aboutsummaryrefslogtreecommitdiff
path: root/lib/gssapi
diff options
context:
space:
mode:
authorHiroki Sato <hrs@FreeBSD.org>2018-04-04 04:21:19 +0000
committerHiroki Sato <hrs@FreeBSD.org>2018-04-04 04:21:19 +0000
commitd684f11da759490a8d98d7b790796106285f4084 (patch)
tree27b7356df710fdf1440fe2c23154b8121e99f2ab /lib/gssapi
parentf52d4664e3f68828c06f85bfc1afa271e3e04713 (diff)
Import Heimdal 7.5.0.vendor/heimdal/7.5.0
Notes
Notes: svn path=/vendor-crypto/heimdal/dist/; revision=331978 svn path=/vendor-crypto/heimdal/7.5.0/; revision=331979; tag=vendor/heimdal/7.5.0
Diffstat (limited to 'lib/gssapi')
-rw-r--r--lib/gssapi/Makefile.am35
-rw-r--r--lib/gssapi/Makefile.in1365
-rw-r--r--lib/gssapi/NTMakefile9
-rwxr-xr-xlib/gssapi/gen-oid.pl141
-rw-r--r--lib/gssapi/gss-commands.in2
-rw-r--r--lib/gssapi/gss_acquire_cred.350
-rw-r--r--lib/gssapi/gss_acquire_cred.cat350
-rw-r--r--lib/gssapi/gssapi/gssapi.h82
-rw-r--r--lib/gssapi/gssapi/gssapi_krb5.h4
-rw-r--r--lib/gssapi/gssapi/gssapi_netlogon.h50
-rw-r--r--lib/gssapi/gssapi_mech.h64
-rw-r--r--lib/gssapi/gsstool.c23
-rw-r--r--lib/gssapi/krb5/8003.c2
-rw-r--r--lib/gssapi/krb5/accept_sec_context.c132
-rw-r--r--lib/gssapi/krb5/acquire_cred.c529
-rw-r--r--lib/gssapi/krb5/add_cred.c184
-rw-r--r--lib/gssapi/krb5/aeap.c98
-rw-r--r--lib/gssapi/krb5/arcfour.c650
-rw-r--r--lib/gssapi/krb5/authorize_localname.c2
-rw-r--r--lib/gssapi/krb5/canonicalize_name.c4
-rw-r--r--lib/gssapi/krb5/cfx.c6
-rw-r--r--lib/gssapi/krb5/compare_name.c4
-rw-r--r--lib/gssapi/krb5/context_time.c21
-rw-r--r--lib/gssapi/krb5/copy_ccache.c7
-rw-r--r--lib/gssapi/krb5/creds.c29
-rw-r--r--lib/gssapi/krb5/decapsulate.c3
-rw-r--r--lib/gssapi/krb5/display_name.c2
-rw-r--r--lib/gssapi/krb5/duplicate_name.c2
-rw-r--r--lib/gssapi/krb5/export_name.c2
-rw-r--r--lib/gssapi/krb5/export_sec_context.c12
-rw-r--r--lib/gssapi/krb5/external.c98
-rw-r--r--lib/gssapi/krb5/get_mic.c17
-rw-r--r--lib/gssapi/krb5/gsskrb5-private.h111
-rw-r--r--lib/gssapi/krb5/gsskrb5_locl.h7
-rw-r--r--lib/gssapi/krb5/import_name.c36
-rw-r--r--lib/gssapi/krb5/import_sec_context.c6
-rw-r--r--lib/gssapi/krb5/init_sec_context.c83
-rw-r--r--lib/gssapi/krb5/inquire_context.c4
-rw-r--r--lib/gssapi/krb5/inquire_cred.c257
-rw-r--r--lib/gssapi/krb5/inquire_cred_by_mech.c6
-rw-r--r--lib/gssapi/krb5/inquire_cred_by_oid.c2
-rw-r--r--lib/gssapi/krb5/inquire_mechs_for_name.c2
-rw-r--r--lib/gssapi/krb5/inquire_sec_context_by_oid.c7
-rw-r--r--lib/gssapi/krb5/pname_to_uid.c41
-rw-r--r--lib/gssapi/krb5/prf.c4
-rw-r--r--lib/gssapi/krb5/process_context_token.c2
-rw-r--r--lib/gssapi/krb5/set_sec_context_option.c18
-rw-r--r--lib/gssapi/krb5/store_cred.c83
-rw-r--r--lib/gssapi/krb5/test_acquire_cred.c162
-rw-r--r--lib/gssapi/krb5/test_cfx.c2
-rw-r--r--lib/gssapi/krb5/test_cred.c217
-rw-r--r--lib/gssapi/krb5/test_kcred.c152
-rw-r--r--lib/gssapi/krb5/test_oid.c51
-rw-r--r--lib/gssapi/krb5/unwrap.c17
-rw-r--r--lib/gssapi/krb5/verify_mic.c32
-rw-r--r--lib/gssapi/krb5/wrap.c34
-rw-r--r--lib/gssapi/libgssapi-exports.def3
-rw-r--r--lib/gssapi/mech/compat.h6
-rw-r--r--lib/gssapi/mech/doxygen.c23
-rw-r--r--lib/gssapi/mech/gss_accept_sec_context.c2
-rw-r--r--lib/gssapi/mech/gss_acquire_cred.c2
-rw-r--r--lib/gssapi/mech/gss_acquire_cred_ext.c24
-rw-r--r--lib/gssapi/mech/gss_acquire_cred_with_password.c5
-rw-r--r--lib/gssapi/mech/gss_add_cred.c4
-rw-r--r--lib/gssapi/mech/gss_add_cred_with_password.c4
-rw-r--r--lib/gssapi/mech/gss_aeap.c120
-rw-r--r--lib/gssapi/mech/gss_authorize_localname.c6
-rw-r--r--lib/gssapi/mech/gss_canonicalize_name.c2
-rw-r--r--lib/gssapi/mech/gss_compare_name.c6
-rw-r--r--lib/gssapi/mech/gss_context_time.c2
-rw-r--r--lib/gssapi/mech/gss_delete_sec_context.c4
-rw-r--r--lib/gssapi/mech/gss_display_name.c2
-rw-r--r--lib/gssapi/mech/gss_display_status.c26
-rw-r--r--lib/gssapi/mech/gss_duplicate_name.c2
-rw-r--r--lib/gssapi/mech/gss_export_name.c16
-rw-r--r--lib/gssapi/mech/gss_get_mic.c2
-rw-r--r--lib/gssapi/mech/gss_import_name.c12
-rw-r--r--lib/gssapi/mech/gss_indicate_mechs.c5
-rw-r--r--lib/gssapi/mech/gss_init_sec_context.c17
-rw-r--r--lib/gssapi/mech/gss_inquire_context.c2
-rw-r--r--lib/gssapi/mech/gss_inquire_cred.c2
-rw-r--r--lib/gssapi/mech/gss_inquire_cred_by_mech.c2
-rw-r--r--lib/gssapi/mech/gss_inquire_cred_by_oid.c2
-rw-r--r--lib/gssapi/mech/gss_inquire_mechs_for_name.c2
-rw-r--r--lib/gssapi/mech/gss_inquire_sec_context_by_oid.c2
-rw-r--r--lib/gssapi/mech/gss_mech_switch.c5
-rw-r--r--lib/gssapi/mech/gss_mo.c1
-rw-r--r--lib/gssapi/mech/gss_oid.c56
-rw-r--r--lib/gssapi/mech/gss_pname_to_uid.c174
-rw-r--r--lib/gssapi/mech/gss_process_context_token.c2
-rw-r--r--lib/gssapi/mech/gss_store_cred.c36
-rw-r--r--lib/gssapi/mech/gss_unwrap.c2
-rw-r--r--lib/gssapi/mech/gss_verify_mic.c2
-rw-r--r--lib/gssapi/mech/gss_wrap.c2
-rw-r--r--lib/gssapi/mech/gss_wrap_size_limit.c2
-rw-r--r--lib/gssapi/mech/mech.52
-rw-r--r--lib/gssapi/mech/mech.cat52
-rw-r--r--lib/gssapi/ntlm/accept_sec_context.c2
-rw-r--r--lib/gssapi/ntlm/acquire_cred.c29
-rw-r--r--lib/gssapi/ntlm/add_cred.c4
-rw-r--r--lib/gssapi/ntlm/canonicalize_name.c2
-rw-r--r--lib/gssapi/ntlm/compare_name.c4
-rw-r--r--lib/gssapi/ntlm/context_time.c2
-rw-r--r--lib/gssapi/ntlm/creds.c7
-rw-r--r--lib/gssapi/ntlm/crypto.c28
-rw-r--r--lib/gssapi/ntlm/display_name.c2
-rw-r--r--lib/gssapi/ntlm/duplicate_name.c2
-rw-r--r--lib/gssapi/ntlm/export_name.c2
-rw-r--r--lib/gssapi/ntlm/external.c3
-rw-r--r--lib/gssapi/ntlm/init_sec_context.c77
-rw-r--r--lib/gssapi/ntlm/inquire_context.c2
-rw-r--r--lib/gssapi/ntlm/inquire_cred_by_mech.c2
-rw-r--r--lib/gssapi/ntlm/inquire_mechs_for_name.c2
-rw-r--r--lib/gssapi/ntlm/inquire_sec_context_by_oid.c2
-rw-r--r--lib/gssapi/ntlm/kdc.c10
-rw-r--r--lib/gssapi/ntlm/ntlm-private.h56
-rw-r--r--lib/gssapi/ntlm/process_context_token.c2
-rw-r--r--lib/gssapi/oid.txt142
-rw-r--r--lib/gssapi/spnego/accept_sec_context.c6
-rw-r--r--lib/gssapi/spnego/compat.c2
-rw-r--r--lib/gssapi/spnego/context_stubs.c41
-rw-r--r--lib/gssapi/spnego/cred_stubs.c8
-rw-r--r--lib/gssapi/spnego/external.c17
-rw-r--r--lib/gssapi/spnego/init_sec_context.c12
-rw-r--r--lib/gssapi/spnego/spnego-private.h48
-rw-r--r--lib/gssapi/test_add_store_cred.c179
-rw-r--r--lib/gssapi/test_common.c12
-rw-r--r--lib/gssapi/test_context.c196
-rw-r--r--lib/gssapi/test_cred.c4
-rw-r--r--lib/gssapi/test_ntlm.c14
-rw-r--r--lib/gssapi/version-script.map3
131 files changed, 4638 insertions, 1894 deletions
diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am
index 919799fa80b2..ad88f6bf5939 100644
--- a/lib/gssapi/Makefile.am
+++ b/lib/gssapi/Makefile.am
@@ -12,9 +12,7 @@ AM_CPPFLAGS += \
-I$(srcdir)/ntlm \
-I$(srcdir)/krb5 \
-I$(srcdir)/spnego \
- $(INCLUDE_libintl) \
- $(INCLUDE_hcrypto) \
- $(INCLUDE_krb4)
+ $(INCLUDE_libintl)
lib_LTLIBRARIES = libgssapi.la
@@ -46,7 +44,7 @@ krb5src = \
krb5/external.c \
krb5/get_mic.c \
krb5/gsskrb5_locl.h \
- krb5/gsskrb5-private.h \
+ $(srcdir)/krb5/gsskrb5-private.h \
krb5/import_name.c \
krb5/import_sec_context.c \
krb5/indicate_mechs.c \
@@ -165,7 +163,7 @@ spnegosrc = \
spnego/external.c \
spnego/init_sec_context.c \
spnego/spnego_locl.h \
- spnego/spnego-private.h
+ $(srcdir)/spnego/spnego-private.h
ntlmsrc = \
ntlm/accept_sec_context.c \
@@ -184,7 +182,6 @@ ntlmsrc = \
ntlm/export_sec_context.c \
ntlm/external.c \
ntlm/ntlm.h \
- ntlm/ntlm-private.h \
ntlm/import_name.c \
ntlm/import_sec_context.c \
ntlm/indicate_mechs.c \
@@ -200,7 +197,7 @@ ntlmsrc = \
ntlm/release_name.c \
ntlm/kdc.c
-$(srcdir)/ntlm/ntlm-private.h:
+$(srcdir)/ntlm/ntlm-private.h: $(ntlmsrc)
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
dist_libgssapi_la_SOURCES = \
@@ -235,9 +232,9 @@ man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
include_HEADERS = gssapi.h
noinst_HEADERS = \
gssapi_mech.h \
- ntlm/ntlm-private.h \
- spnego/spnego-private.h \
- krb5/gsskrb5-private.h
+ $(srcdir)/ntlm/ntlm-private.h \
+ $(srcdir)/spnego/spnego-private.h \
+ $(srcdir)/krb5/gsskrb5-private.h
nobase_include_HEADERS = \
gssapi/gssapi.h \
@@ -274,10 +271,13 @@ $(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
+$(libgssapi_la_OBJECTS): gkrb5_err.h
+gkrb5_err.h: $(srcdir)/krb5/gkrb5_err.et
+
CLEANFILES = $(BUILT_SOURCES) \
gkrb5_err.h gkrb5_err.c \
- $(spnego_files) spnego_asn1*.h* spnego_asn1_files spnego_asn1-template.c \
- $(gssapi_files) gssapi_asn1*.h* gssapi_asn1_files gssapi_asn1-template.c \
+ $(spnego_files) spnego_asn1*.h* spnego_asn1_files spnego_asn1-template.[cx] \
+ $(gssapi_files) gssapi_asn1*.h* gssapi_asn1_files gssapi_asn1-template.[cx] \
gss-commands.h gss-commands.c
$(spnego_files) spnego_asn1.hx spnego_asn1-priv.hx: spnego_asn1_files
@@ -304,12 +304,14 @@ test_cfx_SOURCES = krb5/test_cfx.c
check_PROGRAMS = test_acquire_cred $(TESTS)
bin_PROGRAMS = gsstool
-noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm
+noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm test_add_store_cred
test_context_SOURCES = test_context.c test_common.c test_common.h
test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
+test_add_store_cred_SOURCES = test_add_store_cred.c
+
test_ntlm_LDADD = \
$(top_builddir)/lib/ntlm/libheimntlm.la \
$(LDADD)
@@ -339,6 +341,13 @@ EXTRA_DIST = \
libgssapi-version.rc \
libgssapi-exports.def \
$(man_MANS) \
+ gen-oid.pl \
+ gssapi/gssapi_netlogon.h \
+ krb5/test_acquire_cred.c \
+ krb5/test_cred.c \
+ krb5/test_kcred.c \
+ krb5/test_oid.c \
+ oid.txt \
krb5/gkrb5_err.et \
mech/gssapi.asn1 \
spnego/spnego.asn1 \
diff --git a/lib/gssapi/Makefile.in b/lib/gssapi/Makefile.in
index 46499032d33d..5778556cc70c 100644
--- a/lib/gssapi/Makefile.in
+++ b/lib/gssapi/Makefile.in
@@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -24,6 +23,61 @@
VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -42,16 +96,13 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(nobase_include_HEADERS) \
- $(noinst_HEADERS) $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
- $(top_srcdir)/Makefile.am.common \
- $(top_srcdir)/cf/Makefile.am.common ChangeLog
@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
TESTS = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
check_PROGRAMS = test_acquire_cred$(EXEEXT) $(am__EXEEXT_1)
bin_PROGRAMS = gsstool$(EXEEXT)
noinst_PROGRAMS = test_cred$(EXEEXT) test_kcred$(EXEEXT) \
- test_context$(EXEEXT) test_ntlm$(EXEEXT)
+ test_context$(EXEEXT) test_ntlm$(EXEEXT) \
+ test_add_store_cred$(EXEEXT)
subdir = lib/gssapi
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
@@ -67,8 +118,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/check-man.m4 \
$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
$(top_srcdir)/cf/check-type-extra.m4 \
- $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
- $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/crypto.m4 \
$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
$(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \
$(top_srcdir)/cf/find-func-no-libs.m4 \
@@ -81,6 +131,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/cf/krb-bigendian.m4 \
$(top_srcdir)/cf/krb-func-getlogin.m4 \
$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-prog-perl.m4 \
$(top_srcdir)/cf/krb-readline.m4 \
$(top_srcdir)/cf/krb-struct-spwd.m4 \
$(top_srcdir)/cf/krb-struct-winsize.m4 \
@@ -100,6 +151,8 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \
+ $(nobase_include_HEADERS) $(noinst_HEADERS) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/include/config.h
CONFIG_CLEAN_FILES =
@@ -125,6 +178,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
"$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
@@ -222,7 +281,11 @@ am__objects_7 = $(am__objects_5) $(am__objects_6)
nodist_libgssapi_la_OBJECTS = gkrb5_err.lo $(am__objects_7)
libgssapi_la_OBJECTS = $(dist_libgssapi_la_OBJECTS) \
$(nodist_libgssapi_la_OBJECTS)
-libgssapi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libgssapi_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libgssapi_la_LDFLAGS) $(LDFLAGS) -o $@
am__EXEEXT_1 = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
@@ -239,6 +302,11 @@ test_acquire_cred_OBJECTS = $(am_test_acquire_cred_OBJECTS)
test_acquire_cred_LDADD = $(LDADD)
test_acquire_cred_DEPENDENCIES = libgssapi.la \
$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+am_test_add_store_cred_OBJECTS = test_add_store_cred.$(OBJEXT)
+test_add_store_cred_OBJECTS = $(am_test_add_store_cred_OBJECTS)
+test_add_store_cred_LDADD = $(LDADD)
+test_add_store_cred_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
am_test_cfx_OBJECTS = krb5/test_cfx.$(OBJEXT)
test_cfx_OBJECTS = $(am_test_cfx_OBJECTS)
test_cfx_LDADD = $(LDADD)
@@ -275,41 +343,265 @@ test_oid_OBJECTS = test_oid.$(OBJEXT)
test_oid_LDADD = $(LDADD)
test_oid_DEPENDENCIES = libgssapi.la \
$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
SOURCES = $(dist_libgssapi_la_SOURCES) $(nodist_libgssapi_la_SOURCES) \
$(dist_gsstool_SOURCES) $(nodist_gsstool_SOURCES) \
- $(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
- $(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
- $(test_ntlm_SOURCES) test_oid.c
+ $(test_acquire_cred_SOURCES) $(test_add_store_cred_SOURCES) \
+ $(test_cfx_SOURCES) $(test_context_SOURCES) test_cred.c \
+ test_kcred.c test_names.c $(test_ntlm_SOURCES) test_oid.c
DIST_SOURCES = $(dist_libgssapi_la_SOURCES) $(dist_gsstool_SOURCES) \
- $(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
- $(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
- $(test_ntlm_SOURCES) test_oid.c
+ $(test_acquire_cred_SOURCES) $(test_add_store_cred_SOURCES) \
+ $(test_cfx_SOURCES) $(test_context_SOURCES) test_cred.c \
+ test_kcred.c test_names.c $(test_ntlm_SOURCES) test_oid.c
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
man3dir = $(mandir)/man3
man5dir = $(mandir)/man5
MANS = $(man_MANS)
HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \
$(nodist_gssapi_HEADERS) $(noinst_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-am__tty_colors = \
-red=; grn=; lgn=; blu=; std=
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
+am__recheck_rx = ^[ ]*:recheck:[ ]*
+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+ recheck = 1; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ { \
+ if ((getline line2 < ($$0 ".log")) < 0) \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+ { \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+ { \
+ break; \
+ } \
+ }; \
+ if (recheck) \
+ print $$0; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+ print "fatal: making $@: " msg | "cat >&2"; \
+ exit 1; \
+} \
+function rst_section(header) \
+{ \
+ print header; \
+ len = length(header); \
+ for (i = 1; i <= len; i = i + 1) \
+ printf "="; \
+ printf "\n\n"; \
+} \
+{ \
+ copy_in_global_log = 1; \
+ global_test_result = "RUN"; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".trs"); \
+ if (line ~ /$(am__global_test_result_rx)/) \
+ { \
+ sub("$(am__global_test_result_rx)", "", line); \
+ sub("[ ]*$$", "", line); \
+ global_test_result = line; \
+ } \
+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+ copy_in_global_log = 0; \
+ }; \
+ if (copy_in_global_log) \
+ { \
+ rst_section(global_test_result ": " $$0); \
+ while ((rc = (getline line < ($$0 ".log"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".log"); \
+ print line; \
+ }; \
+ printf "\n"; \
+ }; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+ --color-tests "$$am__color_tests" \
+ --enable-hard-errors "$$am__enable_hard_errors" \
+ --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test. Creates the
+# directory for the log if needed. Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log. Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup); \
+$(am__vpath_adj_setup) $(am__vpath_adj) \
+$(am__tty_colors); \
+srcdir=$(srcdir); export srcdir; \
+case "$@" in \
+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
+ *) am__odir=.;; \
+esac; \
+test "x$$am__odir" = x"." || test -d "$$am__odir" \
+ || $(MKDIR_P) "$$am__odir" || exit $$?; \
+if test -f "./$$f"; then dir=./; \
+elif test -f "$$f"; then dir=; \
+else dir="$(srcdir)/"; fi; \
+tst=$$dir$$f; log='$@'; \
+if test -n '$(DISABLE_HARD_ERRORS)'; then \
+ am__enable_hard_errors=no; \
+else \
+ am__enable_hard_errors=yes; \
+fi; \
+case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
+ am__expect_failure=yes;; \
+ *) \
+ am__expect_failure=no;; \
+esac; \
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed). The result is saved in the shell variable
