Bug 3195: kerberos_ldap_group will not build without kerberos

cleans up include file which does not require any gssapi headers and
checks for kerberos availability.

diff --git a/helpers/external_acl/kerberos_ldap_group/support.h b/helpers/external_acl/kerberos_ldap_group/support.h
index 9a42ec3c54e95f3b076f4ed5a3c0855772c47489..a8342958de50c8c669177be700da9e3f9b2fddec 100644 (file)
--- a/helpers/external_acl/kerberos_ldap_group/support.h
+++ b/helpers/external_acl/kerberos_ldap_group/support.h
@@ -28,24 +28,6 @@
 #include <string.h>
 #endif
 
-#if HAVE_GSSAPI_GSSAPI_H
-#include <gssapi/gssapi.h>
-#elif HAVE_GSSAPI_H
-#include <gssapi.h>
-#endif /* HAVE_GSSAPI_GSSAPI_H/HAVE_GSSAPI_H */
-
-#if !HAVE_HEIMDAL_KERBEROS
-#if HAVE_GSSAPI_GSSAPI_KRB5_H
-#include <gssapi/gssapi_krb5.h>
-#endif
-#if HAVE_GSSAPI_GSSAPI_GENERIC_H
-#include <gssapi/gssapi_generic.h>
-#endif
-#if HAVE_GSSAPI_GSSAPI_EXT_H
-#include <gssapi/gssapi_ext.h>
-#endif
-#endif
-
 #if HAVE_KRB5_H
 #if HAVE_BROKEN_SOLARIS_KRB5_H
 #warn "Warning! You have a broken Solaris <krb5.h> system header"
@@ -71,10 +53,6 @@ extern "C" {
 #define error_message(code) krb5_get_err_text(kparam.context,code)
 #endif /* HAVE_COM_ERR_H */
 
-#ifndef gss_nt_service_name
-#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
-#endif
-
 #define LDAP_DEPRECATED 1
 #ifdef HAVE_LDAP_REBIND_FUNCTION
 #define LDAP_REFERRALS
@@ -180,8 +158,10 @@ int create_gd(struct main_args *margs);
 int create_nd(struct main_args *margs);
 int create_ls(struct main_args *margs);
 
+#ifdef HAVE_KRB5
 int krb5_create_cache(struct main_args *margs, char *domain);
 void krb5_cleanup(void);
+#endif
 
 int get_ldap_hostname_list(struct main_args *margs, struct hstruct **hlist, int nhosts, char *domain);
 int get_hostname_list(struct main_args *margs, struct hstruct **hlist, int nhosts, char *name);

diff --git a/helpers/external_acl/kerberos_ldap_group/support_krb5.cc b/helpers/external_acl/kerberos_ldap_group/support_krb5.cc
index 51865bb527fb11738276d7217e95451d2f649507..0495fc51f659b5065aadf98da5fb00ca7de9a927 100644 (file)
--- a/helpers/external_acl/kerberos_ldap_group/support_krb5.cc
+++ b/helpers/external_acl/kerberos_ldap_group/support_krb5.cc
@@ -25,7 +25,7 @@
 #include "config.h"
 #include "util.h"
 
-#ifdef HAVE_LDAP
+#if defined(HAVE_LDAP) && defined(HAVE_KRB5)
 
 #include "support.h"
 

diff --git a/helpers/external_acl/kerberos_ldap_group/support_ldap.cc b/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
index f2a5fefbf43ffbde01879d27d7b395cb72c590a0..d15baf69c8f3dc05ccb422da7ed4b18755aae864 100644 (file)
--- a/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
+++ b/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
@@ -833,11 +833,17 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
     if (domain) {
         debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
 
+#ifdef HAVE_KRB5
         kc = krb5_create_cache(margs, domain);
         if (kc) {
             error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
         }
+#else
+        kc = 1;
+        debug((char *) "%s| %s: DEBUG: Kerberos is not supported. Use username/passwaord with ldap url instead\n", LogTime(), PROGRAM);
+#endif
     }
+
     if (kc && (!margs->lurl || !margs->luser | !margs->lpass)) {
         /*
          * If Kerberos fails and no url given exit here
@@ -1200,8 +1206,10 @@ get_memberof(struct main_args *margs, char *user, char *domain, char *group)
     }
     debug((char *) "%s| %s: DEBUG: Unbind ldap server\n", LogTime(), PROGRAM);
 cleanup:
+#ifdef HAVE_KRB5
     if (domain)
         krb5_cleanup();
+#endif
     if (lcreds) {
         if (lcreds->dn)
             xfree(lcreds->dn);