From 3304be10ff58a2977ce156d078154a305a879aaf Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 1 Nov 2024 14:18:24 +0000 Subject: [PATCH] Remove krb5_get_max_time_skew portability hack (#1875) This function has been available in Kerberos libraries for over ten years now. --- acinclude/krb5.m4 | 20 -------------------- src/peer_proxy_negotiate_auth.cc | 4 +--- 2 files changed, 1 insertion(+), 23 deletions(-) diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4 index 876825a7779..ec5783c21f7 100644 --- a/acinclude/krb5.m4 +++ b/acinclude/krb5.m4 @@ -105,23 +105,6 @@ main(void) SQUID_DEFINE_BOOL(HAVE_BROKEN_HEIMDAL_KRB5_H,$squid_cv_broken_heimdal_krb5_h,[Heimdal krb5.h is broken for C++]) ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H -dnl check the max skew in the krb5 context, and sets squid_cv_max_skew_context -AC_DEFUN([SQUID_CHECK_MAX_SKEW_IN_KRB5_CONTEXT],[ - AC_CACHE_CHECK([for max_skew in struct krb5_context], - squid_cv_max_skew_context, [ - SQUID_STATE_SAVE(squid_krb5_test) - CPPFLAGS="-I${srcdir:-.} $CPPFLAGS" - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include "compat/krb5.h" -krb5_context kc; kc->max_skew = 1; - ]]) - ],[ squid_cv_max_skew_context=yes ], - [ squid_cv_max_skew_context=no ]) - SQUID_STATE_ROLLBACK(squid_krb5_test) - ]) -]) - dnl check whether the kerberos context has a memory cache. Sets dnl squid_cv_memory_cache if that's the case. AC_DEFUN([SQUID_CHECK_KRB5_CONTEXT_MEMORY_CACHE],[ @@ -315,9 +298,6 @@ AC_DEFUN([SQUID_CHECK_KRB5_FUNCS],[ AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab, AC_DEFINE(HAVE_GET_INIT_CREDS_KEYTAB,1, [Define to 1 if you have krb5_get_init_creds_keytab]),) - AC_CHECK_LIB(krb5,krb5_get_max_time_skew, - AC_DEFINE(HAVE_KRB5_GET_MAX_TIME_SKEW,1, - [Define to 1 if you have krb5_get_max_time_skew]),) AC_CHECK_LIB(krb5,krb5_get_profile, AC_DEFINE(HAVE_KRB5_GET_PROFILE,1, [Define to 1 if you have krb5_get_profile]),) diff --git a/src/peer_proxy_negotiate_auth.cc b/src/peer_proxy_negotiate_auth.cc index 6ae2690497a..11b5d2595da 100644 --- a/src/peer_proxy_negotiate_auth.cc +++ b/src/peer_proxy_negotiate_auth.cc @@ -307,10 +307,8 @@ int krb5_create_cache(char *kf, char *pn) { error_message(code)); return (1); } -#elif HAVE_LIBHEIMDAL_KRB5 && HAVE_KRB5_GET_MAX_TIME_SKEW +#elif HAVE_LIBHEIMDAL_KRB5 skew = krb5_get_max_time_skew(kparam.context); -#elif HAVE_LIBHEIMDAL_KRB5 && HAVE_MAX_SKEW_IN_KRB5_CONTEXT - skew = kparam.context->max_skew; #else skew = DEFAULT_SKEW; #endif