+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+ bases='$(TEST_LOGS)'; \
+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+ bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+ case '$@' in \
+ */*) \
+ case '$*' in \
+ */*) b='$*';; \
+ *) b=`echo '$@' | sed 's/\.log$$//'`; \
+ esac;; \
+ *) \
+ b='$*';; \
+ esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+ $(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/depcomp \
+ $(top_srcdir)/test-driver ChangeLog
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
+AS = @AS@
ASN1_COMPILE = @ASN1_COMPILE@
ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@
AUTOCONF = @AUTOCONF@
@@ -328,12 +620,12 @@ COMPILE_ET = @COMPILE_ET@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
+DB1LIB = @DB1LIB@
+DB3LIB = @DB3LIB@
DBHEADER = @DBHEADER@
-DBLIB = @DBLIB@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
DIR_hdbdir = @DIR_hdbdir@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
@@ -343,17 +635,17 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ENABLE_AFS_STRING_TO_KEY = @ENABLE_AFS_STRING_TO_KEY@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCD_MIG = @GCD_MIG@
GREP = @GREP@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
INCLUDE_libedit = @INCLUDE_libedit@
INCLUDE_libintl = @INCLUDE_libintl@
INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_openssl_crypto = @INCLUDE_openssl_crypto@
INCLUDE_readline = @INCLUDE_readline@
INCLUDE_sqlite3 = @INCLUDE_sqlite3@
INSTALL = @INSTALL@
@@ -372,12 +664,9 @@ LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
LIB_bswap16 = @LIB_bswap16@
LIB_bswap32 = @LIB_bswap32@
+LIB_bswap64 = @LIB_bswap64@
LIB_com_err = @LIB_com_err@
LIB_com_err_a = @LIB_com_err_a@
LIB_com_err_so = @LIB_com_err_so@
@@ -386,6 +675,7 @@ LIB_db_create = @LIB_db_create@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dispatch_async_f = @LIB_dispatch_async_f@
+LIB_dladdr = @LIB_dladdr@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_dns_search = @LIB_dns_search@
@@ -402,10 +692,8 @@ LIB_hcrypto = @LIB_hcrypto@
LIB_hcrypto_a = @LIB_hcrypto_a@
LIB_hcrypto_appl = @LIB_hcrypto_appl@
LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
LIB_hstrerror = @LIB_hstrerror@
LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
LIB_libedit = @LIB_libedit@
LIB_libintl = @LIB_libintl@
LIB_loadquery = @LIB_loadquery@
@@ -413,6 +701,7 @@ LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_openldap = @LIB_openldap@
LIB_openpty = @LIB_openpty@
+LIB_openssl_crypto = @LIB_openssl_crypto@
LIB_otp = @LIB_otp@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
@@ -427,12 +716,15 @@ LIB_sqlite3 = @LIB_sqlite3@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIPO = @LIPO@
+LMDBLIB = @LMDBLIB@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
+NDBMLIB = @NDBMLIB@
NM = @NM@
NMEDIT = @NMEDIT@
NO_AFS = @NO_AFS@
@@ -449,6 +741,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LDADD = @PTHREAD_LDADD@
@@ -463,13 +756,7 @@ STRIP = @STRIP@
VERSION = @VERSION@
VERSIONING = @VERSIONING@
WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
+WFLAGS_LITE = @WFLAGS_LITE@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
@@ -493,6 +780,8 @@ build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
+db_type = @db_type@
+db_type_preference = @db_type_preference@
docdir = @docdir@
dpagaix_cflags = @dpagaix_cflags@
dpagaix_ldadd = @dpagaix_ldadd@
@@ -528,32 +817,39 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+SUFFIXES = .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 \
+ .cat5 .cat7 .cat8
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include
AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/../krb5 -I$(srcdir) \
-I$(srcdir)/gssapi -I$(srcdir)/mech -I$(srcdir)/ntlm \
- -I$(srcdir)/krb5 -I$(srcdir)/spnego $(INCLUDE_libintl) \
- $(INCLUDE_hcrypto) $(INCLUDE_krb4)
+ -I$(srcdir)/krb5 -I$(srcdir)/spnego $(INCLUDE_libintl)
@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
AM_CFLAGS = $(WFLAGS)
CP = cp
buildinclude = $(top_builddir)/include
+LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
libexec_heimdaldir = $(libexecdir)/heimdal
NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@NO_AFS_FALSE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@NO_AFS_TRUE@LIB_kafs =
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-LIB_heimbase = $(top_builddir)/base/libheimbase.la
+LIB_heimbase = $(top_builddir)/lib/base/libheimbase.la
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+
+#silent-rules
+heim_verbose = $(heim_verbose_$(V))
+heim_verbose_ = $(heim_verbose_$(AM_DEFAULT_VERBOSITY))
+heim_verbose_0 = @echo " GEN "$@;
AUTOMAKE_OPTIONS = subdir-objects
lib_LTLIBRARIES = libgssapi.la
krb5src = \
@@ -584,7 +880,7 @@ krb5src = \
krb5/external.c \
krb5/get_mic.c \
krb5/gsskrb5_locl.h \
- krb5/gsskrb5-private.h \
+ $(srcdir)/krb5/gsskrb5-private.h \
krb5/import_name.c \
krb5/import_sec_context.c \
krb5/indicate_mechs.c \
@@ -703,7 +999,7 @@ spnegosrc = \
spnego/external.c \
spnego/init_sec_context.c \
spnego/spnego_locl.h \
- spnego/spnego-private.h
+ $(srcdir)/spnego/spnego-private.h
ntlmsrc = \
ntlm/accept_sec_context.c \
@@ -722,7 +1018,6 @@ ntlmsrc = \
ntlm/export_sec_context.c \
ntlm/external.c \
ntlm/ntlm.h \
- ntlm/ntlm-private.h \
ntlm/import_name.c \
ntlm/import_sec_context.c \
ntlm/indicate_mechs.c \
@@ -763,9 +1058,9 @@ man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
include_HEADERS = gssapi.h
noinst_HEADERS = \
gssapi_mech.h \
- ntlm/ntlm-private.h \
- spnego/spnego-private.h \
- krb5/gsskrb5-private.h
+ $(srcdir)/ntlm/ntlm-private.h \
+ $(srcdir)/spnego/spnego-private.h \
+ $(srcdir)/krb5/gsskrb5-private.h
nobase_include_HEADERS = \
gssapi/gssapi.h \
@@ -796,8 +1091,8 @@ BUILTHEADERS = \
BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
CLEANFILES = $(BUILT_SOURCES) \
gkrb5_err.h gkrb5_err.c \
- $(spnego_files) spnego_asn1*.h* spnego_asn1_files spnego_asn1-template.c \
- $(gssapi_files) gssapi_asn1*.h* gssapi_asn1_files gssapi_asn1-template.c \
+ $(spnego_files) spnego_asn1*.h* spnego_asn1_files spnego_asn1-template.[cx] \
+ $(gssapi_files) gssapi_asn1*.h* gssapi_asn1_files gssapi_asn1-template.[cx] \
gss-commands.h gss-commands.c
# test_sequence
@@ -805,6 +1100,7 @@ test_cfx_SOURCES = krb5/test_cfx.c
test_context_SOURCES = test_context.c test_common.c test_common.h
test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
+test_add_store_cred_SOURCES = test_add_store_cred.c
test_ntlm_LDADD = \
$(top_builddir)/lib/ntlm/libheimntlm.la \
$(LDADD)
@@ -828,6 +1124,13 @@ EXTRA_DIST = \
libgssapi-version.rc \
libgssapi-exports.def \
$(man_MANS) \
+ gen-oid.pl \
+ gssapi/gssapi_netlogon.h \
+ krb5/test_acquire_cred.c \
+ krb5/test_cred.c \
+ krb5/test_kcred.c \
+ krb5/test_oid.c \
+ oid.txt \
krb5/gkrb5_err.et \
mech/gssapi.asn1 \
spnego/spnego.asn1 \
@@ -839,7 +1142,7 @@ all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES:
-.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+.SUFFIXES: .et .h .pc.in .pc .x .z .hx .1 .3 .5 .7 .8 .cat1 .cat3 .cat5 .cat7 .cat8 .c .lo .log .o .obj .test .test$(EXEEXT) .trs
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -852,7 +1155,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/gssapi/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign lib/gssapi/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -861,6 +1163,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
+$(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
@@ -870,9 +1173,9 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
- test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
@@ -880,6 +1183,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES)
else :; fi; \
done; \
test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
}
@@ -895,12 +1200,14 @@ uninstall-libLTLIBRARIES:
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
- @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
- test "$$dir" != "$$p" || dir=.; \
- echo "rm -f \"$${dir}/so_locations\""; \
- rm -f "$${dir}/so_locations"; \
- done
+ @list='$(lib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
krb5/$(am__dirstamp):
@$(MKDIR_P) krb5
@: > krb5/$(am__dirstamp)
@@ -1211,18 +1518,24 @@ spnego/external.lo: spnego/$(am__dirstamp) \
spnego/$(DEPDIR)/$(am__dirstamp)
spnego/init_sec_context.lo: spnego/$(am__dirstamp) \
spnego/$(DEPDIR)/$(am__dirstamp)
-libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES)
- $(libgssapi_la_LINK) -rpath $(libdir) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
+
+libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) $(EXTRA_libgssapi_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libgssapi_la_LINK) -rpath $(libdir) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+ fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p || test -f $$p1; \
- then echo "$$p"; echo "$$p"; else :; fi; \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
done | \
- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
-e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
@@ -1243,7 +1556,8 @@ uninstall-binPROGRAMS:
@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' `; \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
test -n "$$list" || exit 0; \
echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(bindir)" && rm -f $$files
@@ -1274,357 +1588,59 @@ clean-noinstPROGRAMS:
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
-gsstool$(EXEEXT): $(gsstool_OBJECTS) $(gsstool_DEPENDENCIES)
+
+gsstool$(EXEEXT): $(gsstool_OBJECTS) $(gsstool_DEPENDENCIES) $(EXTRA_gsstool_DEPENDENCIES)
@rm -f gsstool$(EXEEXT)
- $(LINK) $(gsstool_OBJECTS) $(gsstool_LDADD) $(LIBS)
-test_acquire_cred$(EXEEXT): $(test_acquire_cred_OBJECTS) $(test_acquire_cred_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(gsstool_OBJECTS) $(gsstool_LDADD) $(LIBS)
+
+test_acquire_cred$(EXEEXT): $(test_acquire_cred_OBJECTS) $(test_acquire_cred_DEPENDENCIES) $(EXTRA_test_acquire_cred_DEPENDENCIES)
@rm -f test_acquire_cred$(EXEEXT)
- $(LINK) $(test_acquire_cred_OBJECTS) $(test_acquire_cred_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) $(test_acquire_cred_OBJECTS) $(test_acquire_cred_LDADD) $(LIBS)
+
+test_add_store_cred$(EXEEXT): $(test_add_store_cred_OBJECTS) $(test_add_store_cred_DEPENDENCIES) $(EXTRA_test_add_store_cred_DEPENDENCIES)
+ @rm -f test_add_store_cred$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(test_add_store_cred_OBJECTS) $(test_add_store_cred_LDADD) $(LIBS)
krb5/test_cfx.$(OBJEXT): krb5/$(am__dirstamp) \
krb5/$(DEPDIR)/$(am__dirstamp)
-test_cfx$(EXEEXT): $(test_cfx_OBJECTS) $(test_cfx_DEPENDENCIES)
+
+test_cfx$(EXEEXT): $(test_cfx_OBJECTS) $(test_cfx_DEPENDENCIES) $(EXTRA_test_cfx_DEPENDENCIES)
@rm -f test_cfx$(EXEEXT)
- $(LINK) $(test_cfx_OBJECTS) $(test_cfx_LDADD) $(LIBS)
-test_context$(EXEEXT): $(test_context_OBJECTS) $(test_context_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(test_cfx_OBJECTS) $(test_cfx_LDADD) $(LIBS)
+
+test_context$(EXEEXT): $(test_context_OBJECTS) $(test_context_DEPENDENCIES) $(EXTRA_test_context_DEPENDENCIES)
@rm -f test_context$(EXEEXT)
- $(LINK) $(test_context_OBJECTS) $(test_context_LDADD) $(LIBS)
-test_cred$(EXEEXT): $(test_cred_OBJECTS) $(test_cred_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(test_context_OBJECTS) $(test_context_LDADD) $(LIBS)
+
+test_cred$(EXEEXT): $(test_cred_OBJECTS) $(test_cred_DEPENDENCIES) $(EXTRA_test_cred_DEPENDENCIES)
@rm -f test_cred$(EXEEXT)
- $(LINK) $(test_cred_OBJECTS) $(test_cred_LDADD) $(LIBS)
-test_kcred$(EXEEXT): $(test_kcred_OBJECTS) $(test_kcred_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(test_cred_OBJECTS) $(test_cred_LDADD) $(LIBS)
+
+test_kcred$(EXEEXT): $(test_kcred_OBJECTS) $(test_kcred_DEPENDENCIES) $(EXTRA_test_kcred_DEPENDENCIES)
@rm -f test_kcred$(EXEEXT)
- $(LINK) $(test_kcred_OBJECTS) $(test_kcred_LDADD) $(LIBS)
-test_names$(EXEEXT): $(test_names_OBJECTS) $(test_names_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(test_kcred_OBJECTS) $(test_kcred_LDADD) $(LIBS)
+
+test_names$(EXEEXT): $(test_names_OBJECTS) $(test_names_DEPENDENCIES) $(EXTRA_test_names_DEPENDENCIES)
@rm -f test_names$(EXEEXT)
- $(LINK) $(test_names_OBJECTS) $(test_names_LDADD) $(LIBS)
-test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(test_names_OBJECTS) $(test_names_LDADD) $(LIBS)
+
+test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES) $(EXTRA_test_ntlm_DEPENDENCIES)
@rm -f test_ntlm$(EXEEXT)
- $(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
-test_oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
+
+test_oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES) $(EXTRA_test_oid_DEPENDENCIES)
@rm -f test_oid$(EXEEXT)
- $(LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
- -rm -f krb5/8003.$(OBJEXT)
- -rm -f krb5/8003.lo
- -rm -f krb5/accept_sec_context.$(OBJEXT)
- -rm -f krb5/accept_sec_context.lo
- -rm -f krb5/acquire_cred.$(OBJEXT)
- -rm -f krb5/acquire_cred.lo
- -rm -f krb5/add_cred.$(OBJEXT)
- -rm -f krb5/add_cred.lo
- -rm -f krb5/address_to_krb5addr.$(OBJEXT)
- -rm -f krb5/address_to_krb5addr.lo
- -rm -f krb5/aeap.$(OBJEXT)
- -rm -f krb5/aeap.lo
- -rm -f krb5/arcfour.$(OBJEXT)
- -rm -f krb5/arcfour.lo
- -rm -f krb5/authorize_localname.$(OBJEXT)
- -rm -f krb5/authorize_localname.lo
- -rm -f krb5/canonicalize_name.$(OBJEXT)
- -rm -f krb5/canonicalize_name.lo
- -rm -f krb5/ccache_name.$(OBJEXT)
- -rm -f krb5/ccache_name.lo
- -rm -f krb5/cfx.$(OBJEXT)
- -rm -f krb5/cfx.lo
- -rm -f krb5/compare_name.$(OBJEXT)
- -rm -f krb5/compare_name.lo
- -rm -f krb5/compat.$(OBJEXT)
- -rm -f krb5/compat.lo
- -rm -f krb5/context_time.$(OBJEXT)
- -rm -f krb5/context_time.lo
- -rm -f krb5/copy_ccache.$(OBJEXT)
- -rm -f krb5/copy_ccache.lo
- -rm -f krb5/creds.$(OBJEXT)
- -rm -f krb5/creds.lo
- -rm -f krb5/decapsulate.$(OBJEXT)
- -rm -f krb5/decapsulate.lo
- -rm -f krb5/delete_sec_context.$(OBJEXT)
- -rm -f krb5/delete_sec_context.lo
- -rm -f krb5/display_name.$(OBJEXT)
- -rm -f krb5/display_name.lo
- -rm -f krb5/display_status.$(OBJEXT)
- -rm -f krb5/display_status.lo
- -rm -f krb5/duplicate_name.$(OBJEXT)
- -rm -f krb5/duplicate_name.lo
- -rm -f krb5/encapsulate.$(OBJEXT)
- -rm -f krb5/encapsulate.lo
- -rm -f krb5/export_name.$(OBJEXT)
- -rm -f krb5/export_name.lo
- -rm -f krb5/export_sec_context.$(OBJEXT)
- -rm -f krb5/export_sec_context.lo
- -rm -f krb5/external.$(OBJEXT)
- -rm -f krb5/external.lo
- -rm -f krb5/get_mic.$(OBJEXT)
- -rm -f krb5/get_mic.lo
- -rm -f krb5/import_name.$(OBJEXT)
- -rm -f krb5/import_name.lo
- -rm -f krb5/import_sec_context.$(OBJEXT)
- -rm -f krb5/import_sec_context.lo
- -rm -f krb5/indicate_mechs.$(OBJEXT)
- -rm -f krb5/indicate_mechs.lo
- -rm -f krb5/init.$(OBJEXT)
- -rm -f krb5/init.lo
- -rm -f krb5/init_sec_context.$(OBJEXT)
- -rm -f krb5/init_sec_context.lo
- -rm -f krb5/inquire_context.$(OBJEXT)
- -rm -f krb5/inquire_context.lo
- -rm -f krb5/inquire_cred.$(OBJEXT)
- -rm -f krb5/inquire_cred.lo
- -rm -f krb5/inquire_cred_by_mech.$(OBJEXT)
- -rm -f krb5/inquire_cred_by_mech.lo
- -rm -f krb5/inquire_cred_by_oid.$(OBJEXT)
- -rm -f krb5/inquire_cred_by_oid.lo
- -rm -f krb5/inquire_mechs_for_name.$(OBJEXT)
- -rm -f krb5/inquire_mechs_for_name.lo
- -rm -f krb5/inquire_names_for_mech.$(OBJEXT)
- -rm -f krb5/inquire_names_for_mech.lo
- -rm -f krb5/inquire_sec_context_by_oid.$(OBJEXT)
- -rm -f krb5/inquire_sec_context_by_oid.lo
- -rm -f krb5/pname_to_uid.$(OBJEXT)
- -rm -f krb5/pname_to_uid.lo
- -rm -f krb5/prf.$(OBJEXT)
- -rm -f krb5/prf.lo
- -rm -f krb5/process_context_token.$(OBJEXT)
- -rm -f krb5/process_context_token.lo
- -rm -f krb5/release_buffer.$(OBJEXT)
- -rm -f krb5/release_buffer.lo
- -rm -f krb5/release_cred.$(OBJEXT)
- -rm -f krb5/release_cred.lo
- -rm -f krb5/release_name.$(OBJEXT)
- -rm -f krb5/release_name.lo
- -rm -f krb5/sequence.$(OBJEXT)
- -rm -f krb5/sequence.lo
- -rm -f krb5/set_cred_option.$(OBJEXT)
- -rm -f krb5/set_cred_option.lo
- -rm -f krb5/set_sec_context_option.$(OBJEXT)
- -rm -f krb5/set_sec_context_option.lo
- -rm -f krb5/store_cred.$(OBJEXT)
- -rm -f krb5/store_cred.lo
- -rm -f krb5/test_cfx.$(OBJEXT)
- -rm -f krb5/ticket_flags.$(OBJEXT)
- -rm -f krb5/ticket_flags.lo
- -rm -f krb5/unwrap.$(OBJEXT)
- -rm -f krb5/unwrap.lo
- -rm -f krb5/verify_mic.$(OBJEXT)
- -rm -f krb5/verify_mic.lo
- -rm -f krb5/wrap.$(OBJEXT)
- -rm -f krb5/wrap.lo
- -rm -f mech/context.$(OBJEXT)
- -rm -f mech/context.lo
- -rm -f mech/doxygen.$(OBJEXT)
