source4/auth/session.c auth_session_info_transport_from_session make use of gssapi_kr...

diff --git a/source4/auth/session.c b/source4/auth/session.c
index c5fc226a7d731d31333352b1f758e8b7cfbfbdca..8a236af6e449e5685358a531aac459fe1df5c980 100644 (file)
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -30,8 +30,7 @@
 #include "libcli/auth/libcli_auth.h"
 #include "dsdb/samdb/samdb.h"
 #include "auth/session_proto.h"
-#include "system/kerberos.h"
-#include <gssapi/gssapi.h>
+#include "auth/kerberos/gssapi_helper.h"
 #include "libcli/wbclient/wbclient.h"
 
 #undef DBGC_CLASS
@@ -322,43 +321,36 @@ NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
        };
        session_info_transport->session_info = talloc_reference(session_info_transport, session_info);
        if (!session_info_transport->session_info) {
+               TALLOC_FREE(session_info_transport);
                return NT_STATUS_NO_MEMORY;
        };
-#ifdef HAVE_GSS_EXPORT_CRED
        if (session_info->credentials) {
-               struct gssapi_creds_container *gcc;
-               OM_uint32 gret;
-               OM_uint32 minor_status;
-               gss_buffer_desc cred_token;
-               const char *error_string;
-               int ret;
-
-               ret = cli_credentials_get_client_gss_creds(session_info->credentials,
-                                                          event_ctx,
-                                                          lp_ctx,
-                                                          &gcc, &error_string);
-               if (ret != 0) {
+               char *ccache_name = NULL;
+               DATA_BLOB creds_blob = data_blob_null;
+               NTSTATUS status;
+
+               status = cli_credentials_krb5_get_ccache_name(session_info->credentials,
+                                                             session_info_transport,
+                                                             &ccache_name);
+               if (!NT_STATUS_IS_OK(status)) {
                        *transport_out = session_info_transport;
                        return NT_STATUS_OK;
                }
 
-               gret = gss_export_cred(&minor_status,
-                                      gcc->creds,
-                                      &cred_token);
-               if (gret != GSS_S_COMPLETE) {
-                       return NT_STATUS_INTERNAL_ERROR;
+               status = gssapi_krb5_export_ccache(ccache_name,
+                                                  session_info_transport,
+                                                  &creds_blob);
+               TALLOC_FREE(ccache_name);
+               if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+                       *transport_out = session_info_transport;
+                       return NT_STATUS_OK;
                }
-
-               if (cred_token.length) {
-                       session_info_transport->exported_gssapi_credentials
-                               = data_blob_talloc(session_info_transport,
-                                                  cred_token.value,
-                                                  cred_token.length);
-                       gss_release_buffer(&minor_status, &cred_token);
-                       NT_STATUS_HAVE_NO_MEMORY(session_info_transport->exported_gssapi_credentials.data);
+               if (!NT_STATUS_IS_OK(status)) {
+                       TALLOC_FREE(session_info_transport);
+                       return status;
                }
+               session_info_transport->exported_gssapi_credentials = creds_blob;
        }
-#endif
        *transport_out = session_info_transport;
        return NT_STATUS_OK;
 }