Make requirement on gss_krb5_ccache_name() hard

frozencemetery · simo5 · commit 6862859c3df9 · 2017-10-03T14:51:14.000-04:00
This function has been in krb5 since 1999.  Heimdal started using
gssapi_krb5.h 2006, and this function predates that there too (2004).

Signed-off-by: Robbie Harwood &lt;rharwood@redhat.com&gt;
Reviewed-by: Simo Sorce &lt;simo@redhat.com&gt;
diff --git a/configure.ac b/configure.ac
@@ -78,10 +78,11 @@ else
 fi
 AC_CHECK_LIB([gssapi_krb5], [gss_accept_sec_context], [],
              [AC_MSG_ERROR([GSSAPI library check failed])])
+AC_CHECK_FUNCS(gss_krb5_ccache_name, [],
+               [AC_MSG_ERROR([gss_krb5_ccache_name() not found])])
 AC_CHECK_FUNCS(gss_acquire_cred_from)
 AC_CHECK_FUNCS(gss_store_cred_into)
 AC_CHECK_FUNCS(gss_acquire_cred_with_password)
-AC_CHECK_FUNCS(gss_krb5_ccache_name)
 
 AC_SUBST([GSSAPI_CFLAGS])
 AC_SUBST([GSSAPI_LIBS])
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
@@ -489,12 +489,10 @@ static bool mag_auth_basic(request_rec *req,
                            gss_cred_id_t *delegated_cred,
                            uint32_t *vtime)
 {
-#ifdef HAVE_GSS_KRB5_CCACHE_NAME
     const char *user_ccache = NULL;
     const char *orig_ccache = NULL;
     long long unsigned int rndname;
     apr_status_t rs;
-#endif
     gss_name_t user = GSS_C_NO_NAME;
     gss_cred_id_t user_cred = GSS_C_NO_CREDENTIAL;
     gss_cred_id_t server_cred = GSS_C_NO_CREDENTIAL;
@@ -555,7 +553,6 @@ static bool mag_auth_basic(request_rec *req,
         allowed_mechs = filtered_mechs;
     }
 
-#ifdef HAVE_GSS_KRB5_CCACHE_NAME
     /* If we are using the krb5 mechanism make sure to set a per thread
      * memory ccache so that there can't be interferences between threads.
      * Also make sure we have  new cache so no cached results end up being
@@ -585,7 +582,6 @@ static bool mag_auth_basic(request_rec *req,
             goto done;
         }
     }
-#endif
 
     maj = gss_acquire_cred_with_password(&min, user, &ba_pwd,
                                          GSS_C_INDEFINITE,
@@ -621,7 +617,7 @@ static bool mag_auth_basic(request_rec *req,
     gss_release_cred(&min, &user_cred);
     gss_release_oid_set(&min, &actual_mechs);
     gss_release_oid_set(&min, &filtered_mechs);
-#ifdef HAVE_GSS_KRB5_CCACHE_NAME
+
     if (user_ccache != NULL) {
         maj = gss_krb5_ccache_name(&min, orig_ccache, NULL);
         if (maj != GSS_S_COMPLETE) {
@@ -631,7 +627,7 @@ static bool mag_auth_basic(request_rec *req,
                                     "failed", maj, min));
         }
     }
-#endif
+
     return ret;
 }
 