- -rm -f mech/doxygen.lo
- -rm -f mech/gss_accept_sec_context.$(OBJEXT)
- -rm -f mech/gss_accept_sec_context.lo
- -rm -f mech/gss_acquire_cred.$(OBJEXT)
- -rm -f mech/gss_acquire_cred.lo
- -rm -f mech/gss_acquire_cred_ext.$(OBJEXT)
- -rm -f mech/gss_acquire_cred_ext.lo
- -rm -f mech/gss_acquire_cred_with_password.$(OBJEXT)
- -rm -f mech/gss_acquire_cred_with_password.lo
- -rm -f mech/gss_add_cred.$(OBJEXT)
- -rm -f mech/gss_add_cred.lo
- -rm -f mech/gss_add_cred_with_password.$(OBJEXT)
- -rm -f mech/gss_add_cred_with_password.lo
- -rm -f mech/gss_add_oid_set_member.$(OBJEXT)
- -rm -f mech/gss_add_oid_set_member.lo
- -rm -f mech/gss_aeap.$(OBJEXT)
- -rm -f mech/gss_aeap.lo
- -rm -f mech/gss_authorize_localname.$(OBJEXT)
- -rm -f mech/gss_authorize_localname.lo
- -rm -f mech/gss_buffer_set.$(OBJEXT)
- -rm -f mech/gss_buffer_set.lo
- -rm -f mech/gss_canonicalize_name.$(OBJEXT)
- -rm -f mech/gss_canonicalize_name.lo
- -rm -f mech/gss_compare_name.$(OBJEXT)
- -rm -f mech/gss_compare_name.lo
- -rm -f mech/gss_context_time.$(OBJEXT)
- -rm -f mech/gss_context_time.lo
- -rm -f mech/gss_create_empty_oid_set.$(OBJEXT)
- -rm -f mech/gss_create_empty_oid_set.lo
- -rm -f mech/gss_cred.$(OBJEXT)
- -rm -f mech/gss_cred.lo
- -rm -f mech/gss_decapsulate_token.$(OBJEXT)
- -rm -f mech/gss_decapsulate_token.lo
- -rm -f mech/gss_delete_name_attribute.$(OBJEXT)
- -rm -f mech/gss_delete_name_attribute.lo
- -rm -f mech/gss_delete_sec_context.$(OBJEXT)
- -rm -f mech/gss_delete_sec_context.lo
- -rm -f mech/gss_display_name.$(OBJEXT)
- -rm -f mech/gss_display_name.lo
- -rm -f mech/gss_display_name_ext.$(OBJEXT)
- -rm -f mech/gss_display_name_ext.lo
- -rm -f mech/gss_display_status.$(OBJEXT)
- -rm -f mech/gss_display_status.lo
- -rm -f mech/gss_duplicate_name.$(OBJEXT)
- -rm -f mech/gss_duplicate_name.lo
- -rm -f mech/gss_duplicate_oid.$(OBJEXT)
- -rm -f mech/gss_duplicate_oid.lo
- -rm -f mech/gss_encapsulate_token.$(OBJEXT)
- -rm -f mech/gss_encapsulate_token.lo
- -rm -f mech/gss_export_name.$(OBJEXT)
- -rm -f mech/gss_export_name.lo
- -rm -f mech/gss_export_name_composite.$(OBJEXT)
- -rm -f mech/gss_export_name_composite.lo
- -rm -f mech/gss_export_sec_context.$(OBJEXT)
- -rm -f mech/gss_export_sec_context.lo
- -rm -f mech/gss_get_mic.$(OBJEXT)
- -rm -f mech/gss_get_mic.lo
- -rm -f mech/gss_get_name_attribute.$(OBJEXT)
- -rm -f mech/gss_get_name_attribute.lo
- -rm -f mech/gss_import_name.$(OBJEXT)
- -rm -f mech/gss_import_name.lo
- -rm -f mech/gss_import_sec_context.$(OBJEXT)
- -rm -f mech/gss_import_sec_context.lo
- -rm -f mech/gss_indicate_mechs.$(OBJEXT)
- -rm -f mech/gss_indicate_mechs.lo
- -rm -f mech/gss_init_sec_context.$(OBJEXT)
- -rm -f mech/gss_init_sec_context.lo
- -rm -f mech/gss_inquire_context.$(OBJEXT)
- -rm -f mech/gss_inquire_context.lo
- -rm -f mech/gss_inquire_cred.$(OBJEXT)
- -rm -f mech/gss_inquire_cred.lo
- -rm -f mech/gss_inquire_cred_by_mech.$(OBJEXT)
- -rm -f mech/gss_inquire_cred_by_mech.lo
- -rm -f mech/gss_inquire_cred_by_oid.$(OBJEXT)
- -rm -f mech/gss_inquire_cred_by_oid.lo
- -rm -f mech/gss_inquire_mechs_for_name.$(OBJEXT)
- -rm -f mech/gss_inquire_mechs_for_name.lo
- -rm -f mech/gss_inquire_name.$(OBJEXT)
- -rm -f mech/gss_inquire_name.lo
- -rm -f mech/gss_inquire_names_for_mech.$(OBJEXT)
- -rm -f mech/gss_inquire_names_for_mech.lo
- -rm -f mech/gss_inquire_sec_context_by_oid.$(OBJEXT)
- -rm -f mech/gss_inquire_sec_context_by_oid.lo
- -rm -f mech/gss_krb5.$(OBJEXT)
- -rm -f mech/gss_krb5.lo
- -rm -f mech/gss_mech_switch.$(OBJEXT)
- -rm -f mech/gss_mech_switch.lo
- -rm -f mech/gss_mo.$(OBJEXT)
- -rm -f mech/gss_mo.lo
- -rm -f mech/gss_names.$(OBJEXT)
- -rm -f mech/gss_names.lo
- -rm -f mech/gss_oid.$(OBJEXT)
- -rm -f mech/gss_oid.lo
- -rm -f mech/gss_oid_equal.$(OBJEXT)
- -rm -f mech/gss_oid_equal.lo
- -rm -f mech/gss_oid_to_str.$(OBJEXT)
- -rm -f mech/gss_oid_to_str.lo
- -rm -f mech/gss_pname_to_uid.$(OBJEXT)
- -rm -f mech/gss_pname_to_uid.lo
- -rm -f mech/gss_process_context_token.$(OBJEXT)
- -rm -f mech/gss_process_context_token.lo
- -rm -f mech/gss_pseudo_random.$(OBJEXT)
- -rm -f mech/gss_pseudo_random.lo
- -rm -f mech/gss_release_buffer.$(OBJEXT)
- -rm -f mech/gss_release_buffer.lo
- -rm -f mech/gss_release_cred.$(OBJEXT)
- -rm -f mech/gss_release_cred.lo
- -rm -f mech/gss_release_name.$(OBJEXT)
- -rm -f mech/gss_release_name.lo
- -rm -f mech/gss_release_oid.$(OBJEXT)
- -rm -f mech/gss_release_oid.lo
- -rm -f mech/gss_release_oid_set.$(OBJEXT)
- -rm -f mech/gss_release_oid_set.lo
- -rm -f mech/gss_seal.$(OBJEXT)
- -rm -f mech/gss_seal.lo
- -rm -f mech/gss_set_cred_option.$(OBJEXT)
- -rm -f mech/gss_set_cred_option.lo
- -rm -f mech/gss_set_name_attribute.$(OBJEXT)
- -rm -f mech/gss_set_name_attribute.lo
- -rm -f mech/gss_set_sec_context_option.$(OBJEXT)
- -rm -f mech/gss_set_sec_context_option.lo
- -rm -f mech/gss_sign.$(OBJEXT)
- -rm -f mech/gss_sign.lo
- -rm -f mech/gss_store_cred.$(OBJEXT)
- -rm -f mech/gss_store_cred.lo
- -rm -f mech/gss_test_oid_set_member.$(OBJEXT)
- -rm -f mech/gss_test_oid_set_member.lo
- -rm -f mech/gss_unseal.$(OBJEXT)
- -rm -f mech/gss_unseal.lo
- -rm -f mech/gss_unwrap.$(OBJEXT)
- -rm -f mech/gss_unwrap.lo
- -rm -f mech/gss_utils.$(OBJEXT)
- -rm -f mech/gss_utils.lo
- -rm -f mech/gss_verify.$(OBJEXT)
- -rm -f mech/gss_verify.lo
- -rm -f mech/gss_verify_mic.$(OBJEXT)
- -rm -f mech/gss_verify_mic.lo
- -rm -f mech/gss_wrap.$(OBJEXT)
- -rm -f mech/gss_wrap.lo
- -rm -f mech/gss_wrap_size_limit.$(OBJEXT)
- -rm -f mech/gss_wrap_size_limit.lo
- -rm -f ntlm/accept_sec_context.$(OBJEXT)
- -rm -f ntlm/accept_sec_context.lo
- -rm -f ntlm/acquire_cred.$(OBJEXT)
- -rm -f ntlm/acquire_cred.lo
- -rm -f ntlm/add_cred.$(OBJEXT)
- -rm -f ntlm/add_cred.lo
- -rm -f ntlm/canonicalize_name.$(OBJEXT)
- -rm -f ntlm/canonicalize_name.lo
- -rm -f ntlm/compare_name.$(OBJEXT)
- -rm -f ntlm/compare_name.lo
- -rm -f ntlm/context_time.$(OBJEXT)
- -rm -f ntlm/context_time.lo
- -rm -f ntlm/creds.$(OBJEXT)
- -rm -f ntlm/creds.lo
- -rm -f ntlm/crypto.$(OBJEXT)
- -rm -f ntlm/crypto.lo
- -rm -f ntlm/delete_sec_context.$(OBJEXT)
- -rm -f ntlm/delete_sec_context.lo
- -rm -f ntlm/display_name.$(OBJEXT)
- -rm -f ntlm/display_name.lo
- -rm -f ntlm/display_status.$(OBJEXT)
- -rm -f ntlm/display_status.lo
- -rm -f ntlm/duplicate_name.$(OBJEXT)
- -rm -f ntlm/duplicate_name.lo
- -rm -f ntlm/export_name.$(OBJEXT)
- -rm -f ntlm/export_name.lo
- -rm -f ntlm/export_sec_context.$(OBJEXT)
- -rm -f ntlm/export_sec_context.lo
- -rm -f ntlm/external.$(OBJEXT)
- -rm -f ntlm/external.lo
- -rm -f ntlm/import_name.$(OBJEXT)
- -rm -f ntlm/import_name.lo
- -rm -f ntlm/import_sec_context.$(OBJEXT)
- -rm -f ntlm/import_sec_context.lo
- -rm -f ntlm/indicate_mechs.$(OBJEXT)
- -rm -f ntlm/indicate_mechs.lo
- -rm -f ntlm/init_sec_context.$(OBJEXT)
- -rm -f ntlm/init_sec_context.lo
- -rm -f ntlm/inquire_context.$(OBJEXT)
- -rm -f ntlm/inquire_context.lo
- -rm -f ntlm/inquire_cred_by_mech.$(OBJEXT)
- -rm -f ntlm/inquire_cred_by_mech.lo
- -rm -f ntlm/inquire_mechs_for_name.$(OBJEXT)
- -rm -f ntlm/inquire_mechs_for_name.lo
- -rm -f ntlm/inquire_names_for_mech.$(OBJEXT)
- -rm -f ntlm/inquire_names_for_mech.lo
- -rm -f ntlm/inquire_sec_context_by_oid.$(OBJEXT)
- -rm -f ntlm/inquire_sec_context_by_oid.lo
- -rm -f ntlm/iter_cred.$(OBJEXT)
- -rm -f ntlm/iter_cred.lo
- -rm -f ntlm/kdc.$(OBJEXT)
- -rm -f ntlm/kdc.lo
- -rm -f ntlm/process_context_token.$(OBJEXT)
- -rm -f ntlm/process_context_token.lo
- -rm -f ntlm/release_cred.$(OBJEXT)
- -rm -f ntlm/release_cred.lo
- -rm -f ntlm/release_name.$(OBJEXT)
- -rm -f ntlm/release_name.lo
- -rm -f spnego/accept_sec_context.$(OBJEXT)
- -rm -f spnego/accept_sec_context.lo
- -rm -f spnego/compat.$(OBJEXT)
- -rm -f spnego/compat.lo
- -rm -f spnego/context_stubs.$(OBJEXT)
- -rm -f spnego/context_stubs.lo
- -rm -f spnego/cred_stubs.$(OBJEXT)
- -rm -f spnego/cred_stubs.lo
- -rm -f spnego/external.$(OBJEXT)
- -rm -f spnego/external.lo
- -rm -f spnego/init_sec_context.$(OBJEXT)
- -rm -f spnego/init_sec_context.lo
+ -rm -f krb5/*.$(OBJEXT)
+ -rm -f krb5/*.lo
+ -rm -f mech/*.$(OBJEXT)
+ -rm -f mech/*.lo
+ -rm -f ntlm/*.$(OBJEXT)
+ -rm -f ntlm/*.lo
+ -rm -f spnego/*.$(OBJEXT)
+ -rm -f spnego/*.lo
distclean-compile:
-rm -f *.tab.c
@@ -1643,6 +1659,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gss-commands.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gsstool.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_acquire_cred.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_add_store_cred.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_common.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_context.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_cred.Po@am__quote@
@@ -1812,28 +1829,28 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/init_sec_context.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
-@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
@@ -1846,11 +1863,18 @@ clean-libtool:
-rm -rf spnego/.libs spnego/_libs
install-man3: $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
- @list=''; test -n "$(man3dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.3[a-z]*$$/p'; \
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man3dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.3[a-z]*$$/p'; \
+ fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@@ -1879,16 +1903,21 @@ uninstall-man3:
sed -n '/\.3[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man3dir)" && rm -f $$files; }
+ dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir)
install-man5: $(man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
- @list=''; test -n "$(man5dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.5[a-z]*$$/p'; \
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man5dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.5[a-z]*$$/p'; \
+ fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@@ -1917,13 +1946,14 @@ uninstall-man5:
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
install-includeHEADERS: $(include_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
@list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
@@ -1937,20 +1967,21 @@ uninstall-includeHEADERS:
@$(NORMAL_UNINSTALL)
@list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- test -n "$$files" || exit 0; \
- echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(includedir)" && rm -f $$files
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
install-nobase_includeHEADERS: $(nobase_include_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
@list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
$(am__nobase_list) | while read dir files; do \
xfiles=; for file in $$files; do \
if test -f "$$file"; then xfiles="$$xfiles $$file"; \
else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
test -z "$$xfiles" || { \
test "x$$dir" = x. || { \
- echo "$(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \
$(MKDIR_P) "$(DESTDIR)$(includedir)/$$dir"; }; \
echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(includedir)/$$dir'"; \
$(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(includedir)/$$dir" || exit $$?; }; \
@@ -1960,13 +1991,14 @@ uninstall-nobase_includeHEADERS:
@$(NORMAL_UNINSTALL)
@list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \
$(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
- test -n "$$files" || exit 0; \
- echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(includedir)" && rm -f $$files
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
install-nodist_gssapiHEADERS: $(nodist_gssapi_HEADERS)
@$(NORMAL_INSTALL)
- test -z "$(gssapidir)" || $(MKDIR_P) "$(DESTDIR)$(gssapidir)"
@list='$(nodist_gssapi_HEADERS)'; test -n "$(gssapidir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(gssapidir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(gssapidir)" || exit 1; \
+ fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
@@ -1980,30 +2012,17 @@ uninstall-nodist_gssapiHEADERS:
@$(NORMAL_UNINSTALL)
@list='$(nodist_gssapi_HEADERS)'; test -n "$(gssapidir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- test -n "$$files" || exit 0; \
- echo " ( cd '$(DESTDIR)$(gssapidir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(gssapidir)" && rm -f $$files
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- mkid -fID $$unique
-tags: TAGS
-
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
+ dir='$(DESTDIR)$(gssapidir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
+ $(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
@@ -2015,15 +2034,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$$unique; \
fi; \
fi
-ctags: CTAGS
-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
@@ -2032,116 +2047,203 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-check-TESTS: $(TESTS)
- @failed=0; all=0; xfail=0; xpass=0; skip=0; \
- srcdir=$(srcdir); export srcdir; \
- list=' $(TESTS) '; \
- $(am__tty_colors); \
- if test -n "$$list"; then \
- for tst in $$list; do \
- if test -f ./$$tst; then dir=./; \
- elif test -f $$tst; then dir=; \
- else dir="$(srcdir)/"; fi; \
- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xpass=`expr $$xpass + 1`; \
- failed=`expr $$failed + 1`; \
- col=$$red; res=XPASS; \
- ;; \
- *) \
- col=$$grn; res=PASS; \
- ;; \
- esac; \
- elif test $$? -ne 77; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xfail=`expr $$xfail + 1`; \
- col=$$lgn; res=XFAIL; \
- ;; \
- *) \
- failed=`expr $$failed + 1`; \
- col=$$red; res=FAIL; \
- ;; \
- esac; \
- else \
- skip=`expr $$skip + 1`; \
- col=$$blu; res=SKIP; \
- fi; \
- echo "$${col}$$res$${std}: $$tst"; \
- done; \
- if test "$$all" -eq 1; then \
- tests="test"; \
- All=""; \
- else \
- tests="tests"; \
- All="All "; \
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+ rm -f $< $@
+ $(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+ @:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+ @$(am__set_TESTS_bases); \
+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+ redo_bases=`for i in $$bases; do \
+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+ done`; \
+ if test -n "$$redo_bases"; then \
+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+ if $(am__make_dryrun); then :; else \
+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
fi; \
- if test "$$failed" -eq 0; then \
- if test "$$xfail" -eq 0; then \
- banner="$$All$$all $$tests passed"; \
- else \
- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
- fi; \
- else \
- if test "$$xpass" -eq 0; then \
- banner="$$failed of $$all $$tests failed"; \
+ fi; \
+ if test -n "$$am__remaking_logs"; then \
+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+ "recursion detected" >&2; \
+ elif test -n "$$redo_logs"; then \
+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+ fi; \
+ if $(am__make_dryrun); then :; else \
+ st=0; \
+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+ for i in $$redo_bases; do \
+ test -f $$i.trs && test -r $$i.trs \
+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+ test -f $$i.log && test -r $$i.log \
+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+ done; \
+ test $$st -eq 0 || exit 1; \
+ fi
+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+ ws='[ ]'; \
+ results=`for b in $$bases; do echo $$b.trs; done`; \
+ test -n "$$results" || results=/dev/null; \
+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+ success=true; \
+ else \
+ success=false; \
+ fi; \
+ br='==================='; br=$$br$$br$$br$$br; \
+ result_count () \
+ { \
+ if test x"$$1" = x"--maybe-color"; then \
+ maybe_colorize=yes; \
+ elif test x"$$1" = x"--no-color"; then \
+ maybe_colorize=no; \
else \
- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \
fi; \
- fi; \
- dashes="$$banner"; \
- skipped=""; \
- if test "$$skip" -ne 0; then \
- if test "$$skip" -eq 1; then \
- skipped="($$skip test was not run)"; \
+ shift; \
+ desc=$$1 count=$$2; \
+ if test $$maybe_colorize = yes && test $$count -gt 0; then \
+ color_start=$$3 color_end=$$std; \
else \
- skipped="($$skip tests were not run)"; \
+ color_start= color_end=; \
fi; \
- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$skipped"; \
- fi; \
- report=""; \
- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
- report="Please report to $(PACKAGE_BUGREPORT)"; \
- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$report"; \
- fi; \
- dashes=`echo "$$dashes" | sed s/./=/g`; \
- if test "$$failed" -eq 0; then \
- echo "$$grn$$dashes"; \
