes from the smb_krb5_context to the gssapi layer * @@ -567,6 +568,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } } +#endif +#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks GSS_KRB5_CRED_NO_CI_FLAGS_X */ /* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */ maj_stat = gss_set_cred_option(&min_stat, &gcc->creds, @@ -582,7 +585,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, (*error_string) = talloc_asprintf(cred, "gss_set_cred_option failed: %s", error_message(ret)); return ret; } - +#endif cred->client_gss_creds_obtained = cred->ccache_obtained; talloc_set_destructor(gcc, free_gssapi_creds); cred->client_gss_creds = gcc; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 2ecd144bfb..f1b8740078 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -3709,10 +3709,16 @@ static void kdc_get_policy(struct loadparm_context *lp_ctx, unix_to_nt_time(&k->service_tkt_lifetime, svc_tkt_lifetime); unix_to_nt_time(&k->user_tkt_lifetime, usr_tkt_lifetime); unix_to_nt_time(&k->user_tkt_renewaltime, renewal_lifetime); +#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_max_time_skew. + However in the parent function we basically just did a full + krb5_context init with the only purpose of getting a global + config option (the max skew), it would probably make more sense + to have a lp_ or ldb global option as the samba default */ if (smb_krb5_context) { unix_to_nt_time(&k->clock_skew, krb5_get_max_time_skew(smb_krb5_context->krb5_context)); } +#endif k->reserved = 0; } /* |