#include "libcli/auth/libcli_auth.h"
#include "dsdb/samdb/samdb.h"
#include "auth/session_proto.h"
-#include "system/kerberos.h"
-#include <gssapi/gssapi.h>
+#include "auth/kerberos/gssapi_helper.h"
#include "libcli/wbclient/wbclient.h"
#undef DBGC_CLASS
};
session_info_transport->session_info = talloc_reference(session_info_transport, session_info);
if (!session_info_transport->session_info) {
+ TALLOC_FREE(session_info_transport);
return NT_STATUS_NO_MEMORY;
};
-#ifdef HAVE_GSS_EXPORT_CRED
if (session_info->credentials) {
- struct gssapi_creds_container *gcc;
- OM_uint32 gret;
- OM_uint32 minor_status;
- gss_buffer_desc cred_token;
- const char *error_string;
- int ret;
-
- ret = cli_credentials_get_client_gss_creds(session_info->credentials,
- event_ctx,
- lp_ctx,
- &gcc, &error_string);
- if (ret != 0) {
+ char *ccache_name = NULL;
+ DATA_BLOB creds_blob = data_blob_null;
+ NTSTATUS status;
+
+ status = cli_credentials_krb5_get_ccache_name(session_info->credentials,
+ session_info_transport,
+ &ccache_name);
+ if (!NT_STATUS_IS_OK(status)) {
*transport_out = session_info_transport;
return NT_STATUS_OK;
}
- gret = gss_export_cred(&minor_status,
- gcc->creds,
- &cred_token);
- if (gret != GSS_S_COMPLETE) {
- return NT_STATUS_INTERNAL_ERROR;
+ status = gssapi_krb5_export_ccache(ccache_name,
+ session_info_transport,
+ &creds_blob);
+ TALLOC_FREE(ccache_name);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ *transport_out = session_info_transport;
+ return NT_STATUS_OK;
}
-
- if (cred_token.length) {
- session_info_transport->exported_gssapi_credentials
- = data_blob_talloc(session_info_transport,
- cred_token.value,
- cred_token.length);
- gss_release_buffer(&minor_status, &cred_token);
- NT_STATUS_HAVE_NO_MEMORY(session_info_transport->exported_gssapi_credentials.data);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(session_info_transport);
+ return status;
}
+ session_info_transport->exported_gssapi_credentials = creds_blob;
}
-#endif
*transport_out = session_info_transport;
return NT_STATUS_OK;
}