- else \
- echo "$$red$$dashes"; \
- fi; \
- echo "$$banner"; \
- test -z "$$skipped" || echo "$$skipped"; \
- test -z "$$report" || echo "$$report"; \
- echo "$$dashes$$std"; \
- test "$$failed" -eq 0; \
- else :; fi
+ echo "$${color_start}# $$desc $$count$${color_end}"; \
+ }; \
+ create_testsuite_report () \
+ { \
+ result_count $$1 "TOTAL:" $$all "$$brg"; \
+ result_count $$1 "PASS: " $$pass "$$grn"; \
+ result_count $$1 "SKIP: " $$skip "$$blu"; \
+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+ result_count $$1 "FAIL: " $$fail "$$red"; \
+ result_count $$1 "XPASS:" $$xpass "$$red"; \
+ result_count $$1 "ERROR:" $$error "$$mgn"; \
+ }; \
+ { \
+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
+ $(am__rst_title); \
+ create_testsuite_report --no-color; \
+ echo; \
+ echo ".. contents:: :depth: 2"; \
+ echo; \
+ for b in $$bases; do echo $$b; done \
+ | $(am__create_global_log); \
+ } >$(TEST_SUITE_LOG).tmp || exit 1; \
+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
+ if $$success; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
+ fi; \
+ echo "$${col}$$br$${std}"; \
+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}$$br$${std}"; \
+ create_testsuite_report --maybe-color; \
+ echo "$$col$$br$$std"; \
+ if $$success; then :; else \
+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
+ if test -n "$(PACKAGE_BUGREPORT)"; then \
+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
+ fi; \
+ echo "$$col$$br$$std"; \
+ fi; \
+ $$success || exit 1
+
+check-TESTS:
+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+ exit $$?;
+recheck: all $(check_PROGRAMS)
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ bases=`for i in $$bases; do echo $$i; done \
+ | $(am__list_recheck_tests)` || exit 1; \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ log_list=`echo $$log_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+ am__force_recheck=am--force-recheck \
+ TEST_LOGS="$$log_list"; \
+ exit $$?
+test_oid.log: test_oid$(EXEEXT)
+ @p='test_oid$(EXEEXT)'; \
+ b='test_oid'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+test_names.log: test_names$(EXEEXT)
+ @p='test_names$(EXEEXT)'; \
+ b='test_names'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+test_cfx.log: test_cfx$(EXEEXT)
+ @p='test_cfx$(EXEEXT)'; \
+ b='test_cfx'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+ @p='$<'; \
+ $(am__set_b); \
+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@ @p='$<'; \
+@am__EXEEXT_TRUE@ $(am__set_b); \
+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
distdir: $(DISTFILES)
- @list='$(MANS)'; if test -n "$$list"; then \
- list=`for p in $$list; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
- if test -n "$$list" && \
- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
- echo " typically \`make maintainer-clean' will remove them" >&2; \
- exit 1; \
- else :; fi; \
- else :; fi
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -2198,11 +2300,19 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
@@ -2255,9 +2365,9 @@ install-dvi: install-dvi-am
install-dvi-am:
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec-am: install-binPROGRAMS install-exec-local \
+ install-libLTLIBRARIES
+
install-html: install-html-am
install-html-am:
@@ -2304,17 +2414,18 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
uninstall-man: uninstall-man3 uninstall-man5
.MAKE: all check check-am install install-am install-data-am \
- install-exec-am install-strip uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
- check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
- clean-generic clean-libLTLIBRARIES clean-libtool \
- clean-noinstPROGRAMS ctags dist-hook distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-binPROGRAMS install-data \
- install-data-am install-data-hook install-dvi install-dvi-am \
- install-exec install-exec-am install-exec-hook install-html \
+ install-strip uninstall-am
+
+.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-TESTS \
+ check-am check-local clean clean-binPROGRAMS \
+ clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool clean-noinstPROGRAMS cscopelist-am ctags \
+ ctags-am dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-local install-html \
install-html-am install-includeHEADERS install-info \
install-info-am install-libLTLIBRARIES install-man \
install-man3 install-man5 install-nobase_includeHEADERS \
@@ -2323,27 +2434,41 @@ uninstall-man: uninstall-man3 uninstall-man5
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-binPROGRAMS \
- uninstall-hook uninstall-includeHEADERS \
+ recheck tags tags-am uninstall uninstall-am \
+ uninstall-binPROGRAMS uninstall-hook uninstall-includeHEADERS \
uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
uninstall-man5 uninstall-nobase_includeHEADERS \
uninstall-nodist_gssapiHEADERS
+.PRECIOUS: Makefile
+
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
- x=$(DESTDIR)$(bindir)/$$file; \
- if chown 0:0 $$x && chmod u+s $$x; then :; else \
- echo "*"; \
- echo "* Failed to install $$x setuid root"; \
- echo "*"; \
- fi; done
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; \
+ done
-install-exec-hook: install-suid-programs
+install-exec-local: install-suid-programs
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
- @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+codesign-all:
+ @if [ X"$$CODE_SIGN_IDENTITY" != X ] ; then \
+ foo='$(bin_PROGRAMS) $(sbin_PROGRAMS) $(libexec_PROGRAMS)' ; \
+ for file in $$foo ; do \
+ echo "CODESIGN $$file" ; \
+ codesign -f -s "$$CODE_SIGN_IDENTITY" $$file || exit 1 ; \
+ done ; \
+ fi
+
+all-local: codesign-all
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) $(noinst_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(noinst_HEADERS)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@@ -2351,7 +2476,7 @@ install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_incl
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
- $(CP) $$file $(buildinclude)/$$f; \
+ $(CP) $$file $(buildinclude)/$$f || true; \
fi ; \
done ; \
foo='$(nobase_include_HEADERS)'; \
@@ -2408,6 +2533,8 @@ check-local::
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
+.7.cat7:
+ $(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
@@ -2450,6 +2577,19 @@ dist-cat5-mans:
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
+dist-cat7-mans:
+ @foo='$(man7_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.7) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat7/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
@@ -2463,13 +2603,13 @@ dist-cat8-mans:
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat7-mans dist-cat8-mans
install-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
uninstall-cat-mans:
- $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man7_MANS) $(man8_MANS)
install-data-hook: install-cat-mans
uninstall-hook: uninstall-cat-mans
@@ -2500,7 +2640,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
fi ; \
done
-$(srcdir)/ntlm/ntlm-private.h:
+$(srcdir)/ntlm/ntlm-private.h: $(ntlmsrc)
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
$(libgssapi_la_OBJECTS): $(BUILTHEADERS)
@@ -2508,6 +2648,9 @@ $(test_context_OBJECTS): $(BUILTHEADERS)
$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
+$(libgssapi_la_OBJECTS): gkrb5_err.h
+gkrb5_err.h: $(srcdir)/krb5/gkrb5_err.et
+
$(spnego_files) spnego_asn1.hx spnego_asn1-priv.hx: spnego_asn1_files
$(gssapi_files) gssapi_asn1.hx gssapi_asn1-priv.hx: gssapi_asn1_files
diff --git a/lib/gssapi/NTMakefile b/lib/gssapi/NTMakefile
index ecf44ba4d856..402b110a1b24 100644
--- a/lib/gssapi/NTMakefile
+++ b/lib/gssapi/NTMakefile
@@ -553,6 +553,7 @@ all-tools:: $(BINDIR)\gsstool.exe
$(BINDIR)\gsstool.exe: $(OBJ)\gsstool.obj $(OBJ)\gss-commands.obj $(LIBGSSAPI) $(LIBROKEN) $(LIBSL) $(LIBVERS)
$(EXECONLINK)
+ $(EXEPREP)
$(OBJ)\gss-commands.c $(OBJ)\gss-commands.h: gss-commands.in
cd $(OBJ)
@@ -630,10 +631,10 @@ test-binaries: $(LIBGSSAPI) $(TEST_BINARIES)
run-test:
cd $(OBJ)
- test_oid
- test_names
- test_cfx
- test_kcred
+ -test_oid
+ -test_names
+ -test_cfx
+ -test_kcred
cd $(SRCDIR)
test:: test-binaries run-test
diff --git a/lib/gssapi/gen-oid.pl b/lib/gssapi/gen-oid.pl
new file mode 100755
index 000000000000..a2341ad9816d
--- /dev/null
+++ b/lib/gssapi/gen-oid.pl
@@ -0,0 +1,141 @@
+#!/usr/bin/perl
+#
+# Copyright (c) 2010 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+use Getopt::Std;
+
+my $output;
+my $CFILE, $HFILE;
+my $onlybase;
+my $header = 0;
+
+getopts('b:h') || die "USAGE: ./gen-oid [-b BASE] [-h HEADER]";
+
+if($opt_b) {
+ $onlybase = $opt_b;
+}
+
+$header = 1 if ($opt_h);
+
+printf "/* Generated file */\n";
+if ($header) {
+ printf "#ifndef GSSAPI_GSSAPI_OID\n";
+ printf "#define GSSAPI_GSSAPI_OID 1\n\n";
+} else {
+ printf "#include \"mech_locl.h\"\n\n";
+}
+
+my %tables;
+my %types;
+
+while(<>) {
+
+ if (/^\w*#(.*)/) {
+ my $comment = $1;
+
+ if ($header) {
+ printf("$comment\n");
+ }
+
+ } elsif (/^oid\s+([\w\.]+)\s+(\w+)\s+([\w\.]+)/) {
+ my ($base, $name, $oid) = ($1, $2, $3);
+
+ next if (defined $onlybase and $onlybase ne $base);
+
+ my $store = "__" . lc($name) . "_oid_desc";
+
+ # encode oid
+
+ my @array = split(/\./, $oid);
+ my $length = 0;
+ my $data = "";
+
+ my $num;
+
+ $n = $#array;
+ while ($n > 1) {
+ $num = $array[$n];
+
+ my $p = int($num % 128);
+ $data = sprintf("\\x%02x", $p) . $data;
+
+ $num = int($num / 128);
+
+ $length += 1;
+
+ while ($num > 0) {
+ $p = int($num % 128) + 128;
+ $num = int($num / 128);
+ $data = sprintf("\\x%02x", $p) . $data;
+ $length += 1;
+ }
+ $n--;
+ }
+ $num = int($array[0] * 40 + $array[1]);
+
+ $data = sprintf("\\x%x", $num) . $data;
+ $length += 1;
+
+ if ($header) {
+ printf "extern GSSAPI_LIB_VARIABLE gss_OID_desc $store;\n";
+ printf "#define $name (&$store)\n\n";
+ } else {
+ printf "/* $name - $oid */\n";
+ printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, rk_UNCONST(\"$data\") };\n\n";
+ }
+ } elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) {
+ my ($type, $oid, $short, $long) = ($1, $2, $3, $4);
+ my $object = { type=> $type, oid => $oid, short => $short, long => $long };
+
+ $tables{$oid} = \$object;
+ $types{$type} = 1;
+ }
+
+}
+
+foreach my $k (sort keys %types) {
+ if (!$header) {
+ print "struct _gss_oid_name_table _gss_ont_" . $k . "[] = {\n";
+ foreach my $m (sort {$$a->{oid} cmp $$b->{oid}} values %tables) {
+ if ($$m->{type} eq $k) {
+ printf " { %s, \"%s\", %s, %s },\n", $$m->{oid}, $$m->{oid}, $$m->{short}, $$m->{long};
+ }
+ }
+ printf " { NULL, NULL, NULL, NULL }\n";
+ printf "};\n\n";
+
+ }
+}
+
+if ($header) {
+ printf "#endif /* GSSAPI_GSSAPI_OID */\n";
+}
diff --git a/lib/gssapi/gss-commands.in b/lib/gssapi/gss-commands.in
index a2fc2288ee43..25ec1c802cc5 100644
--- a/lib/gssapi/gss-commands.in
+++ b/lib/gssapi/gss-commands.in
@@ -33,10 +33,12 @@
/* $Id$ */
command = {
+ name = "mechanisms"
name = "supported-mechanisms"
help = "Print the supported mechanisms"
}
command = {
+ name = "attributes"
name = "attrs-for-mech"
help = "Print the attributes for mechs"
option = {
diff --git a/lib/gssapi/gss_acquire_cred.3 b/lib/gssapi/gss_acquire_cred.3
index 25d7b4d7ffdb..36b1f4e750c3 100644
--- a/lib/gssapi/gss_acquire_cred.3
+++ b/lib/gssapi/gss_acquire_cred.3
@@ -91,7 +91,7 @@ GSS-API library (libgssapi, -lgssapi)
.Fo gss_accept_sec_context
.Fa "OM_uint32 * minor_status"
.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_cred_id_t acceptor_cred_handle"
+.Fa "gss_const_cred_id_t acceptor_cred_handle"
.Fa "const gss_buffer_t input_token_buffer"
.Fa "const gss_channel_bindings_t input_chan_bindings"
.Fa "gss_name_t * src_name"
@@ -105,7 +105,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_acquire_cred
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t desired_name"
+.Fa "gss_const_name_t desired_name"
.Fa "OM_uint32 time_req"
.Fa "const gss_OID_set desired_mechs"
.Fa "gss_cred_usage_t cred_usage"
@@ -116,8 +116,8 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_add_cred
.Fa "OM_uint32 *minor_status"
-.Fa "const gss_cred_id_t input_cred_handle"
-.Fa "const gss_name_t desired_name"
+.Fa "gss_const_cred_id_t input_cred_handle"
+.Fa "gss_const_name_t desired_name"
.Fa "const gss_OID desired_mech"
.Fa "gss_cred_usage_t cred_usage"
.Fa "OM_uint32 initiator_time_req"
@@ -136,21 +136,21 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_canonicalize_name
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
+.Fa "gss_const_name_t input_name"
.Fa "const gss_OID mech_type"
.Fa "gss_name_t * output_name"
.Fc
.Ft OM_uint32
.Fo gss_compare_name
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t name1"
-.Fa "const gss_name_t name2"
+.Fa "gss_const_name_t name1"
+.Fa "gss_const_name_t name2"
.Fa "int * name_equal"
.Fc
.Ft OM_uint32
.Fo gss_context_time
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "OM_uint32 * time_rec"
.Fc
.Ft OM_uint32
@@ -167,7 +167,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_display_name
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
+.Fa "gss_const_name_t input_name"
.Fa "gss_buffer_t output_name_buffer"
.Fa "gss_OID * output_name_type"
.Fc
@@ -183,13 +183,13 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_duplicate_name
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t src_name"
+.Fa "gss_const_name_t src_name"
.Fa "gss_name_t * dest_name"
.Fc
.Ft OM_uint32
.Fo gss_export_name
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
+.Fa "gss_const_name_t input_name"
.Fa "gss_buffer_t exported_name"
.Fc
.Ft OM_uint32
@@ -201,7 +201,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_get_mic
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "gss_qop_t qop_req"
.Fa "const gss_buffer_t message_buffer"
.Fa "gss_buffer_t message_token"
@@ -227,9 +227,9 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_init_sec_context
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t initiator_cred_handle"
+.Fa "gss_const_cred_id_t initiator_cred_handle"
.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_name_t target_name"
+.Fa "gss_const_name_t target_name"
.Fa "const gss_OID mech_type"
.Fa "OM_uint32 req_flags"
.Fa "OM_uint32 time_req"
@@ -243,7 +243,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_inquire_context
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "gss_name_t * src_name"
.Fa "gss_name_t * targ_name"
.Fa "OM_uint32 * lifetime_rec"
@@ -255,7 +255,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_inquire_cred
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
+.Fa "gss_const_cred_id_t cred_handle"
.Fa "gss_name_t * name"
.Fa "OM_uint32 * lifetime"
.Fa "gss_cred_usage_t * cred_usage"
@@ -264,7 +264,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_inquire_cred_by_mech
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
+.Fa "gss_const_cred_id_t cred_handle"
.Fa "const gss_OID mech_type"
.Fa "gss_name_t * name"
.Fa "OM_uint32 * initiator_lifetime"
@@ -274,7 +274,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_inquire_mechs_for_name
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
+.Fa "gss_const_name_t input_name"
.Fa "gss_OID_set * mech_types"
.Fc
.Ft OM_uint32
@@ -336,7 +336,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_process_context_token
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "const gss_buffer_t token_buffer"
.Fc
.Ft OM_uint32
@@ -396,7 +396,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_unwrap
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "const gss_buffer_t input_message_buffer"
.Fa "gss_buffer_t output_message_buffer"
.Fa "int * conf_state"
@@ -413,7 +413,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_verify_mic
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "const gss_buffer_t message_buffer"
.Fa "const gss_buffer_t token_buffer"
.Fa "gss_qop_t * qop_state"
@@ -421,7 +421,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_wrap
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "int conf_req_flag"
.Fa "gss_qop_t qop_req"
.Fa "const gss_buffer_t input_message_buffer"
@@ -431,7 +431,7 @@ GSS-API library (libgssapi, -lgssapi)
.Ft OM_uint32
.Fo gss_wrap_size_limit
.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_const_ctx_id_t context_handle"
.Fa "int conf_req_flag"
.Fa "gss_qop_t qop_req"
.Fa "OM_uint32 req_output_size"
@@ -554,7 +554,7 @@ the default syntax is used for all mechanism the GSS-API
implementation supports.
