From 302abe61900af3bd9b4fffe1b9e9d7e39cac599a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 2 May 2012 12:53:34 -0400 Subject: auth and s4-rpc_server: Do not use features we currently can't implement with MIT Kerbros build --- auth/credentials/credentials_krb5.c | 5 ++++- source4/rpc_server/lsa/dcesrv_lsa.c | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 684f2440fd..2a23688ffd 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -533,6 +533,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } +#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_default_in_tkt_etypes */ /* * transfer the enctypes from the smb_krb5_context to the gssapi layer * @@ -567,6 +568,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, return ret; } } +#endif +#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks GSS_KRB5_CRED_NO_CI_FLAGS_X */ /* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */ maj_stat = gss_set_cred_option(&min_stat, &gcc->creds, @@ -582,7 +585,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, (*error_string) = talloc_asprintf(cred, "gss_set_cred_option failed: %s", error_message(ret)); return ret; } - +#endif cred->client_gss_creds_obtained = cred->ccache_obtained; talloc_set_destructor(gcc, free_gssapi_creds); cred->client_gss_creds = gcc; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 2ecd144bfb..f1b8740078 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -3709,10 +3709,16 @@ static void kdc_get_policy(struct loadparm_context *lp_ctx, unix_to_nt_time(&k->service_tkt_lifetime, svc_tkt_lifetime); unix_to_nt_time(&k->user_tkt_lifetime, usr_tkt_lifetime); unix_to_nt_time(&k->user_tkt_renewaltime, renewal_lifetime); +#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_max_time_skew. + However in the parent function we basically just did a full + krb5_context init with the only purpose of getting a global + config option (the max skew), it would probably make more sense + to have a lp_ or ldb global option as the samba default */ if (smb_krb5_context) { unix_to_nt_time(&k->clock_skew, krb5_get_max_time_skew(smb_krb5_context->krb5_context)); } +#endif k->reserved = 0; } /* -- cgit