summaryrefslogtreecommitdiff
path: root/auth/kerberos
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-04-27 14:34:03 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-04-27 07:39:08 +0200
commit47e28702288f065d539baab70907d50b7d59d27e (patch)
tree6278436b7cf597c473da6d62245d4132a0a9b93b /auth/kerberos
parent722ec8b34743ad7670a747b9db1f47766752878d (diff)
downloadsamba-47e28702288f065d539baab70907d50b7d59d27e.tar.gz
samba-47e28702288f065d539baab70907d50b7d59d27e.tar.bz2
samba-47e28702288f065d539baab70907d50b7d59d27e.zip
auth/kerberos Add check for gss_inquire_sec_context_by_oid
Not all kerberos distributions have this function. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 27 07:39:08 CEST 2011 on sn-devel-104
Diffstat (limited to 'auth/kerberos')
-rw-r--r--auth/kerberos/gssapi_pac.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index dd2fb7e0a7..d89a649ff2 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -38,20 +38,19 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
gss_name_t gss_client_name,
DATA_BLOB *pac_blob)
{
+ NTSTATUS status;
OM_uint32 gss_maj, gss_min;
- gss_buffer_set_t set = GSS_C_NO_BUFFER_SET;
+#ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
gss_buffer_desc pac_buffer;
gss_buffer_desc pac_display_buffer;
gss_buffer_desc pac_name = {
.value = "urn:mspac:",
.length = sizeof("urn:mspac:")-1
};
- NTSTATUS status;
int more = -1;
int authenticated = false;
int complete = false;
-#ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
gss_maj = gss_get_name_attribute(
&gss_min, gss_client_name, &pac_name,
&authenticated, &complete,
@@ -83,7 +82,10 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCESS_DENIED;
}
-#endif
+#elif defined(HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID)
+
+ gss_buffer_set_t set = GSS_C_NO_BUFFER_SET;
+
/* If we didn't have the routine to get a verified, validated
* PAC (supplied only by MIT at the time of writing), then try
* with the Heimdal OID (fetches the PAC directly and always
@@ -118,6 +120,10 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
gss_maj = gss_release_buffer_set(&gss_min, &set);
return status;
}
+#else
+ DEBUG(1, ("unable to obtain a PAC against this GSSAPI library. "
+ "GSSAPI secured connections are available only with Heimdal or MIT Kerberos >= 1.8\n"));
+#endif
return NT_STATUS_ACCESS_DENIED;
}
#endif