When compare the imported name of
.Dv GSS_C_NO_OID
-it may match serveral mechanism names (MN).
+it may match several mechanism names (MN).
.Pp
The resulting name from
.Fn gss_display_name
@@ -584,7 +584,7 @@ Information is available even after the context have expired.
.Fa lifetime_rec
argument is set to
.Dv GSS_C_INDEFINITE
-(dont expire) or the number of seconds that the context is still valid.
+(don't expire) or the number of seconds that the context is still valid.
A value of 0 means that the context is expired.
.Fa mech_type
argument should be considered readonly and must not be released.
diff --git a/lib/gssapi/gss_acquire_cred.cat3 b/lib/gssapi/gss_acquire_cred.cat3
index b793918c1850..bf95976ad1c3 100644
--- a/lib/gssapi/gss_acquire_cred.cat3
+++ b/lib/gssapi/gss_acquire_cred.cat3
@@ -28,7 +28,7 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2
ggssss__aacccceepptt__sseecc__ccoonntteexxtt(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
_g_s_s___c_t_x___i_d___t _* _c_o_n_t_e_x_t___h_a_n_d_l_e,
- _c_o_n_s_t _g_s_s___c_r_e_d___i_d___t _a_c_c_e_p_t_o_r___c_r_e_d___h_a_n_d_l_e,
+ _g_s_s___c_o_n_s_t___c_r_e_d___i_d___t _a_c_c_e_p_t_o_r___c_r_e_d___h_a_n_d_l_e,
_c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _i_n_p_u_t___t_o_k_e_n___b_u_f_f_e_r,
_c_o_n_s_t _g_s_s___c_h_a_n_n_e_l___b_i_n_d_i_n_g_s___t _i_n_p_u_t___c_h_a_n___b_i_n_d_i_n_g_s,
_g_s_s___n_a_m_e___t _* _s_r_c___n_a_m_e, _g_s_s___O_I_D _* _m_e_c_h___t_y_p_e,
@@ -36,14 +36,14 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2 _* _t_i_m_e___r_e_c, _g_s_s___c_r_e_d___i_d___t _* _d_e_l_e_g_a_t_e_d___c_r_e_d___h_a_n_d_l_e);
_O_M___u_i_n_t_3_2
- ggssss__aaccqquuiirree__ccrreedd(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___n_a_m_e___t _d_e_s_i_r_e_d___n_a_m_e,
+ ggssss__aaccqquuiirree__ccrreedd(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___n_a_m_e___t _d_e_s_i_r_e_d___n_a_m_e,
_O_M___u_i_n_t_3_2 _t_i_m_e___r_e_q, _c_o_n_s_t _g_s_s___O_I_D___s_e_t _d_e_s_i_r_e_d___m_e_c_h_s,
_g_s_s___c_r_e_d___u_s_a_g_e___t _c_r_e_d___u_s_a_g_e, _g_s_s___c_r_e_d___i_d___t _* _o_u_t_p_u_t___c_r_e_d___h_a_n_d_l_e,
_g_s_s___O_I_D___s_e_t _* _a_c_t_u_a_l___m_e_c_h_s, _O_M___u_i_n_t_3_2 _* _t_i_m_e___r_e_c);
_O_M___u_i_n_t_3_2
ggssss__aadddd__ccrreedd(_O_M___u_i_n_t_3_2 _*_m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_r_e_d___i_d___t _i_n_p_u_t___c_r_e_d___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___n_a_m_e___t _d_e_s_i_r_e_d___n_a_m_e,
+ _g_s_s___c_o_n_s_t___c_r_e_d___i_d___t _i_n_p_u_t___c_r_e_d___h_a_n_d_l_e, _g_s_s___c_o_n_s_t___n_a_m_e___t _d_e_s_i_r_e_d___n_a_m_e,
_c_o_n_s_t _g_s_s___O_I_D _d_e_s_i_r_e_d___m_e_c_h, _g_s_s___c_r_e_d___u_s_a_g_e___t _c_r_e_d___u_s_a_g_e,
_O_M___u_i_n_t_3_2 _i_n_i_t_i_a_t_o_r___t_i_m_e___r_e_q, _O_M___u_i_n_t_3_2 _a_c_c_e_p_t_o_r___t_i_m_e___r_e_q,
_g_s_s___c_r_e_d___i_d___t _*_o_u_t_p_u_t___c_r_e_d___h_a_n_d_l_e, _g_s_s___O_I_D___s_e_t _*_a_c_t_u_a_l___m_e_c_h_s,
@@ -55,16 +55,16 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2
ggssss__ccaannoonniiccaalliizzee__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___n_a_m_e___t _i_n_p_u_t___n_a_m_e, _c_o_n_s_t _g_s_s___O_I_D _m_e_c_h___t_y_p_e,
+ _g_s_s___c_o_n_s_t___n_a_m_e___t _i_n_p_u_t___n_a_m_e, _c_o_n_s_t _g_s_s___O_I_D _m_e_c_h___t_y_p_e,
_g_s_s___n_a_m_e___t _* _o_u_t_p_u_t___n_a_m_e);
_O_M___u_i_n_t_3_2
- ggssss__ccoommppaarree__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___n_a_m_e___t _n_a_m_e_1,
- _c_o_n_s_t _g_s_s___n_a_m_e___t _n_a_m_e_2, _i_n_t _* _n_a_m_e___e_q_u_a_l);
+ ggssss__ccoommppaarree__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___n_a_m_e___t _n_a_m_e_1,
+ _g_s_s___c_o_n_s_t___n_a_m_e___t _n_a_m_e_2, _i_n_t _* _n_a_m_e___e_q_u_a_l);
_O_M___u_i_n_t_3_2
ggssss__ccoonntteexxtt__ttiimmee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _O_M___u_i_n_t_3_2 _* _t_i_m_e___r_e_c);
+ _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _O_M___u_i_n_t_3_2 _* _t_i_m_e___r_e_c);
_O_M___u_i_n_t_3_2
ggssss__ccrreeaattee__eemmppttyy__ooiidd__sseett(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
@@ -75,7 +75,7 @@ SSYYNNOOPPSSIISS
_g_s_s___c_t_x___i_d___t _* _c_o_n_t_e_x_t___h_a_n_d_l_e, _g_s_s___b_u_f_f_e_r___t _o_u_t_p_u_t___t_o_k_e_n);
_O_M___u_i_n_t_3_2
- ggssss__ddiissppllaayy__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___n_a_m_e___t _i_n_p_u_t___n_a_m_e,
+ ggssss__ddiissppllaayy__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___n_a_m_e___t _i_n_p_u_t___n_a_m_e,
_g_s_s___b_u_f_f_e_r___t _o_u_t_p_u_t___n_a_m_e___b_u_f_f_e_r, _g_s_s___O_I_D _* _o_u_t_p_u_t___n_a_m_e___t_y_p_e);
_O_M___u_i_n_t_3_2
@@ -84,11 +84,11 @@ SSYYNNOOPPSSIISS
_g_s_s___b_u_f_f_e_r___t _s_t_a_t_u_s___s_t_r_i_n_g);
_O_M___u_i_n_t_3_2
- ggssss__dduupplliiccaattee__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___n_a_m_e___t _s_r_c___n_a_m_e,
+ ggssss__dduupplliiccaattee__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___n_a_m_e___t _s_r_c___n_a_m_e,
_g_s_s___n_a_m_e___t _* _d_e_s_t___n_a_m_e);
_O_M___u_i_n_t_3_2
- ggssss__eexxppoorrtt__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___n_a_m_e___t _i_n_p_u_t___n_a_m_e,
+ ggssss__eexxppoorrtt__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___n_a_m_e___t _i_n_p_u_t___n_a_m_e,
_g_s_s___b_u_f_f_e_r___t _e_x_p_o_r_t_e_d___n_a_m_e);
_O_M___u_i_n_t_3_2
@@ -96,7 +96,7 @@ SSYYNNOOPPSSIISS
_g_s_s___c_t_x___i_d___t _* _c_o_n_t_e_x_t___h_a_n_d_l_e, _g_s_s___b_u_f_f_e_r___t _i_n_t_e_r_p_r_o_c_e_s_s___t_o_k_e_n);
_O_M___u_i_n_t_3_2
- ggssss__ggeett__mmiicc(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e,
+ ggssss__ggeett__mmiicc(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e,
_g_s_s___q_o_p___t _q_o_p___r_e_q, _c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _m_e_s_s_a_g_e___b_u_f_f_e_r,
_g_s_s___b_u_f_f_e_r___t _m_e_s_s_a_g_e___t_o_k_e_n);
@@ -115,8 +115,8 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2
ggssss__iinniitt__sseecc__ccoonntteexxtt(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_r_e_d___i_d___t _i_n_i_t_i_a_t_o_r___c_r_e_d___h_a_n_d_l_e,
- _g_s_s___c_t_x___i_d___t _* _c_o_n_t_e_x_t___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___n_a_m_e___t _t_a_r_g_e_t___n_a_m_e,
+ _g_s_s___c_o_n_s_t___c_r_e_d___i_d___t _i_n_i_t_i_a_t_o_r___c_r_e_d___h_a_n_d_l_e,
+ _g_s_s___c_t_x___i_d___t _* _c_o_n_t_e_x_t___h_a_n_d_l_e, _g_s_s___c_o_n_s_t___n_a_m_e___t _t_a_r_g_e_t___n_a_m_e,
_c_o_n_s_t _g_s_s___O_I_D _m_e_c_h___t_y_p_e, _O_M___u_i_n_t_3_2 _r_e_q___f_l_a_g_s, _O_M___u_i_n_t_3_2 _t_i_m_e___r_e_q,
_c_o_n_s_t _g_s_s___c_h_a_n_n_e_l___b_i_n_d_i_n_g_s___t _i_n_p_u_t___c_h_a_n___b_i_n_d_i_n_g_s,
_c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _i_n_p_u_t___t_o_k_e_n, _g_s_s___O_I_D _* _a_c_t_u_a_l___m_e_c_h___t_y_p_e,
@@ -125,26 +125,26 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2
ggssss__iinnqquuiirree__ccoonntteexxtt(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _g_s_s___n_a_m_e___t _* _s_r_c___n_a_m_e,
+ _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _g_s_s___n_a_m_e___t _* _s_r_c___n_a_m_e,
_g_s_s___n_a_m_e___t _* _t_a_r_g___n_a_m_e, _O_M___u_i_n_t_3_2 _* _l_i_f_e_t_i_m_e___r_e_c,
_g_s_s___O_I_D _* _m_e_c_h___t_y_p_e, _O_M___u_i_n_t_3_2 _* _c_t_x___f_l_a_g_s, _i_n_t _* _l_o_c_a_l_l_y___i_n_i_t_i_a_t_e_d,
_i_n_t _* _o_p_e_n___c_o_n_t_e_x_t);
_O_M___u_i_n_t_3_2
ggssss__iinnqquuiirree__ccrreedd(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_r_e_d___i_d___t _c_r_e_d___h_a_n_d_l_e, _g_s_s___n_a_m_e___t _* _n_a_m_e,
+ _g_s_s___c_o_n_s_t___c_r_e_d___i_d___t _c_r_e_d___h_a_n_d_l_e, _g_s_s___n_a_m_e___t _* _n_a_m_e,
_O_M___u_i_n_t_3_2 _* _l_i_f_e_t_i_m_e, _g_s_s___c_r_e_d___u_s_a_g_e___t _* _c_r_e_d___u_s_a_g_e,
_g_s_s___O_I_D___s_e_t _* _m_e_c_h_a_n_i_s_m_s);
_O_M___u_i_n_t_3_2
ggssss__iinnqquuiirree__ccrreedd__bbyy__mmeecchh(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_r_e_d___i_d___t _c_r_e_d___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___O_I_D _m_e_c_h___t_y_p_e,
+ _g_s_s___c_o_n_s_t___c_r_e_d___i_d___t _c_r_e_d___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___O_I_D _m_e_c_h___t_y_p_e,
_g_s_s___n_a_m_e___t _* _n_a_m_e, _O_M___u_i_n_t_3_2 _* _i_n_i_t_i_a_t_o_r___l_i_f_e_t_i_m_e,
_O_M___u_i_n_t_3_2 _* _a_c_c_e_p_t_o_r___l_i_f_e_t_i_m_e, _g_s_s___c_r_e_d___u_s_a_g_e___t _* _c_r_e_d___u_s_a_g_e);
_O_M___u_i_n_t_3_2
ggssss__iinnqquuiirree__mmeecchhss__ffoorr__nnaammee(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___n_a_m_e___t _i_n_p_u_t___n_a_m_e, _g_s_s___O_I_D___s_e_t _* _m_e_c_h___t_y_p_e_s);
+ _g_s_s___c_o_n_s_t___n_a_m_e___t _i_n_p_u_t___n_a_m_e, _g_s_s___O_I_D___s_e_t _* _m_e_c_h___t_y_p_e_s);
_O_M___u_i_n_t_3_2
ggssss__iinnqquuiirree__nnaammeess__ffoorr__mmeecchh(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
@@ -184,7 +184,7 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2
ggssss__pprroocceessss__ccoonntteexxtt__ttookkeenn(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _t_o_k_e_n___b_u_f_f_e_r);
+ _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _t_o_k_e_n___b_u_f_f_e_r);
_O_M___u_i_n_t_3_2
ggssss__rreelleeaassee__bbuuffffeerr(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___b_u_f_f_e_r___t _b_u_f_f_e_r);
@@ -219,7 +219,7 @@ SSYYNNOOPPSSIISS
_i_n_t _* _q_o_p___s_t_a_t_e);
_O_M___u_i_n_t_3_2
- ggssss__uunnwwrraapp(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e,
+ ggssss__uunnwwrraapp(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e,
_c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _i_n_p_u_t___m_e_s_s_a_g_e___b_u_f_f_e_r,
_g_s_s___b_u_f_f_e_r___t _o_u_t_p_u_t___m_e_s_s_a_g_e___b_u_f_f_e_r, _i_n_t _* _c_o_n_f___s_t_a_t_e,
_g_s_s___q_o_p___t _* _q_o_p___s_t_a_t_e);
@@ -231,18 +231,18 @@ SSYYNNOOPPSSIISS
_O_M___u_i_n_t_3_2
ggssss__vveerriiffyy__mmiicc(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _m_e_s_s_a_g_e___b_u_f_f_e_r,
+ _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _m_e_s_s_a_g_e___b_u_f_f_e_r,
_c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _t_o_k_e_n___b_u_f_f_e_r, _g_s_s___q_o_p___t _* _q_o_p___s_t_a_t_e);
_O_M___u_i_n_t_3_2
- ggssss__wwrraapp(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e,
+ ggssss__wwrraapp(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s, _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e,
_i_n_t _c_o_n_f___r_e_q___f_l_a_g, _g_s_s___q_o_p___t _q_o_p___r_e_q,
_c_o_n_s_t _g_s_s___b_u_f_f_e_r___t _i_n_p_u_t___m_e_s_s_a_g_e___b_u_f_f_e_r, _i_n_t _* _c_o_n_f___s_t_a_t_e,
_g_s_s___b_u_f_f_e_r___t _o_u_t_p_u_t___m_e_s_s_a_g_e___b_u_f_f_e_r);
_O_M___u_i_n_t_3_2
ggssss__wwrraapp__ssiizzee__lliimmiitt(_O_M___u_i_n_t_3_2 _* _m_i_n_o_r___s_t_a_t_u_s,
- _c_o_n_s_t _g_s_s___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _i_n_t _c_o_n_f___r_e_q___f_l_a_g,
+ _g_s_s___c_o_n_s_t___c_t_x___i_d___t _c_o_n_t_e_x_t___h_a_n_d_l_e, _i_n_t _c_o_n_f___r_e_q___f_l_a_g,
_g_s_s___q_o_p___t _q_o_p___r_e_q, _O_M___u_i_n_t_3_2 _r_e_q___o_u_t_p_u_t___s_i_z_e,
_O_M___u_i_n_t_3_2 _* _m_a_x___i_n_p_u_t___s_i_z_e);
@@ -332,8 +332,8 @@ AACCCCEESSSS CCOONNTTRROOLL
For example, if ggssss__iimmppoorrtt__nnaammee() name was used with GSS_C_NO_OID the
default syntax is used for all mechanism the GSS-API implementation sup-
- ports. When compare the imported name of GSS_C_NO_OID it may match
- serveral mechanism names (MN).
