[packages/squid.git] / krb.patch

From 990f3cb0266779b329dca303cc7ec8977ed8a0b5 Mon Sep 17 00:00:00 2001
From: Markus Moeller <markus_moeller@compuserve.com>
Date: Sat, 9 May 2020 14:00:23 +0100
Subject: [PATCH 4/5] Add Heimdal check for keyblock

---
 src/acl/external/kerberos_ldap_group/support_krb5.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/acl/external/kerberos_ldap_group/support_krb5.cc b/src/acl/external/kerberos_ldap_group/support_krb5.cc
index 6d50c73166..b4964d83ee 100644
--- a/src/acl/external/kerberos_ldap_group/support_krb5.cc
+++ b/src/acl/external/kerberos_ldap_group/support_krb5.cc
@@ -467,10 +467,15 @@ krb5_create_cache(char *domain, char *service_principal_name)
                 }
 
                 // overwrite limitation of enctypes
+#if USE_HEIMDAL_KRB5
+                creds->session.keytype = 0;
+                if (creds->session.keyvalue.length>0)
+                    krb5_free_keyblock_contents(kparam.context, &creds->session);
+#else
                 creds->keyblock.enctype = 0;
                 if (creds->keyblock.contents)
                     krb5_free_keyblock_contents(kparam.context, &creds->keyblock);
-
+#endif
                 code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds);
                 if (code) {
                     k5_error("Error while getting tgt", code);
Commit	Line	Data
d4bb55ac AM	1	From 990f3cb0266779b329dca303cc7ec8977ed8a0b5 Mon Sep 17 00:00:00 2001
	2	From: Markus Moeller <markus_moeller@compuserve.com>
	3	Date: Sat, 9 May 2020 14:00:23 +0100
	4	Subject: [PATCH 4/5] Add Heimdal check for keyblock
	5
	6	---
	7	src/acl/external/kerberos_ldap_group/support_krb5.cc \| 7 ++++++-
	8	1 file changed, 6 insertions(+), 1 deletion(-)
	9
	10	diff --git a/src/acl/external/kerberos_ldap_group/support_krb5.cc b/src/acl/external/kerberos_ldap_group/support_krb5.cc
	11	index 6d50c73166..b4964d83ee 100644
	12	--- a/src/acl/external/kerberos_ldap_group/support_krb5.cc
	13	+++ b/src/acl/external/kerberos_ldap_group/support_krb5.cc
	14	@@ -467,10 +467,15 @@ krb5_create_cache(char domain, char service_principal_name)
	15	}
	16
	17	// overwrite limitation of enctypes
	18	+#if USE_HEIMDAL_KRB5
	19	+ creds->session.keytype = 0;
	20	+ if (creds->session.keyvalue.length>0)
	21	+ krb5_free_keyblock_contents(kparam.context, &creds->session);
	22	+#else
	23	creds->keyblock.enctype = 0;
	24	if (creds->keyblock.contents)
	25	krb5_free_keyblock_contents(kparam.context, &creds->keyblock);
	26	-
	27	+#endif
	28	code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds);
	29	if (code) {
	30	k5_error("Error while getting tgt", code);
	31
	32