Wrap krb5_cc_copy_creds and krb5_cc_copy_cache

Heimdal and MIT Kerberos have different API to copy credentials from a
ccache. Wrap it via lib/krb5_wrap/.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 0bd659577763c84a5d3edbcf2d81dc1f325e9460..82b6de963f73e179b87d93266a3feca989c9250d 100644 (file)
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -763,8 +763,8 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
 
        TALLOC_FREE(ccache_name);
 
-       ret = krb5_cc_copy_cache(ccc->smb_krb5_context->krb5_context,
-                                old_ccc->ccache, ccc->ccache);
+       ret = smb_krb5_cc_copy_creds(ccc->smb_krb5_context->krb5_context,
+                                    old_ccc->ccache, ccc->ccache);
        if (ret != 0) {
                TALLOC_FREE(ccc);
                return ret;

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 8064f1793fe088180c9848a8e8d07546768dd866..2943b33b25f7af0ec68be150d7fffcaf21823e93 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -3039,6 +3039,18 @@ krb5_error_code krb5_warnx(krb5_context context, const char *fmt, ...)
 }
 #endif
 
+krb5_error_code smb_krb5_cc_copy_creds(krb5_context context,
+                                      krb5_ccache incc, krb5_ccache outcc)
+{
+#ifdef HAVE_KRB5_CC_COPY_CACHE /* Heimdal */
+       return krb5_cc_copy_cache(context, incc, outcc);
+#elif defined(HAVE_KRB5_CC_COPY_CREDS)
+       return krb5_cc_copy_creds(context, incc, outcc);
+#else
+#error UNKNOWN_KRB5_CC_COPY_CACHE_OR_CREDS_FUNCTION
+#endif
+}
+
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
  int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,

diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index f988858102ed40a2d6cfdddd363ca830a189dfab..2d3161934a168021d605a43c50b5cdd0c0c241a7 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -396,6 +396,9 @@ int smb_krb5_principal_get_type(krb5_context context,
 krb5_error_code krb5_warnx(krb5_context context, const char *fmt, ...);
 #endif
 
+krb5_error_code smb_krb5_cc_copy_creds(krb5_context context,
+                                      krb5_ccache incc, krb5_ccache outcc);
+
 #endif /* HAVE_KRB5 */
 
 int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,

diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 79b461cc04eb56865301faa411e42e5e8445776f..67ac34b45b2d0c2281da0d8f105410dda60b0162 100755 (executable)
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -104,6 +104,7 @@ conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
 conf.define('HAVE_KRB5_ADDRESSES', 1)
 conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
 conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
+conf.define('HAVE_KRB5_CC_COPY_CACHE', 1)
 conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
 conf.define('HAVE_KRB5_CRYPTO', 1)
 conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)

diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
index 0d47ccb4f69725e0e0d065c0d0333c24565dd3a1..57a729db4b19d808b5ff6f9fc23387dc19b19298 100644 (file)
--- a/wscript_configure_system_mitkrb5
+++ b/wscript_configure_system_mitkrb5
@@ -118,6 +118,7 @@ conf.CHECK_FUNCS('''
        krb5_get_init_creds_keyblock krb5_get_init_creds_keytab
        krb5_make_principal krb5_build_principal_alloc_va
        krb5_cc_get_lifetime krb5_cc_retrieve_cred
+       krb5_cc_copy_creds
        krb5_free_checksum_contents krb5_c_make_checksum krb5_create_checksum
        krb5_config_get_bool_default krb5_get_profile
        krb5_data_copy