+ ports. When compare the imported name of GSS_C_NO_OID it may match sev-
+ eral mechanism names (MN).
The resulting name from ggssss__ddiissppllaayy__nnaammee() must not be used for acccess
control.
@@ -348,7 +348,7 @@ FFUUNNCCTTIIOONNSS
ggssss__iinnqquuiirree__ccoonntteexxtt() returns information about the context. Information
is available even after the context have expired. _l_i_f_e_t_i_m_e___r_e_c argument
- is set to GSS_C_INDEFINITE (dont expire) or the number of seconds that
+ is set to GSS_C_INDEFINITE (don't expire) or the number of seconds that
the context is still valid. A value of 0 means that the context is
expired. _m_e_c_h___t_y_p_e argument should be considered readonly and must not
be released. _s_r_c___n_a_m_e and ddeesstt__nnaammee() are both mechanims names and must
diff --git a/lib/gssapi/gssapi/gssapi.h b/lib/gssapi/gssapi/gssapi.h
index bbb2fd54c9bd..1a128cbe4a57 100644
--- a/lib/gssapi/gssapi/gssapi.h
+++ b/lib/gssapi/gssapi/gssapi.h
@@ -95,7 +95,7 @@ typedef const struct gss_name_t_desc_struct *gss_const_name_t;
struct gss_ctx_id_t_desc_struct;
typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
-typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t;
+typedef const struct gss_ctx_id_t_desc_struct *gss_const_ctx_id_t;
typedef struct gss_OID_desc_struct {
OM_uint32 length;
@@ -470,7 +470,7 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred
(OM_uint32 * /*minor_status*/,
- const gss_name_t /*desired_name*/,
+ gss_const_name_t /*desired_name*/,
OM_uint32 /*time_req*/,
const gss_OID_set /*desired_mechs*/,
gss_cred_usage_t /*cred_usage*/,
@@ -486,9 +486,9 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context
(OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_const_cred_id_t /*initiator_cred_handle*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_name_t /*target_name*/,
+ gss_const_name_t /*target_name*/,
const gss_OID /*mech_type*/,
OM_uint32 /*req_flags*/,
OM_uint32 /*time_req*/,
@@ -503,7 +503,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_accept_sec_context
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_cred_id_t /*acceptor_cred_handle*/,
+ gss_const_cred_id_t /*acceptor_cred_handle*/,
const gss_buffer_t /*input_token_buffer*/,
const gss_channel_bindings_t /*input_chan_bindings*/,
gss_name_t * /*src_name*/,
@@ -516,7 +516,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_accept_sec_context
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_process_context_token
(OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*token_buffer*/
);
@@ -528,13 +528,13 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_sec_context
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_context_time
(OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
OM_uint32 * /*time_rec*/
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_mic
(OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*message_buffer*/,
gss_buffer_t /*message_token*/
@@ -542,7 +542,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_mic
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify_mic
(OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*message_buffer*/,
const gss_buffer_t /*token_buffer*/,
gss_qop_t * /*qop_state*/
@@ -550,7 +550,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify_mic
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap
(OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*input_message_buffer*/,
@@ -560,7 +560,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap
(OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*input_message_buffer*/,
gss_buffer_t /*output_message_buffer*/,
int * /*conf_state*/,
@@ -583,14 +583,14 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_indicate_mechs
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_compare_name
(OM_uint32 * /*minor_status*/,
- const gss_name_t /*name1*/,
- const gss_name_t /*name2*/,
+ gss_const_name_t /*name1*/,
+ gss_const_name_t /*name2*/,
int * /*name_equal*/
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name
(OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t /*output_name_buffer*/,
gss_OID * /*output_name_type*/
);
@@ -604,7 +604,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name
(OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t /*exported_name*/
);
@@ -625,7 +625,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_oid_set
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred
(OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
gss_name_t * /*name*/,
OM_uint32 * /*lifetime*/,
gss_cred_usage_t * /*cred_usage*/,
@@ -634,7 +634,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_context (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_name_t * /*src_name*/,
gss_name_t * /*targ_name*/,
OM_uint32 * /*lifetime_rec*/,
@@ -646,7 +646,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_context (
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_size_limit (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
OM_uint32 /*req_output_size*/,
@@ -655,8 +655,8 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_size_limit (
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*input_cred_handle*/,
- const gss_name_t /*desired_name*/,
+ gss_const_cred_id_t /*input_cred_handle*/,
+ gss_const_name_t /*desired_name*/,
const gss_OID /*desired_mech*/,
gss_cred_usage_t /*cred_usage*/,
OM_uint32 /*initiator_time_req*/,
@@ -669,7 +669,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred (
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred_by_mech (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
const gss_OID /*mech_type*/,
gss_name_t * /*name*/,
OM_uint32 * /*initiator_lifetime*/,
@@ -715,20 +715,20 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_names_for_mech (
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_mechs_for_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_OID_set * /*mech_types*/
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
const gss_OID /*mech_type*/,
gss_name_t * /*output_name*/
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*src_name*/,
+ gss_const_name_t /*src_name*/,
gss_name_t * /*dest_name*/
);
@@ -754,7 +754,7 @@ gss_oid_to_str(
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_sec_context_by_oid(
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set
);
@@ -792,7 +792,7 @@ gss_release_buffer_set
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_cred_by_oid(OM_uint32 *minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set);
@@ -844,7 +844,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_attr_stream_sizes_oid_desc;
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_context_query_attributes(OM_uint32 * /* minor_status */,
- const gss_ctx_id_t /* context_handle */,
+ gss_const_ctx_id_t /* context_handle */,
const gss_OID /* attribute */,
void * /*data*/,
size_t /* len */);
@@ -934,6 +934,13 @@ gss_wrap_iov_length(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *,
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_release_iov_buffer(OM_uint32 *, gss_iov_buffer_desc *, int);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_wrap_aead(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t,
+ gss_buffer_t, gss_buffer_t, int *, gss_buffer_t);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_unwrap_aead(OM_uint32 *, gss_ctx_id_t, gss_buffer_t,
+ gss_buffer_t, gss_buffer_t, int *, gss_qop_t *);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_export_cred(OM_uint32 * /* minor_status */,
@@ -1004,7 +1011,7 @@ gss_display_mech_attr(OM_uint32 * minor_status,
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_with_password
(OM_uint32 * /*minor_status*/,
- const gss_name_t /*desired_name*/,
+ gss_const_name_t /*desired_name*/,
const gss_buffer_t /*password*/,
OM_uint32 /*time_req*/,
const gss_OID_set /*desired_mechs*/,
@@ -1016,8 +1023,8 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_with_password
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*input_cred_handle*/,
- const gss_name_t /*desired_name*/,
+ gss_const_cred_id_t /*input_cred_handle*/,
+ gss_const_name_t /*desired_name*/,
const gss_OID /*desired_mech*/,
const gss_buffer_t /*password*/,
gss_cred_usage_t /*cred_usage*/,
@@ -1030,20 +1037,27 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password (
);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_localname(
+ OM_uint32 *minor,
+ gss_const_name_t name,
+ const gss_OID mech_type,
+ gss_buffer_t localname);
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_pname_to_uid(
OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
const gss_OID mech_type,
uid_t *uidOut);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_authorize_localname(
OM_uint32 *minor,
- const gss_name_t name,
- const gss_name_t user);
+ gss_const_name_t name,
+ gss_const_name_t user);
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
-gss_userok(const gss_name_t name,
+gss_userok(gss_const_name_t name,
const char *user);
extern GSSAPI_LIB_VARIABLE gss_buffer_desc __gss_c_attr_local_login_user;
diff --git a/lib/gssapi/gssapi/gssapi_krb5.h b/lib/gssapi/gssapi/gssapi_krb5.h
index 2f605f5ee113..74d5109aa19c 100644
--- a/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/lib/gssapi/gssapi/gssapi_krb5.h
@@ -37,6 +37,7 @@
#define GSSAPI_KRB5_H_
#include <gssapi.h>
+#include <gssapi/gssapi_oid.h>
GSSAPI_CPP_START
@@ -60,9 +61,6 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc;
#define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc)
#define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc)
-extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
-#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
-
/* for compatibility with MIT api */
#define gss_mech_krb5 GSS_KRB5_MECHANISM
diff --git a/lib/gssapi/gssapi/gssapi_netlogon.h b/lib/gssapi/gssapi/gssapi_netlogon.h
new file mode 100644
index 000000000000..52201a6ba978
--- /dev/null
+++ b/lib/gssapi/gssapi/gssapi_netlogon.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2006 - 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id$ */
+
+#ifndef GSSAPI_NETLOGON_H_
+#define GSSAPI_NETLOGON_H_
+
+#include <gssapi.h>
+
+GSSAPI_CPP_START
+
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_NT_NETBIOS_DNS_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_SET_SESSION_KEY_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_NETLOGON_SET_SIGN_ALGORITHM_X;
+
+GSSAPI_CPP_END
+
+#endif /* GSSAPI_NETLOGON_H_ */
diff --git a/lib/gssapi/gssapi_mech.h b/lib/gssapi/gssapi_mech.h
index e4ccfdb0cd99..59fd04682937 100644
--- a/lib/gssapi/gssapi_mech.h
+++ b/lib/gssapi/gssapi_mech.h
@@ -33,7 +33,7 @@
typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_t
(OM_uint32 *, /* minor_status */
- const gss_name_t, /* desired_name */
+ gss_const_name_t, /* desired_name */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
gss_cred_usage_t, /* cred_usage */
@@ -49,9 +49,9 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_release_cred_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_init_sec_context_t
(OM_uint32 *, /* minor_status */
- const gss_cred_id_t, /* initiator_cred_handle */
+ gss_const_cred_id_t, /* initiator_cred_handle */
gss_ctx_id_t *, /* context_handle */
- const gss_name_t, /* target_name */
+ gss_const_name_t, /* target_name */
const gss_OID, /* mech_type */
OM_uint32, /* req_flags */
OM_uint32, /* time_req */
@@ -67,7 +67,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_init_sec_context_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_accept_sec_context_t
(OM_uint32 *, /* minor_status */
gss_ctx_id_t *, /* context_handle */
- const gss_cred_id_t, /* acceptor_cred_handle */
+ gss_const_cred_id_t, /* acceptor_cred_handle */
const gss_buffer_t, /* input_token_buffer */
const gss_channel_bindings_t,
/* input_chan_bindings */
@@ -81,7 +81,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_accept_sec_context_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_process_context_token_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
const gss_buffer_t /* token_buffer */
);
@@ -93,13 +93,13 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_sec_context_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_context_time_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
OM_uint32 * /* time_rec */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_get_mic_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
gss_qop_t, /* qop_req */
const gss_buffer_t, /* message_buffer */
gss_buffer_t /* message_token */
@@ -107,7 +107,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_get_mic_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_verify_mic_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
const gss_buffer_t, /* message_buffer */
const gss_buffer_t, /* token_buffer */
gss_qop_t * /* qop_state */
@@ -115,7 +115,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_verify_mic_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
const gss_buffer_t, /* input_message_buffer */
@@ -125,7 +125,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_unwrap_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
const gss_buffer_t, /* input_message_buffer */
gss_buffer_t, /* output_message_buffer */
int *, /* conf_state */
@@ -148,14 +148,14 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_indicate_mechs_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_compare_name_t
(OM_uint32 *, /* minor_status */
- const gss_name_t, /* name1 */
- const gss_name_t, /* name2 */
+ gss_const_name_t, /* name1 */
+ gss_const_name_t, /* name2 */
int * /* name_equal */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_t
(OM_uint32 *, /* minor_status */
- const gss_name_t, /* input_name */
+ gss_const_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID * /* output_name_type */
);
@@ -169,7 +169,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_import_name_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_t
(OM_uint32 *, /* minor_status */
- const gss_name_t, /* input_name */
+ gss_const_name_t, /* input_name */
gss_buffer_t /* exported_name */
);
@@ -180,7 +180,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_release_name_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_t
(OM_uint32 *, /* minor_status */
- const gss_cred_id_t, /* cred_handle */
+ gss_const_cred_id_t, /* cred_handle */
gss_name_t *, /* name */
OM_uint32 *, /* lifetime */
gss_cred_usage_t *, /* cred_usage */
@@ -189,7 +189,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_context_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
gss_name_t *, /* src_name */
gss_name_t *, /* targ_name */
OM_uint32 *, /* lifetime_rec */
@@ -201,7 +201,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_context_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_size_limit_t
(OM_uint32 *, /* minor_status */
- const gss_ctx_id_t, /* context_handle */
+ gss_const_ctx_id_t, /* context_handle */
int, /* conf_req_flag */
gss_qop_t, /* qop_req */
OM_uint32, /* req_output_size */
@@ -210,8 +210,8 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_size_limit_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_t (
OM_uint32 *, /* minor_status */
- const gss_cred_id_t, /* input_cred_handle */
- const gss_name_t, /* desired_name */
+ gss_const_cred_id_t, /* input_cred_handle */
+ gss_const_name_t, /* desired_name */
const gss_OID, /* desired_mech */
gss_cred_usage_t, /* cred_usage */
OM_uint32, /* initiator_time_req */
@@ -224,7 +224,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_t (
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_mech_t (
OM_uint32 *, /* minor_status */
- const gss_cred_id_t, /* cred_handle */
+ gss_const_cred_id_t, /* cred_handle */
const gss_OID, /* mech_type */
gss_name_t *, /* name */
OM_uint32 *, /* initiator_lifetime */
@@ -252,33 +252,33 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_names_for_mech_t (
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_mechs_for_name_t (
OM_uint32 *, /* minor_status */
- const gss_name_t, /* input_name */
+ gss_const_name_t, /* input_name */
gss_OID_set * /* mech_types */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_canonicalize_name_t (
OM_uint32 *, /* minor_status */
- const gss_name_t, /* input_name */
+ gss_const_name_t, /* input_name */
const gss_OID, /* mech_type */
gss_name_t * /* output_name */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_duplicate_name_t (
OM_uint32 *, /* minor_status */
- const gss_name_t, /* src_name */
+ gss_const_name_t, /* src_name */
gss_name_t * /* dest_name */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_sec_context_by_oid (
OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_oid (
OM_uint32 *minor_status,
- const gss_cred_id_t cred,
+ gss_const_cred_id_t cred,
const gss_OID desired_object,
gss_buffer_set_t *data_set
);
@@ -356,7 +356,7 @@ _gss_import_cred_t(OM_uint32 * minor_status,
typedef OM_uint32 GSSAPI_CALLCONV
_gss_acquire_cred_ext_t(OM_uint32 * /*minor_status */,
- const gss_name_t /* desired_name */,
+ gss_const_name_t /* desired_name */,
gss_const_OID /* credential_type */,
const void * /* credential_data */,
OM_uint32 /* time_req */,
@@ -460,16 +460,16 @@ struct gss_mo_desc_struct {
int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
};
-typedef OM_uint32 GSSAPI_CALLCONV _gss_pname_to_uid_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_localname_t (
OM_uint32 *, /* minor_status */
- const gss_name_t, /* name */
+ gss_const_name_t, /* name */
const gss_OID, /* mech_type */
- uid_t * /* uidOut */
+ gss_buffer_t /* localname */
);
typedef OM_uint32 GSSAPI_CALLCONV _gss_authorize_localname_t (
OM_uint32 *, /* minor_status */
- const gss_name_t, /* name */
+ gss_const_name_t, /* name */
gss_const_buffer_t, /* user */
gss_const_OID /* user_name_type */
);
@@ -536,7 +536,7 @@ typedef struct gssapi_mech_interface_desc {
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
- _gss_pname_to_uid_t *gm_pname_to_uid;
+ _gss_localname_t *gm_localname;
_gss_authorize_localname_t *gm_authorize_localname;
_gss_display_name_ext_t *gm_display_name_ext;
_gss_inquire_name_t *gm_inquire_name;
@@ -582,7 +582,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc;
OM_uint32 _gss_acquire_cred_ext
(OM_uint32 * /*minor_status*/,
- const gss_name_t /*desired_name*/,
+ gss_const_name_t /*desired_name*/,
gss_const_OID /*credential_type*/,
const void * /*credential_data*/,
OM_uint32 /*time_req*/,
diff --git a/lib/gssapi/gsstool.c b/lib/gssapi/gsstool.c
index 5ce3cb04a7d3..8df39535eed4 100644
--- a/lib/gssapi/gsstool.c
+++ b/lib/gssapi/gsstool.c
@@ -72,7 +72,7 @@ usage (int ret)
#define COL_SASL "SASL"
int
-supported_mechanisms(void *argptr, int argc, char **argv)
+mechanisms(void *argptr, int argc, char **argv)
{
OM_uint32 maj_stat, min_stat;
gss_OID_set mechs;
@@ -184,7 +184,7 @@ print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set)
int
-attrs_for_mech(struct attrs_for_mech_options *opt, int argc, char **argv)
+attributes(struct attributes_options *opt, int argc, char **argv)
{
gss_OID_set mech_attr = NULL, known_mech_attrs = NULL;
gss_OID mech = GSS_C_NO_OID;
@@ -229,9 +229,10 @@ help(void *opt, int argc, char **argv)
int
main(int argc, char **argv)
{
- int optidx = 0;
+ int exit_status = 0, ret, optidx = 0;
setprogname(argv[0]);
+
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
@@ -246,10 +247,18 @@ main(int argc, char **argv)
argc -= optidx;
argv += optidx;
- if (argc == 0) {
- help(NULL, argc, argv);
- return 1;
+ if (argc != 0) {
+ ret = sl_command(commands, argc, argv);
+ if(ret == -1)
+ sl_did_you_mean(commands, argv[0]);
+ else if (ret == -2)
+ ret = 0;
+ if(ret != 0)
+ exit_status = 1;
+ } else {
+ sl_slc_help(commands, argc, argv);
+ exit_status = 1;
}
- return sl_command (commands, argc, argv);
+ return exit_status;
}
diff --git a/lib/gssapi/krb5/8003.c b/lib/gssapi/krb5/8003.c
index d4555c51042b..5af477fe99fc 100644
--- a/lib/gssapi/krb5/8003.c
+++ b/lib/gssapi/krb5/8003.c
@@ -157,7 +157,7 @@ _gsskrb5_create_8003_checksum (
*p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */
memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
- p += fwd_data->length;
+ /* p += fwd_data->length; */ /* commented out to quiet warning */
}
return GSS_S_COMPLETE;
diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c
index 5a00e124c2cf..d4680e9e8fb6 100644
--- a/lib/gssapi/krb5/accept_sec_context.c
+++ b/lib/gssapi/krb5/accept_sec_context.c
@@ -104,7 +104,6 @@ _gsskrb5_register_acceptor_identity(OM_uint32 *min_stat, const char *identity)
void
_gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor)
{
- krb5_error_code ret;
krb5_keyblock *key;
if (acceptor) {
@@ -144,7 +143,8 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor)
}
if (ctx->crypto)
krb5_crypto_destroy(context, ctx->crypto);
- ret = krb5_crypto_init(context, key, 0, &ctx->crypto);
+ /* XXX We really shouldn't ignore this; will come back to this */
+ (void) krb5_crypto_init(context, key, 0, &ctx->crypto);
}
@@ -164,12 +164,13 @@ gsskrb5_accept_delegated_token
/* XXX Create a new delegated_cred_handle? */
if (delegated_cred_handle == NULL) {
- kret = krb5_cc_default (context, &ccache);
- } else {
- *delegated_cred_handle = NULL;
- kret = krb5_cc_new_unique (context, krb5_cc_type_memory,
- NULL, &ccache);
+ ret = GSS_S_COMPLETE;
+ goto out;
}
+
+ *delegated_cred_handle = NULL;
+ kret = krb5_cc_new_unique (context, krb5_cc_type_memory,
+ NULL, &ccache);
if (kret) {
ctx->flags &= ~GSS_C_DELEG_FLAG;
goto out;
@@ -270,7 +271,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
ctx,
context,
delegated_cred_handle);
- if (ret)
+ if (ret != GSS_S_COMPLETE)
return ret;
} else {
/* Well, looks like it wasn't there after all */
@@ -347,7 +348,7 @@ static OM_uint32
gsskrb5_acceptor_start(OM_uint32 * minor_status,
gsskrb5_ctx ctx,
krb5_context context,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
@@ -363,6 +364,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
krb5_flags ap_options;
krb5_keytab keytab = NULL;
int is_cfx = 0;
+ int close_kt = 0;
const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle;
/*
@@ -384,8 +386,20 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
* We need to get our keytab
*/
if (acceptor_cred == NULL) {
- if (_gsskrb5_keytab != NULL)
- keytab = _gsskrb5_keytab;
+ HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
+ if (_gsskrb5_keytab != NULL) {
+ char *name = NULL;
+ kret = krb5_kt_get_full_name(context, _gsskrb5_keytab, &name);
+ if (kret == 0) {
+ kret = krb5_kt_resolve(context, name, &keytab);
+ krb5_xfree(name);
+ }
+ if (kret == 0)
+ close_kt = 1;
+ else
+ keytab = NULL;
+ }
+ HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
} else if (acceptor_cred->keytab != NULL) {
keytab = acceptor_cred->keytab;
}
@@ -408,6 +422,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if (kret) {
if (in)
krb5_rd_req_in_ctx_free(context, in);
+ if (close_kt)
+ krb5_kt_close(context, keytab);
*minor_status = kret;
return GSS_S_FAILURE;
}
@@ -418,6 +434,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
server,
in, &out);
krb5_rd_req_in_ctx_free(context, in);
+ if (close_kt)
+ krb5_kt_close(context, keytab);
if (kret == KRB5KRB_AP_ERR_SKEW || kret == KRB5KRB_AP_ERR_TKT_NYV) {
/*
* No reply in non-MUTUAL mode, but we don't know that its
@@ -443,7 +461,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if (kret == 0)
kret = krb5_rd_req_out_get_keyblock(context, out,
&ctx->service_keyblock);
- ctx->lifetime = ctx->ticket->ticket.endtime;
+ ctx->endtime = ctx->ticket->ticket.endtime;
krb5_rd_req_out_ctx_free(context, out);
if (kret) {
@@ -464,6 +482,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
+ return ret;
}
kret = krb5_copy_principal(context,
@@ -510,62 +529,61 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
return ret;
}
- if (authenticator->cksum == NULL) {
- krb5_free_authenticator(context, &authenticator);
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
-
- if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
+ if (authenticator->cksum != NULL
+ && authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
ret = _gsskrb5_verify_8003_checksum(minor_status,
input_chan_bindings,
authenticator->cksum,
&ctx->flags,
&ctx->fwd_data);
- krb5_free_authenticator(context, &authenticator);
if (ret) {
+ krb5_free_authenticator(context, &authenticator);
return ret;
}
} else {
- krb5_crypto crypto;
-
- kret = krb5_crypto_init(context,
- ctx->auth_context->keyblock,
- 0, &crypto);
- if(kret) {
- krb5_free_authenticator(context, &authenticator);
-
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- return ret;
+ if (authenticator->cksum != NULL) {
+ krb5_crypto crypto;
+
+ kret = krb5_crypto_init(context,
+ ctx->auth_context->keyblock,
+ 0, &crypto);
+ if (kret) {
+ krb5_free_authenticator(context, &authenticator);
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+
+ /*
+ * Windows accepts Samba3's use of a kerberos, rather than
+ * GSSAPI checksum here
+ */
+
+ kret = krb5_verify_checksum(context,
+ crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
+ authenticator->cksum);
+ krb5_crypto_destroy(context, crypto);
+
+ if (kret) {
+ krb5_free_authenticator(context, &authenticator);
+ ret = GSS_S_BAD_SIG;
+ *minor_status = kret;
+ return ret;
+ }
}
/*
- * Windows accepts Samba3's use of a kerberos, rather than
- * GSSAPI checksum here
+ * If there is no checksum or a kerberos checksum (which Windows
+ * and Samba accept), we use the ap_options to guess the mutual
+ * flag.
