mit: make it possible to build with MIT kerberos and --picky-developer
authorGünther Deschner <gd@samba.org>
Wed, 28 Sep 2016 17:19:06 +0000 (19:19 +0200)
committerGünther Deschner <gd@samba.org>
Thu, 29 Sep 2016 06:02:18 +0000 (08:02 +0200)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth/credentials/credentials_krb5.c
auth/kerberos/gssapi_pac.c
source3/librpc/crypto/gse.c

index 36c8a32..4c903f2 100644 (file)
@@ -520,6 +520,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
        struct ccache_container *ccache;
 #ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
        gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER;
+       gss_OID oid = discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X);
 #endif
        krb5_enctype *etypes = NULL;
 
@@ -645,7 +646,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
         * http://krbdev.mit.edu/rt/Ticket/Display.html?id=6938
         */
        maj_stat = gss_set_cred_option(&min_stat, &gcc->creds,
-                                      GSS_KRB5_CRED_NO_CI_FLAGS_X,
+                                      oid,
                                       &empty_buffer);
        if (maj_stat) {
                talloc_free(gcc);
index bcc1ba4..253976a 100644 (file)
@@ -112,10 +112,11 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
                &pac_buffer, &pac_display_buffer, &more);
 
        if (gss_maj != 0) {
+               gss_OID oid = discard_const(gss_mech_krb5);
                DBG_NOTICE("obtaining PAC via GSSAPI gss_get_name_attribute "
                           "failed: %s\n", gssapi_error_string(mem_ctx,
                                                               gss_maj, gss_min,
-                                                              gss_mech_krb5));
+                                                              oid));
                return NT_STATUS_ACCESS_DENIED;
        } else if (authenticated && complete) {
                /* The PAC blob is returned directly */
index 7ec2cec..01ace37 100644 (file)
@@ -207,6 +207,7 @@ static NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
        gss_OID_set_desc mech_set;
 #ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
        gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER;
+       gss_OID oid = discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X);
 #endif
        NTSTATUS status;
 
@@ -281,7 +282,7 @@ static NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx,
         * http://krbdev.mit.edu/rt/Ticket/Display.html?id=6938
         */
        gss_maj = gss_set_cred_option(&gss_min, &gse_ctx->creds,
-                                     GSS_KRB5_CRED_NO_CI_FLAGS_X,
+                                     oid,
                                      &empty_buffer);
        if (gss_maj) {
                DEBUG(0, ("gss_set_cred_option(GSS_KRB5_CRED_NO_CI_FLAGS_X), "