Fixes for S3 DCE/RPC GSSAPI with Heimdal

Andrew Bartlett abartlet at samba.org
Sat Apr 16 03:58:37 MDT 2011 

Simo,

I've been working to test the Samba3 binaries produced by the top level
build, and this builds against Samba4's Heimdal at this time.

When you proposed your DCE/RPC GSSAPI patches, you asked that I check
them against Heimdal, and sadly I only got as far are compiling them,
not running them.

These patches makes the DCE/RPC GSSAPI server work with the newly added
ktest tests in Samba3's make test, when run from the top level build. 

Can you let me know if these changes are OK, or if you want some further
explaination?

http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb5-fix

In particular I'm referring to:

s3-gse: Allow the GSSAPI wrapper to load a keytab using
gss_krb5_import_cred():
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=abfe0bb3a73a3d00d0e75ae2405bf064f6abbf89

s3-gse: Don't release the mech OID from gss_accept_security_context
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=e5eadad3bce2b1f57ffb01aa65b6880fd5fe20c4

s3-gse Use Heimdal gsskrb5_extract_authz_data_from_sec_context when
available:
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=8b6c1c2b51566f74518bfa7ab4829c011b49cbad

s3-gse Don't get the auth time when validating the PAC:
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=85350063468dca54aefc4cc905d13d4aaa81ddd0

I don't yet have the autoconf/waf tests for the new macros (allowing a
build against a system Heimdal), but I'll add those soon.  What I'm
after at the moment is your comment on the meat of these patches.   

I can also address the unused variables (in each arm of the #if/#else),
but didn't want the patches to be full of just noise at this stage of
review). 

The good news is that with these patches, we can successfully test
Samba3 from the top level build, and means we are but a short way away
from testing Samba3 in combination with Samba4 in the combined build. 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list