*/
- kret = krb5_verify_checksum(context,
- crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
- authenticator->cksum);
- krb5_free_authenticator(context, &authenticator);
- krb5_crypto_destroy(context, crypto);
-
- if(kret) {
- ret = GSS_S_BAD_SIG;
- *minor_status = kret;
- return ret;
- }
-
- /*
- * Samba style get some flags (but not DCE-STYLE), use
- * ap_options to guess the mutual flag.
- */
- ctx->flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ ctx->flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
if (ap_options & AP_OPTS_MUTUAL_REQUIRED)
ctx->flags |= GSS_C_MUTUAL_FLAG;
- }
+ }
+ krb5_free_authenticator(context, &authenticator);
}
if(ctx->flags & GSS_C_MUTUAL_FLAG) {
@@ -593,8 +611,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
rkey);
if (kret == 0)
use_subkey = 1;
- krb5_free_keyblock(context, rkey);
}
+ krb5_free_keyblock(context, rkey);
}
if (use_subkey) {
ctx->more_flags |= ACCEPTOR_SUBKEY;
@@ -630,7 +648,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
/* Remember the flags */
- ctx->lifetime = ctx->ticket->ticket.endtime;
+ ctx->endtime = ctx->ticket->ticket.endtime;
ctx->more_flags |= OPEN;
if (mech_type)
@@ -639,7 +657,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if (time_rec) {
ret = _gsskrb5_lifetime_left(minor_status,
context,
- ctx->lifetime,
+ ctx->endtime,
time_rec);
if (ret) {
return ret;
@@ -675,7 +693,7 @@ static OM_uint32
acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
gsskrb5_ctx ctx,
krb5_context context,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
@@ -757,7 +775,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
ret = _gsskrb5_lifetime_left(minor_status,
context,
- ctx->lifetime,
+ ctx->endtime,
&lifetime_rec);
if (ret) {
return ret;
@@ -838,7 +856,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_accept_sec_context(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c
index 0f1f5f81cffc..9c880b334fd6 100644
--- a/lib/gssapi/krb5/acquire_cred.c
+++ b/lib/gssapi/krb5/acquire_cred.c
@@ -40,37 +40,16 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
krb5_principal principal,
OM_uint32 *lifetime)
{
- krb5_creds in_cred, out_cred;
- krb5_const_realm realm;
krb5_error_code kret;
+ time_t left;
- memset(&in_cred, 0, sizeof(in_cred));
- in_cred.client = principal;
-
- realm = krb5_principal_get_realm(context, principal);
- if (realm == NULL) {
- _gsskrb5_clear_status ();
- *minor_status = KRB5_PRINC_NOMATCH; /* XXX */
- return GSS_S_FAILURE;
- }
-
- kret = krb5_make_principal(context, &in_cred.server,
- realm, KRB5_TGS_NAME, realm, NULL);
- if (kret) {
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
-
- kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred);
- krb5_free_principal(context, in_cred.server);
+ kret = krb5_cc_get_lifetime(context, id, &left);
if (kret) {
- *minor_status = 0;
- *lifetime = 0;
- return GSS_S_COMPLETE;
+ *minor_status = kret;
+ return GSS_S_FAILURE;
}
- *lifetime = out_cred.times.endtime;
- krb5_free_cred_contents(context, &out_cred);
+ *lifetime = left;
return GSS_S_COMPLETE;
}
@@ -101,146 +80,282 @@ get_keytab(krb5_context context, krb5_keytab *keytab)
return (kret);
}
-static OM_uint32 acquire_initiator_cred
- (OM_uint32 * minor_status,
- krb5_context context,
- gss_const_OID credential_type,
- const void *credential_data,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- gss_const_OID desired_mech,
- gss_cred_usage_t cred_usage,
- gsskrb5_cred handle
- )
+/*
+ * This function produces a cred with a MEMORY ccache containing a TGT
+ * acquired with a password.
+ */
+static OM_uint32
+acquire_cred_with_password(OM_uint32 *minor_status,
+ krb5_context context,
+ const char *password,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ gsskrb5_cred handle)
{
- OM_uint32 ret;
+ OM_uint32 ret = GSS_S_FAILURE;
krb5_creds cred;
- krb5_principal def_princ;
krb5_get_init_creds_opt *opt;
- krb5_ccache ccache;
- krb5_keytab keytab;
+ krb5_ccache ccache = NULL;
krb5_error_code kret;
+ time_t now;
+ OM_uint32 left;
+
+ if (cred_usage == GSS_C_ACCEPT) {
+ /*
+ * TODO: Here we should eventually support user2user (when we get
+ * support for that via an extension to the mechanism
+ * allowing for more than two security context tokens),
+ * and/or new unique MEMORY keytabs (we have MEMORY keytab
+ * support, but we don't have a keytab equivalent of
+ * krb5_cc_new_unique()). Either way, for now we can't
+ * support this.
+ */
+ *minor_status = ENOTSUP; /* XXX Better error? */
+ return GSS_S_FAILURE;
+ }
+
+ memset(&cred, 0, sizeof(cred));
+
+ if (handle->principal == NULL) {
+ kret = krb5_get_default_principal(context, &handle->principal);
+ if (kret)
+ goto end;
+ }
+ kret = krb5_get_init_creds_opt_alloc(context, &opt);
+ if (kret)
+ goto end;
+
+ /*
+ * Get the current time before the AS exchange so we don't
+ * accidentally end up returning a value that puts advertised
+ * expiration past the real expiration.
+ *
+ * We need to do this because krb5_cc_get_lifetime() returns a
+ * relative time that we need to add to the current time. We ought
+ * to have a version of krb5_cc_get_lifetime() that returns absolute
+ * time...
+ */
+ krb5_timeofday(context, &now);
+
+ kret = krb5_get_init_creds_password(context, &cred, handle->principal,
+ password, NULL, NULL, 0, NULL, opt);
+ krb5_get_init_creds_opt_free(context, opt);
+ if (kret)
+ goto end;
+
+ kret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
+ if (kret)
+ goto end;
+
+ kret = krb5_cc_initialize(context, ccache, cred.client);
+ if (kret)
+ goto end;
- keytab = NULL;
+ kret = krb5_cc_store_cred(context, ccache, &cred);
+ if (kret)
+ goto end;
+
+ handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
+
+ ret = __gsskrb5_ccache_lifetime(minor_status, context, ccache,
+ handle->principal, &left);
+ if (ret != GSS_S_COMPLETE)
+ goto end;
+ handle->endtime = now + left;
+ handle->ccache = ccache;
ccache = NULL;
- def_princ = NULL;
- ret = GSS_S_FAILURE;
+ ret = GSS_S_COMPLETE;
+ kret = 0;
+
+end:
+ if (ccache != NULL)
+ krb5_cc_destroy(context, ccache);
+ if (cred.client != NULL)
+ krb5_free_cred_contents(context, &cred);
+ if (ret != GSS_S_COMPLETE && kret != 0)
+ *minor_status = kret;
+ return (ret);
+}
+
+/*
+ * Acquires an initiator credential from a ccache or using a keytab.
+ */
+static OM_uint32
+acquire_initiator_cred(OM_uint32 *minor_status,
+ krb5_context context,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ gsskrb5_cred handle)
+{
+ OM_uint32 ret = GSS_S_FAILURE;
+ krb5_creds cred;
+ krb5_get_init_creds_opt *opt;
+ krb5_principal def_princ = NULL;
+ krb5_ccache def_ccache = NULL;
+ krb5_ccache ccache = NULL; /* we may store into this ccache */
+ krb5_keytab keytab = NULL;
+ krb5_error_code kret = 0;
+ OM_uint32 left;
+ time_t lifetime = 0;
+ time_t now;
+
memset(&cred, 0, sizeof(cred));
/*
- * If we have a preferred principal, lets try to find it in all
- * caches, otherwise, fall back to default cache, ignore all
- * errors while searching.
+ * Get current time early so we can set handle->endtime to a value that
+ * cannot accidentally be past the real endtime. We need a variant of
+ * krb5_cc_get_lifetime() that returns absolute endtime.
*/
+ krb5_timeofday(context, &now);
- if (credential_type != GSS_C_NO_OID &&
- !gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
- kret = KRB5_NOCREDS_SUPPLIED; /* XXX */
- goto end;
- }
+ /*
+ * First look for a ccache that has the desired_name (which may be
+ * the default credential name).
+ *
+ * If we don't have an unexpired credential, acquire one with a
+ * keytab.
+ *
+ * If we acquire one with a keytab, save it in the ccache we found
+ * with the expired credential, if any.
+ *
+ * If we don't have any such ccache, then use a MEMORY ccache.
+ */
- if (handle->principal) {
- kret = krb5_cc_cache_match (context,
- handle->principal,
- &ccache);
+ if (handle->principal != NULL) {
+ /*
+ * Not default credential case. See if we can find a ccache in
+ * the cccol for the desired_name.
+ */
+ kret = krb5_cc_cache_match(context,
+ handle->principal,
+ &ccache);
if (kret == 0) {
- ret = GSS_S_COMPLETE;
- goto found;
+ kret = krb5_cc_get_lifetime(context, ccache, &lifetime);
+ if (kret == 0) {
+ if (lifetime > 0)
+ goto found;
+ else
+ goto try_keytab;
+ }
}
+ /*
+ * Fall through. We shouldn't find this in the default ccache
+ * either, but we'll give it a try, then we'll try using a keytab.
+ */
}
- if (ccache == NULL) {
- kret = krb5_cc_default(context, &ccache);
- if (kret)
- goto end;
- }
- kret = krb5_cc_get_principal(context, ccache, &def_princ);
- if (kret != 0) {
- /* we'll try to use a keytab below */
- krb5_cc_close(context, ccache);
- def_princ = NULL;
- kret = 0;
- } else if (handle->principal == NULL) {
- kret = krb5_copy_principal(context, def_princ, &handle->principal);
- if (kret)
- goto end;
- } else if (handle->principal != NULL &&
- krb5_principal_compare(context, handle->principal,
- def_princ) == FALSE) {
- krb5_free_principal(context, def_princ);
- def_princ = NULL;
- krb5_cc_close(context, ccache);
- ccache = NULL;
+ /*
+ * Either desired_name was GSS_C_NO_NAME (default cred) or
+ * krb5_cc_cache_match() failed (or found expired).
+ */
+ kret = krb5_cc_default(context, &def_ccache);
+ if (kret != 0)
+ goto try_keytab;
+ kret = krb5_cc_get_lifetime(context, def_ccache, &lifetime);
+ if (kret != 0)
+ lifetime = 0;
+ kret = krb5_cc_get_principal(context, def_ccache, &def_princ);
+ if (kret != 0)
+ goto try_keytab;
+ /*
+ * Have a default ccache; see if it matches desired_name.
+ */
+ if (handle->principal == NULL ||
+ krb5_principal_compare(context, handle->principal,
+ def_princ) == TRUE) {
+ /*
+ * It matches.
+ *
+ * If we end up trying a keytab then we can write the result to
+ * the default ccache.
+ */
+ if (handle->principal == NULL) {
+ kret = krb5_copy_principal(context, def_princ, &handle->principal);
+ if (kret)
+ goto end;
+ }
+ if (ccache != NULL)
+ krb5_cc_close(context, ccache);
+ ccache = def_ccache;
+ def_ccache = NULL;
+ if (lifetime > 0)
+ goto found;
+ /* else we fall through and try using a keytab */
}
- if (def_princ == NULL) {
- /* We have no existing credentials cache,
- * so attempt to get a TGT using a keytab.
- */
- if (handle->principal == NULL) {
- kret = krb5_get_default_principal(context, &handle->principal);
- if (kret)
- goto end;
- }
- kret = krb5_get_init_creds_opt_alloc(context, &opt);
- if (kret)
- goto end;
- if (credential_type != GSS_C_NO_OID &&
- gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
- gss_buffer_t password = (gss_buffer_t)credential_data;
-
- /* XXX are we requiring password to be NUL terminated? */
-
- kret = krb5_get_init_creds_password(context, &cred,
- handle->principal,
- password->value,
- NULL, NULL, 0, NULL, opt);
- } else {
- kret = get_keytab(context, &keytab);
- if (kret) {
- krb5_get_init_creds_opt_free(context, opt);
- goto end;
- }
- kret = krb5_get_init_creds_keytab(context, &cred,
- handle->principal, keytab,
- 0, NULL, opt);
- }
- krb5_get_init_creds_opt_free(context, opt);
- if (kret)
- goto end;
- kret = krb5_cc_new_unique(context, krb5_cc_type_memory,
- NULL, &ccache);
- if (kret)
- goto end;
- kret = krb5_cc_initialize(context, ccache, cred.client);
- if (kret) {
- krb5_cc_destroy(context, ccache);
- goto end;
- }
- kret = krb5_cc_store_cred(context, ccache, &cred);
- if (kret) {
- krb5_cc_destroy(context, ccache);
- goto end;
- }
- handle->lifetime = cred.times.endtime;
- handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
- } else {
- ret = __gsskrb5_ccache_lifetime(minor_status,
- context,
- ccache,
- handle->principal,
- &handle->lifetime);
- if (ret != GSS_S_COMPLETE) {
- krb5_cc_close(context, ccache);
- goto end;
- }
- kret = 0;
+try_keytab:
+ if (handle->principal == NULL) {
+ /* We need to know what client principal to use */
+ kret = krb5_get_default_principal(context, &handle->principal);
+ if (kret)
+ goto end;
}
- found:
+ kret = get_keytab(context, &keytab);
+ if (kret)
+ goto end;
+
+ kret = krb5_get_init_creds_opt_alloc(context, &opt);
+ if (kret)
+ goto end;
+ krb5_timeofday(context, &now);
+ kret = krb5_get_init_creds_keytab(context, &cred, handle->principal,
+ keytab, 0, NULL, opt);
+ krb5_get_init_creds_opt_free(context, opt);
+ if (kret)
+ goto end;
+
+ /*
+ * We got a credential with a keytab. Save it if we can.
