diff --git a/lib/krb5-wrapper.c b/lib/krb5-wrapper.c index 48ab4367..35fe40bd 100644 --- a/lib/krb5-wrapper.c +++ b/lib/krb5-wrapper.c @@ -54,8 +54,12 @@ #endif #include +#if __APPLE__ +#include +#else #include #include +#endif #include #include "slist.h" @@ -212,13 +216,21 @@ krb5_negotiate_reply(struct smb2_context *smb2, /* TODO: the proper mechanism (SPNEGO vs NTLM vs KRB5) should be * selected based on the SMB negotiation flags */ + #ifdef __APPLE__ + auth_data->mech_type = GSS_SPNEGO_MECHANISM; + #else auth_data->mech_type = &gss_mech_spnego; + #endif auth_data->cred = GSS_C_NO_CREDENTIAL; /* Create creds for the user */ mechOidSet.count = 1; + #ifdef __APPLE__ + mechOidSet.elements = discard_const(GSS_SPNEGO_MECHANISM); + #else mechOidSet.elements = discard_const(&gss_mech_spnego); - + #endif + if (smb2->use_cached_creds) { krb5_error_code ret = 0; const char *cname = NULL; @@ -266,6 +278,7 @@ krb5_negotiate_reply(struct smb2_context *smb2, return NULL; } + #ifndef __APPLE__ // gss_set_neg_mechs is not defined on macOS/iOS. if (smb2->sec != SMB2_SEC_UNDEFINED) { wantMech.count = 1; if (smb2->sec == SMB2_SEC_KRB5) { @@ -280,6 +293,7 @@ krb5_negotiate_reply(struct smb2_context *smb2, return NULL; } } + #endif if (nc_password) { free(nc_password); diff --git a/lib/krb5-wrapper.h b/lib/krb5-wrapper.h index 1533ad8f..9cbe5f41 100644 --- a/lib/krb5-wrapper.h +++ b/lib/krb5-wrapper.h @@ -32,11 +32,15 @@ extern "C" { #endif +#if __APPLE__ +#import +#else #include static const gss_OID_desc gss_mech_spnego = { 6, "\x2b\x06\x01\x05\x05\x02" }; +#endif static const gss_OID_desc spnego_mech_krb5 = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"