summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/kerberos/pac_utils.h2
-rw-r--r--source3/include/smb_krb5.h1
-rw-r--r--source3/librpc/crypto/gse.c23
-rw-r--r--source4/auth/gensec/gensec_gssapi.c6
-rw-r--r--source4/auth/kerberos/kerberos.h1
5 files changed, 10 insertions, 23 deletions
diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h
index 7726f52775..d654bec208 100644
--- a/auth/kerberos/pac_utils.h
+++ b/auth/kerberos/pac_utils.h
@@ -22,7 +22,7 @@
#define _PAC_UTILS_H
#include "lib/krb5_wrap/krb5_samba.h"
-#include "system/gssapi.h"
+#include "lib/krb5_wrap/gss_samba.h"
struct PAC_SIGNATURE_DATA;
struct PAC_DATA;
diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
index 1f66212321..743b67ff49 100644
--- a/source3/include/smb_krb5.h
+++ b/source3/include/smb_krb5.h
@@ -1 +1,2 @@
#include "lib/krb5_wrap/krb5_samba.h"
+#include "lib/krb5_wrap/gss_samba.h"
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index fba942bd64..11a545727b 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -57,24 +57,6 @@ struct gse_context {
gss_OID ret_mech;
};
-#ifndef HAVE_GSS_OID_EQUAL
-
-static bool gss_oid_equal(const gss_OID o1, const gss_OID o2)
-{
- if (o1 == o2) {
- return true;
- }
- if ((o1 == NULL && o2 != NULL) || (o1 != NULL && o2 == NULL)) {
- return false;
- }
- if (o1->length != o2->length) {
- return false;
- }
- return memcmp(o1->elements, o2->elements, o1->length) == false;
-}
-
-#endif
-
/* free non talloc dependent contexts */
static int gse_context_destructor(void *ptr)
{
@@ -126,7 +108,8 @@ static int gse_context_destructor(void *ptr)
* this code to EAP or other GSS mechanisms determines an
* implementation-dependent way of releasing any dynamically
* allocated OID */
- SMB_ASSERT(gss_oid_equal(&gse_ctx->gss_mech, GSS_C_NO_OID) || gss_oid_equal(&gse_ctx->gss_mech, gss_mech_krb5));
+ SMB_ASSERT(smb_gss_oid_equal(&gse_ctx->gss_mech, GSS_C_NO_OID) ||
+ smb_gss_oid_equal(&gse_ctx->gss_mech, gss_mech_krb5));
return 0;
}
@@ -994,7 +977,7 @@ static bool gensec_gse_have_feature(struct gensec_security *gensec_security,
}
if (feature & GENSEC_FEATURE_SESSION_KEY) {
/* Only for GSE/Krb5 */
- if (gss_oid_equal(gse_ctx->ret_mech, gss_mech_krb5)) {
+ if (smb_gss_oid_equal(gse_ctx->ret_mech, gss_mech_krb5)) {
return true;
}
}
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 6d6ea3cf28..2b09665a44 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -612,7 +612,8 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
}
return NT_STATUS_INVALID_PARAMETER;
- } else if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) {
+ } else if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid,
+ gss_mech_krb5)) {
switch (min_stat) {
case KRB5KRB_AP_ERR_TKT_NYV:
DEBUG(1, ("Error with ticket to contact %s: possible clock skew between us and the KDC or target server: %s\n",
@@ -1225,7 +1226,8 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
}
if (feature & GENSEC_FEATURE_SESSION_KEY) {
/* Only for GSSAPI/Krb5 */
- if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) {
+ if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid,
+ gss_mech_krb5)) {
return true;
}
}
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index dd28e53413..0be6d74a8b 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -27,6 +27,7 @@
#include "auth/kerberos/krb5_init_context.h"
#include "librpc/gen_ndr/krb5pac.h"
#include "lib/krb5_wrap/krb5_samba.h"
+#include "lib/krb5_wrap/gss_samba.h"
struct auth_user_info_dc;
struct cli_credentials;