diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libads/sasl.c | 4 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 4 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 12 |
3 files changed, 16 insertions, 4 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 97ba9c9286..0164b0c740 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -173,7 +173,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) DATA_BLOB blob; char *principal = NULL; char *OIDs[ASN1_MAX_OIDS]; +#ifdef HAVE_KRB5 BOOL got_kerberos_mechanism = False; +#endif rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", NULL, NULL, NULL, &scred); @@ -202,10 +204,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) /* make sure the server understands kerberos */ for (i=0;OIDs[i];i++) { DEBUG(3,("ads_sasl_spnego_bind: got OID=%s\n", OIDs[i])); +#ifdef HAVE_KRB5 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 || strcmp(OIDs[i], OID_KERBEROS5) == 0) { got_kerberos_mechanism = True; } +#endif free(OIDs[i]); } DEBUG(3,("ads_sasl_spnego_bind: got server principal name =%s\n", principal)); diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index aa37a29391..c5154827c6 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -702,7 +702,9 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, char *principal; char *OIDs[ASN1_MAX_OIDS]; int i; +#ifdef HAVE_KRB5 BOOL got_kerberos_mechanism = False; +#endif DATA_BLOB blob; DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length)); @@ -731,10 +733,12 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, /* make sure the server understands kerberos */ for (i=0;OIDs[i];i++) { DEBUG(3,("got OID=%s\n", OIDs[i])); +#ifdef HAVE_KRB5 if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 || strcmp(OIDs[i], OID_KERBEROS5) == 0) { got_kerberos_mechanism = True; } +#endif free(OIDs[i]); } DEBUG(3,("got principal=%s\n", principal)); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 40ea28a86d..e1fb71d575 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -417,7 +417,9 @@ static int reply_spnego_negotiate(connection_struct *conn, DATA_BLOB secblob; int i; DATA_BLOB chal; - BOOL got_kerberos = False; +#ifdef HAVE_KRB5 + BOOL got_kerberos_mechanism = False; +#endif NTSTATUS nt_status; /* parse out the OIDs and the first sec blob */ @@ -434,11 +436,13 @@ static int reply_spnego_negotiate(connection_struct *conn, server sent back krb5/mskrb5/ntlmssp as mechtypes, but the client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an NTLMSSP mechtoken. --jerry */ - + +#ifdef HAVE_KRB5 if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) { - got_kerberos = True; + got_kerberos_mechanism = True; } +#endif for (i=0;OIDs[i];i++) { DEBUG(3,("Got OID %s\n", OIDs[i])); @@ -447,7 +451,7 @@ static int reply_spnego_negotiate(connection_struct *conn, DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length)); #ifdef HAVE_KRB5 - if (got_kerberos && (SEC_ADS == lp_security())) { + if (got_kerberos_mechanism && (SEC_ADS == lp_security())) { int ret = reply_spnego_kerberos(conn, inbuf, outbuf, length, bufsize, &secblob); data_blob_free(&secblob); |