|
 |
0e5650 |
|
|
|
0e5650 |
Remove the Krb5 1.3.x-specific hack which mucks about with
|
|
|
0e5650 |
libkrb5 internals, and shouldn't.
|
|
|
0e5650 |
|
|
|
0e5650 |
--- mod_auth_kerb-5.4/src/mod_auth_kerb.c.rcopshack
|
|
|
0e5650 |
+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c
|
|
|
0e5650 |
@@ -285,34 +285,6 @@ mkstemp(char *template)
|
|
|
0e5650 |
}
|
|
|
0e5650 |
#endif
|
|
|
0e5650 |
|
|
|
0e5650 |
-#if defined(KRB5) && !defined(HEIMDAL)
|
|
|
0e5650 |
-/* Needed to work around problems with replay caches */
|
|
|
0e5650 |
-#include "mit-internals.h"
|
|
|
0e5650 |
-
|
|
|
0e5650 |
-/* This is our replacement krb5_rc_store function */
|
|
|
0e5650 |
-static krb5_error_code KRB5_LIB_FUNCTION
|
|
|
0e5650 |
-mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache,
|
|
|
0e5650 |
- krb5_donot_replay_internal *donot_replay)
|
|
|
0e5650 |
-{
|
|
|
0e5650 |
- return 0;
|
|
|
0e5650 |
-}
|
|
|
0e5650 |
-
|
|
|
0e5650 |
-/* And this is the operations vector for our replay cache */
|
|
|
0e5650 |
-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
|
|
|
0e5650 |
- 0,
|
|
|
0e5650 |
- "dfl",
|
|
|
0e5650 |
- krb5_rc_dfl_init,
|
|
|
0e5650 |
- krb5_rc_dfl_recover,
|
|
|
0e5650 |
- krb5_rc_dfl_destroy,
|
|
|
0e5650 |
- krb5_rc_dfl_close,
|
|
|
0e5650 |
- mod_auth_kerb_rc_store,
|
|
|
0e5650 |
- krb5_rc_dfl_expunge,
|
|
|
0e5650 |
- krb5_rc_dfl_get_span,
|
|
|
0e5650 |
- krb5_rc_dfl_get_name,
|
|
|
0e5650 |
- krb5_rc_dfl_resolve
|
|
|
0e5650 |
-};
|
|
|
0e5650 |
-#endif
|
|
|
0e5650 |
-
|
|
|
0e5650 |
/***************************************************************************
|
|
|
0e5650 |
Auth Configuration Initialization
|
|
|
0e5650 |
***************************************************************************/
|
|
|
0e5650 |
@@ -1252,31 +1224,6 @@ get_gss_creds(request_rec *r,
|
|
|
0e5650 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
|
0e5650 |
}
|
|
|
0e5650 |
|
|
|
0e5650 |
-#ifndef HEIMDAL
|
|
|
0e5650 |
- /*
|
|
|
0e5650 |
- * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as
|
|
|
0e5650 |
- * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to
|
|
|
0e5650 |
- * the replay cache.
|
|
|
0e5650 |
- * This allows us to override the replay cache function vector with
|
|
|
0e5650 |
- * our own one.
|
|
|
0e5650 |
- * Note that this is a dirty hack to get things working and there may
|
|
|
0e5650 |
- * well be unknown side-effects.
|
|
|
0e5650 |
- */
|
|
|
0e5650 |
- {
|
|
|
0e5650 |
- krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds;
|
|
|
0e5650 |
-
|
|
|
0e5650 |
- /* First we try to verify we are linked with 1.3.x to prevent from
|
|
|
0e5650 |
- crashing when linked with 1.4.x */
|
|
|
0e5650 |
- if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) {
|
|
|
0e5650 |
- if (gss_creds->rcache && gss_creds->rcache->ops &&
|
|
|
0e5650 |
- gss_creds->rcache->ops->type &&
|
|
|
0e5650 |
- memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
|
|
|
0e5650 |
- /* Override the rcache operations */
|
|
|
0e5650 |
- gss_creds->rcache->ops = &mod_auth_kerb_rc_ops;
|
|
|
0e5650 |
- }
|
|
|
0e5650 |
- }
|
|
|
0e5650 |
-#endif
|
|
|
0e5650 |
-
|
|
|
0e5650 |
return 0;
|
|
|
0e5650 |
}
|
|
|
0e5650 |
|