auth-session: MIT doesn't have import/export cred yet

For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and this
code is used only in some proxy scenario. Not normally needed for common
configurations.

diff --git a/source4/auth/session.c b/source4/auth/session.c
index 805659c5a468ae87ff16c58d625f585a91a79d93..de417cc54b110c83f53ed651bb5e8595d0dfa6d3 100644 (file)
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -156,6 +156,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
+
 /* Fill out the auth_session_info with a cli_credentials based on the
  * auth_session_info we were forwarded over named pipe forwarding.
  *
@@ -169,7 +170,7 @@ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
 {
        struct auth_session_info *session_info;
        session_info = talloc_steal(mem_ctx, session_info_transport->session_info);
-
+#ifdef HAVE_GSS_IMPORT_CRED
        if (session_info_transport->exported_gssapi_credentials.length) {
                struct cli_credentials *creds;
                OM_uint32 minor_status;
@@ -220,7 +221,7 @@ struct auth_session_info *auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
                                                   CRED_MUST_USE_KERBEROS);
 
        }
-
+#endif
        return session_info;
 }
 
@@ -246,7 +247,7 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
        if (!session_info_transport->session_info) {
                return NT_STATUS_NO_MEMORY;
        };
-
+#ifdef HAVE_GSS_EXPORT_CRED
        if (session_info->credentials) {
                struct gssapi_creds_container *gcc;
                OM_uint32 gret;
@@ -280,6 +281,7 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
                        NT_STATUS_HAVE_NO_MEMORY(session_info_transport->exported_gssapi_credentials.data);
                }
        }
+#endif
        *transport_out = session_info_transport;
        return NT_STATUS_OK;
 }

diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 8357f3aa424d8e307849e8d5b959c3d119bb9b53..a350a8bae99ca3e56c5f100f9352f7c7eb4c7871 100755 (executable)
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -87,6 +87,8 @@ conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1)
 conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1)
 conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1)
 conf.define('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT', 1)
+conf.define('HAVE_GSS_IMPORT_CRED', 1)
+conf.define('HAVE_GSS_EXPORT_CRED', 1)
 conf.define('HAVE_LIBGSSAPI', 1)
 conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
 conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)

diff --git a/wscript_configure_krb5 b/wscript_configure_krb5
index 37f883e38ed44a5ea8f6155253e43cf69cf34018..4dbf2aee592fdd26417fc9207b20308b0faa235b 100644 (file)
--- a/wscript_configure_krb5
+++ b/wscript_configure_krb5
@@ -38,6 +38,7 @@ conf.CHECK_FUNCS_IN('''
        gss_inquire_sec_context_by_oid
        gsskrb5_extract_authz_data_from_sec_context
        gss_krb5_export_lucid_sec_context
+       gss_import_cred gss_export_cred
        ''', 'gssapi gssapi_krb5 krb5')
 conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
 conf.CHECK_FUNCS('''