From: huaraz <huaraz@moeller.plus.com>
Date: Wed, 20 May 2020 13:00:00 +0000 (+0000)
Subject: Fix keyblock use for Heimdal in kerberos_ldap_group helper (#627)
X-Git-Tag: 4.15-20210522-snapshot~114
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bcc5a6376d6f02c961af7c09f3a75c23e9b360af;p=thirdparty%2Fsquid.git

Fix keyblock use for Heimdal in kerberos_ldap_group helper (#627)

Heimdal uses a different keyblock structure. Symptoms:

    error: 'krb5_creds' ... has no member named 'keyblock'
---

diff --git a/src/acl/external/kerberos_ldap_group/support_krb5.cc b/src/acl/external/kerberos_ldap_group/support_krb5.cc
index 6d50c73166..a9a3605580 100644
--- a/src/acl/external/kerberos_ldap_group/support_krb5.cc
+++ b/src/acl/external/kerberos_ldap_group/support_krb5.cc
@@ -467,10 +467,15 @@ krb5_create_cache(char *domain, char *service_principal_name)
                 }
 
                 // overwrite limitation of enctypes
+#if USE_HEIMDAL_KRB5
+                creds->session.keytype = 0;
+                if (creds->session.keyvalue.length > 0)
+                    krb5_free_keyblock_contents(kparam.context, &creds->session);
+#else
                 creds->keyblock.enctype = 0;
                 if (creds->keyblock.contents)
                     krb5_free_keyblock_contents(kparam.context, &creds->keyblock);
-
+#endif
                 code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds);
                 if (code) {
                     k5_error("Error while getting tgt", code);