From 2b144531f1a760514f217012e9dab01359b7a0d7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 21 May 2012 18:25:28 +0200 Subject: [PATCH] gse: Use the smb_gss_oid_equal wrapper. Signed-off-by: Andreas Schneider --- auth/kerberos/pac_utils.h | 2 +- source3/include/smb_krb5.h | 1 + source3/librpc/crypto/gse.c | 23 +++-------------------- source4/auth/gensec/gensec_gssapi.c | 6 ++++-- source4/auth/kerberos/kerberos.h | 1 + 5 files changed, 10 insertions(+), 23 deletions(-) diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h index 7726f527754..d654bec208b 100644 --- a/auth/kerberos/pac_utils.h +++ b/auth/kerberos/pac_utils.h @@ -22,7 +22,7 @@ #define _PAC_UTILS_H #include "lib/krb5_wrap/krb5_samba.h" -#include "system/gssapi.h" +#include "lib/krb5_wrap/gss_samba.h" struct PAC_SIGNATURE_DATA; struct PAC_DATA; diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index 1f66212321b..743b67ff493 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -1 +1,2 @@ #include "lib/krb5_wrap/krb5_samba.h" +#include "lib/krb5_wrap/gss_samba.h" diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index fba942bd640..11a545727b7 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -57,24 +57,6 @@ struct gse_context { gss_OID ret_mech; }; -#ifndef HAVE_GSS_OID_EQUAL - -static bool gss_oid_equal(const gss_OID o1, const gss_OID o2) -{ - if (o1 == o2) { - return true; - } - if ((o1 == NULL && o2 != NULL) || (o1 != NULL && o2 == NULL)) { - return false; - } - if (o1->length != o2->length) { - return false; - } - return memcmp(o1->elements, o2->elements, o1->length) == false; -} - -#endif - /* free non talloc dependent contexts */ static int gse_context_destructor(void *ptr) { @@ -126,7 +108,8 @@ static int gse_context_destructor(void *ptr) * this code to EAP or other GSS mechanisms determines an * implementation-dependent way of releasing any dynamically * allocated OID */ - SMB_ASSERT(gss_oid_equal(&gse_ctx->gss_mech, GSS_C_NO_OID) || gss_oid_equal(&gse_ctx->gss_mech, gss_mech_krb5)); + SMB_ASSERT(smb_gss_oid_equal(&gse_ctx->gss_mech, GSS_C_NO_OID) || + smb_gss_oid_equal(&gse_ctx->gss_mech, gss_mech_krb5)); return 0; } @@ -994,7 +977,7 @@ static bool gensec_gse_have_feature(struct gensec_security *gensec_security, } if (feature & GENSEC_FEATURE_SESSION_KEY) { /* Only for GSE/Krb5 */ - if (gss_oid_equal(gse_ctx->ret_mech, gss_mech_krb5)) { + if (smb_gss_oid_equal(gse_ctx->ret_mech, gss_mech_krb5)) { return true; } } diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 6d6ea3cf285..2b09665a44b 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -612,7 +612,8 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, gssapi_error_string(out_mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); } return NT_STATUS_INVALID_PARAMETER; - } else if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) { + } else if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid, + gss_mech_krb5)) { switch (min_stat) { case KRB5KRB_AP_ERR_TKT_NYV: DEBUG(1, ("Error with ticket to contact %s: possible clock skew between us and the KDC or target server: %s\n", @@ -1225,7 +1226,8 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, } if (feature & GENSEC_FEATURE_SESSION_KEY) { /* Only for GSSAPI/Krb5 */ - if (gss_oid_equal(gensec_gssapi_state->gss_oid, gss_mech_krb5)) { + if (smb_gss_oid_equal(gensec_gssapi_state->gss_oid, + gss_mech_krb5)) { return true; } } diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index dd28e534138..0be6d74a8bb 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -27,6 +27,7 @@ #include "auth/kerberos/krb5_init_context.h" #include "librpc/gen_ndr/krb5pac.h" #include "lib/krb5_wrap/krb5_samba.h" +#include "lib/krb5_wrap/gss_samba.h" struct auth_user_info_dc; struct cli_credentials; -- 2.11.4.GIT