From bdce9f5fae979006fa97a398a5bc44eeb9e85875 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 3 Mar 2017 12:56:24 +0100 Subject: [PATCH] s3:libads: remove unused fallback to gss_acquire_cred() Heimdal and all supported versions of MIT krb5 prove gss_krb5_import_cred(), so we don't need an #ifdef here. Signed-off-by: Stefan Metzmacher Reviewed-by: Alexander Bokovoy Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Mar 6 11:44:54 CET 2017 on sn-devel-144 --- source3/libads/sasl.c | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 8570788e801..cb630fac4af 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -365,7 +365,6 @@ static ADS_STATUS ads_init_gssapi_cred(ADS_STRUCT *ads, gss_cred_id_t *cred) return ADS_ERROR_KRB5(kerr); } -#ifdef HAVE_GSS_KRB5_IMPORT_CRED kerr = krb5_cc_resolve(kctx, ads->auth.ccache_name, &kccache); if (kerr) { status = ADS_ERROR_KRB5(kerr); @@ -377,32 +376,6 @@ static ADS_STATUS ads_init_gssapi_cred(ADS_STRUCT *ads, gss_cred_id_t *cred) status = ADS_ERROR_GSS(maj, min); goto done; } -#else - /* We need to fallback to overriding the default creds. - * This operation is not thread safe as it changes the process - * environment variable, but we do not have any better option - * with older kerberos libraries */ - { - const char *oldccname = NULL; - - oldccname = getenv("KRB5CCNAME"); - setenv("KRB5CCNAME", ads->auth.ccache_name, 1); - - maj = gss_acquire_cred(&min, GSS_C_NO_NAME, GSS_C_INDEFINITE, - NULL, GSS_C_INITIATE, cred, NULL, NULL); - - if (oldccname) { - setenv("KRB5CCNAME", oldccname, 1); - } else { - unsetenv("KRB5CCNAME"); - } - - if (maj != GSS_S_COMPLETE) { - status = ADS_ERROR_GSS(maj, min); - goto done; - } - } -#endif status = ADS_SUCCESS; -- 2.47.3