+ */
+ if (ccache == NULL) {
+ /*
+ * There's no ccache we can overwrite with the credentials we acquired
+ * with a keytab. We'll use a MEMORY ccache then.
+ *
+ * Note that an application that falls into this repeatedly will do an
+ * AS exchange every time it acquires a credential handle. Hopefully
+ * this doesn't happen much. A workaround is to kinit -k once so that
+ * we always re-initialize the matched/default ccache here. I.e., once
+ * there's a FILE/DIR ccache, we'll keep it frash automatically if we
+ * have a keytab, but if there's no FILE/DIR ccache, then we'll
+ * get a fresh credential *every* time we're asked.
+ */
+ kret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
+ if (kret)
+ goto end;
+ handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
+ } /* else we'll re-initialize whichever ccache we matched above */
+
+ kret = krb5_cc_initialize(context, ccache, cred.client);
+ if (kret)
+ goto end;
+ kret = krb5_cc_store_cred(context, ccache, &cred);
+ if (kret)
+ goto end;
+
+found:
+ assert(handle->principal != NULL);
+ ret = __gsskrb5_ccache_lifetime(minor_status, context, ccache,
+ handle->principal, &left);
+ if (ret != GSS_S_COMPLETE)
+ goto end;
+ handle->endtime = now + left;
handle->ccache = ccache;
+ ccache = NULL;
ret = GSS_S_COMPLETE;
+ kret = 0;
end:
+ if (ccache != NULL) {
+ if ((handle->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE) != 0)
+ krb5_cc_destroy(context, ccache);
+ else
+ krb5_cc_close(context, ccache);
+ }
+ if (def_ccache != NULL)
+ krb5_cc_close(context, def_ccache);
if (cred.client != NULL)
krb5_free_cred_contents(context, &cred);
if (def_princ != NULL)
@@ -252,28 +367,19 @@ end:
return (ret);
}
-static OM_uint32 acquire_acceptor_cred
- (OM_uint32 * minor_status,
- krb5_context context,
- gss_const_OID credential_type,
- const void *credential_data,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- gss_const_OID desired_mech,
- gss_cred_usage_t cred_usage,
- gsskrb5_cred handle
- )
+static OM_uint32
+acquire_acceptor_cred(OM_uint32 * minor_status,
+ krb5_context context,
+ OM_uint32 time_req,
+ gss_const_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ gsskrb5_cred handle)
{
OM_uint32 ret;
krb5_error_code kret;
ret = GSS_S_FAILURE;
- if (credential_type != GSS_C_NO_OID) {
- kret = EINVAL;
- goto end;
- }
-
kret = get_keytab(context, &handle->keytab);
if (kret)
goto end;
@@ -318,7 +424,7 @@ end:
OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
(OM_uint32 * minor_status,
- const gss_name_t desired_name,
+ gss_const_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
@@ -366,7 +472,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred_ext
(OM_uint32 * minor_status,
- const gss_name_t desired_name,
+ gss_const_name_t desired_name,
gss_const_OID credential_type,
const void *credential_data,
OM_uint32 time_req,
@@ -381,25 +487,26 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred_ext
cred_usage &= GSS_C_OPTION_MASK;
- if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
+ if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE &&
+ cred_usage != GSS_C_BOTH) {
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
return GSS_S_FAILURE;
}
GSSAPI_KRB5_INIT(&context);
- *output_cred_handle = NULL;
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
handle = calloc(1, sizeof(*handle));
if (handle == NULL) {
*minor_status = ENOMEM;
- return (GSS_S_FAILURE);
+ return GSS_S_FAILURE;
}
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
if (desired_name != GSS_C_NO_NAME) {
- ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
+ ret = _gsskrb5_canon_name(minor_status, context,
desired_name, &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
@@ -407,29 +514,75 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred_ext
return ret;
}
}
- if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
- ret = acquire_initiator_cred(minor_status, context,
- credential_type, credential_data,
- desired_name, time_req,
- desired_mech, cred_usage, handle);
- if (ret != GSS_S_COMPLETE) {
- HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
- krb5_free_principal(context, handle->principal);
- free(handle);
- return (ret);
- }
- }
- if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
- ret = acquire_acceptor_cred(minor_status, context,
- credential_type, credential_data,
- desired_name, time_req,
- desired_mech, cred_usage, handle);
- if (ret != GSS_S_COMPLETE) {
- HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
- krb5_free_principal(context, handle->principal);
- free(handle);
- return (ret);
- }
+
+ if (credential_type != GSS_C_NO_OID &&
+ gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) {
+ /* Acquire a cred with a password */
+ gss_const_buffer_t pwbuf = credential_data;
+ char *pw;
+
+ if (pwbuf == NULL) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ free(handle);
+ *minor_status = KRB5_NOCREDS_SUPPLIED; /* see below */
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* NUL-terminate the password, if it wasn't already */
+ pw = strndup(pwbuf->value, pwbuf->length);
+ if (pw == NULL) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ free(handle);
+ *minor_status = krb5_enomem(context);
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+ ret = acquire_cred_with_password(minor_status, context, pw, time_req,
+ desired_mech, cred_usage, handle);
+ free(pw);
+ if (ret != GSS_S_COMPLETE) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return (ret);
+ }
+ } else if (credential_type != GSS_C_NO_OID) {
+ /*
+ * _gss_acquire_cred_ext() called with something other than a password.
+ *
+ * Not supported.
+ *
+ * _gss_acquire_cred_ext() is not a supported public interface, so
+ * we don't have to try too hard as to minor status codes here.
+ */
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ free(handle);
+ *minor_status = ENOTSUP;
+ return GSS_S_FAILURE;
+ } else {
+ /*
+ * Acquire a credential from the background credential store (ccache,
+ * keytab).
+ */
+ if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
+ ret = acquire_initiator_cred(minor_status, context, time_req,
+ desired_mech, cred_usage, handle);
+ if (ret != GSS_S_COMPLETE) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return (ret);
+ }
+ }
+ if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
+ ret = acquire_acceptor_cred(minor_status, context, time_req,
+ desired_mech, cred_usage, handle);
+ if (ret != GSS_S_COMPLETE) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return (ret);
+ }
+ }
}
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
if (ret == GSS_S_COMPLETE)
diff --git a/lib/gssapi/krb5/add_cred.c b/lib/gssapi/krb5/add_cred.c
index 00cf55f62d65..42f6b48181b4 100644
--- a/lib/gssapi/krb5/add_cred.c
+++ b/lib/gssapi/krb5/add_cred.c
@@ -35,8 +35,8 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
OM_uint32 *minor_status,
- const gss_cred_id_t input_cred_handle,
- const gss_name_t desired_name,
+ gss_const_cred_id_t input_cred_handle,
+ gss_const_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
@@ -47,7 +47,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
OM_uint32 *acceptor_time_rec)
{
krb5_context context;
- OM_uint32 ret, lifetime;
+ OM_uint32 major, lifetime;
gsskrb5_cred cred, handle;
krb5_const_principal dname;
@@ -55,99 +55,120 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
cred = (gsskrb5_cred)input_cred_handle;
dname = (krb5_const_principal)desired_name;
+ if (cred == NULL && output_cred_handle == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
+ }
+
GSSAPI_KRB5_INIT (&context);
- if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
+ if (desired_mech != GSS_C_NO_OID &&
+ gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
*minor_status = 0;
return GSS_S_BAD_MECH;
}
- if (cred == NULL && output_cred_handle == NULL) {
- *minor_status = 0;
- return GSS_S_NO_CRED;
- }
-
- if (cred == NULL) { /* XXX standard conformance failure */
- *minor_status = 0;
- return GSS_S_NO_CRED;
- }
+ if (cred == NULL) {
+ /*
+ * Acquire a credential; output_cred_handle can't be NULL, see above.
+ */
+ heim_assert(output_cred_handle != NULL,
+ "internal error in _gsskrb5_add_cred()");
+
+ major = _gsskrb5_acquire_cred(minor_status, desired_name,
+ min(initiator_time_req,
+ acceptor_time_req),
+ GSS_C_NO_OID_SET,
+ cred_usage,
+ output_cred_handle,
+ actual_mechs, &lifetime);
+ if (major != GSS_S_COMPLETE)
+ goto failure;
+
+ } else {
+ /*
+ * Check that we're done or copy input to output if
+ * output_cred_handle != NULL.
+ */
- /* check if requested output usage is compatible with output usage */
- if (output_cred_handle != NULL) {
HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
+
+ /* Check if requested output usage is compatible with output usage */
if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
return(GSS_S_FAILURE);
}
- }
-
- /* check that we have the same name */
- if (dname != NULL &&
- krb5_principal_compare(context, dname,
- cred->principal) != FALSE) {
- if (output_cred_handle)
- HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
- *minor_status = 0;
- return GSS_S_BAD_NAME;
- }
- /* make a copy */
- if (output_cred_handle) {
- krb5_error_code kret;
+ /* Check that we have the same name */
+ if (dname != NULL &&
+ krb5_principal_compare(context, dname,
+ cred->principal) != FALSE) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = 0;
+ return GSS_S_BAD_NAME;
+ }
+
+ if (output_cred_handle == NULL) {
+ /*
+ * This case is basically useless as we implement a single
+ * mechanism here, so we can't add elements to the
+ * input_cred_handle.
+ */
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+ }
+
+ /*
+ * Copy input to output -- this works as if we were a
+ * GSS_Duplicate_cred() for one mechanism element.
+ */
handle = calloc(1, sizeof(*handle));
if (handle == NULL) {
- HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ if (cred != NULL)
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
handle->usage = cred_usage;
- handle->lifetime = cred->lifetime;
+ handle->endtime = cred->endtime;
handle->principal = NULL;
handle->keytab = NULL;
handle->ccache = NULL;
handle->mechanisms = NULL;
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
- ret = GSS_S_FAILURE;
+ major = GSS_S_FAILURE;
- kret = krb5_copy_principal(context, cred->principal,
- &handle->principal);
- if (kret) {
+ *minor_status = krb5_copy_principal(context, cred->principal,
+ &handle->principal);
+ if (*minor_status) {
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
free(handle);
- *minor_status = kret;
return GSS_S_FAILURE;
}
if (cred->keytab) {
char *name = NULL;
- ret = GSS_S_FAILURE;
-
- kret = krb5_kt_get_full_name(context, cred->keytab, &name);
- if (kret) {
- *minor_status = kret;
+ *minor_status = krb5_kt_get_full_name(context, cred->keytab,
+ &name);
+ if (*minor_status)
goto failure;
- }
- kret = krb5_kt_resolve(context, name,
- &handle->keytab);
+ *minor_status = krb5_kt_resolve(context, name, &handle->keytab);
krb5_xfree(name);
- if (kret){
- *minor_status = kret;
+ if (*minor_status)
goto failure;
- }
}
if (cred->ccache) {
const char *type, *name;
char *type_name = NULL;
- ret = GSS_S_FAILURE;
-
type = krb5_cc_get_type(context, cred->ccache);
if (type == NULL){
*minor_status = ENOMEM;
@@ -155,19 +176,15 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
}
if (strcmp(type, "MEMORY") == 0) {
- ret = krb5_cc_new_unique(context, type,
- NULL, &handle->ccache);
- if (ret) {
- *minor_status = ret;
+ *minor_status = krb5_cc_new_unique(context, type,
+ NULL, &handle->ccache);
+ if (*minor_status)
goto failure;
- }
- ret = krb5_cc_copy_cache(context, cred->ccache,
- handle->ccache);
- if (ret) {
- *minor_status = ret;
+ *minor_status = krb5_cc_copy_cache(context, cred->ccache,
+ handle->ccache);
+ if (*minor_status)
goto failure;
- }
} else {
name = krb5_cc_get_name(context, cred->ccache);
@@ -176,52 +193,47 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
goto failure;
}
- kret = asprintf(&type_name, "%s:%s", type, name);
- if (kret < 0 || type_name == NULL) {
+ if (asprintf(&type_name, "%s:%s", type, name) == -1 ||
+ type_name == NULL) {
*minor_status = ENOMEM;
goto failure;
}
- kret = krb5_cc_resolve(context, type_name,
- &handle->ccache);
+ *minor_status = krb5_cc_resolve(context, type_name,
+ &handle->ccache);
free(type_name);
- if (kret) {
- *minor_status = kret;
+ if (*minor_status)
goto failure;
- }
}
}
- ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
- if (ret)
+ major = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
+ if (major != GSS_S_COMPLETE)
goto failure;
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- &handle->mechanisms);
- if (ret)
+ major = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ &handle->mechanisms);
+ if (major != GSS_S_COMPLETE)
goto failure;
- }
- HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
- ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred,
- NULL, &lifetime, NULL, actual_mechs);
- if (ret)
- goto failure;
+ major = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred,
+ NULL, &lifetime, NULL, actual_mechs);
+ if (major != GSS_S_COMPLETE)
+ goto failure;
+
+ *output_cred_handle = (gss_cred_id_t)handle;
+ }
if (initiator_time_rec)
*initiator_time_rec = lifetime;
if (acceptor_time_rec)
*acceptor_time_rec = lifetime;
- if (output_cred_handle) {
- *output_cred_handle = (gss_cred_id_t)handle;
- }
-
*minor_status = 0;
- return ret;
-
- failure:
+ return major;
+failure:
if (handle) {
if (handle->principal)
krb5_free_principal(context, handle->principal);
@@ -233,7 +245,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
gss_release_oid_set(NULL, &handle->mechanisms);
free(handle);
}
- if (output_cred_handle)
+ if (cred && output_cred_handle)
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
- return ret;
+ return major;
}
diff --git a/lib/gssapi/krb5/aeap.c b/lib/gssapi/krb5/aeap.c
index 47913e4aec03..fe95ecf0b9cc 100644
--- a/lib/gssapi/krb5/aeap.c
+++ b/lib/gssapi/krb5/aeap.c
@@ -44,17 +44,43 @@ _gk_wrap_iov(OM_uint32 * minor_status,
gss_iov_buffer_desc *iov,
int iov_count)
{
- const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
- krb5_context context;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+ krb5_context context;
+ OM_uint32 ret;
+ krb5_keyblock *key;
+ krb5_keytype keytype;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (ctx->more_flags & IS_CFX)
+ return _gssapi_wrap_cfx_iov(minor_status, ctx, context,
+ conf_req_flag, conf_state,
+ iov, iov_count);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype(context, key->keytype, &keytype);
- GSSAPI_KRB5_INIT (&context);
+ switch (keytype) {
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_wrap_iov_arcfour(minor_status, ctx, context,
+ conf_req_flag, conf_state,
+ iov, iov_count, key);
+ break;
- if (ctx->more_flags & IS_CFX)
- return _gssapi_wrap_cfx_iov(minor_status, ctx, context,
- conf_req_flag, conf_state,
- iov, iov_count);
+ default:
+ ret = GSS_S_FAILURE;
+ break;
+ }
- return GSS_S_FAILURE;
+ krb5_free_keyblock(context, key);
+ return ret;
}
OM_uint32 GSSAPI_CALLCONV
@@ -67,6 +93,9 @@ _gk_unwrap_iov(OM_uint32 *minor_status,
{
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_context context;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+ krb5_keyblock *key;
GSSAPI_KRB5_INIT (&context);
@@ -74,7 +103,30 @@ _gk_unwrap_iov(OM_uint32 *minor_status,
return _gssapi_unwrap_cfx_iov(minor_status, ctx, context,
conf_state, qop_state, iov, iov_count);
- return GSS_S_FAILURE;
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype(context, key->keytype, &keytype);
+
+ switch (keytype) {
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_unwrap_iov_arcfour(minor_status, ctx, context,
+ conf_state, qop_state,
+ iov, iov_count, key);
+ break;
+
+ default:
+ ret = GSS_S_FAILURE;
+ break;
+ }
+
+ krb5_free_keyblock(context, key);
+ return ret;
}
OM_uint32 GSSAPI_CALLCONV
@@ -88,6 +140,9 @@ _gk_wrap_iov_length(OM_uint32 * minor_status,
{
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_context context;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+ krb5_keyblock *key;
GSSAPI_KRB5_INIT (&context);
@@ -96,5 +151,28 @@ _gk_wrap_iov_length(OM_uint32 * minor_status,
conf_req_flag, qop_req, conf_state,
iov, iov_count);
- return GSS_S_FAILURE;
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype(context, key->keytype, &keytype);
+
+ switch (keytype) {
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_wrap_iov_length_arcfour(minor_status, ctx, context,
+ conf_req_flag, qop_req, conf_state,
+ iov, iov_count);
+ break;
+
+ default:
+ ret = GSS_S_FAILURE;
+ break;
+ }
+
+ krb5_free_keyblock(context, key);
+ return ret;
}
diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
index 15b1b343409a..0aa2da0808bf 100644
--- a/lib/gssapi/krb5/arcfour.c
+++ b/lib/gssapi/krb5/arcfour.c
@@ -69,7 +69,7 @@
static krb5_error_code
arcfour_mic_key(krb5_context context, krb5_keyblock *key,
- void *cksum_data, size_t cksum_size,
+ const void *cksum_data, size_t cksum_size,
void *key6_data, size_t key6_size)
{
krb5_error_code ret;
@@ -86,7 +86,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key,
cksum_k5.checksum.data = k5_data;
cksum_k5.checksum.length = sizeof(k5_data);
- if (key->keytype == ENCTYPE_ARCFOUR_HMAC_MD5_56) {
+ if (key->keytype == KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56) {
char L40[14] = "fortybits";
memcpy(L40 + 10, T, sizeof(T));
@@ -100,7 +100,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key,
if (ret)
return ret;
- key5.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
+ key5.keytype = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5;
key5.keyvalue = cksum_k5.checksum;
cksum_k6.checksum.data = key6_data;
@@ -112,30 +112,73 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key,
static krb5_error_code
-arcfour_mic_cksum(krb5_context context,
- krb5_keyblock *key, unsigned usage,
- u_char *sgn_cksum, size_t sgn_cksum_sz,
- const u_char *v1, size_t l1,
- const void *v2, size_t l2,
- const void *v3, size_t l3)
+arcfour_mic_cksum_iov(krb5_context context,
+ krb5_keyblock *key, unsigned usage,
+ u_char *sgn_cksum, size_t sgn_cksum_sz,
+ const u_char *v1, size_t l1,
+ const void *v2, size_t l2,
+ const gss_iov_buffer_desc *iov,
+ int iov_count,
+ const gss_iov_buffer_desc *padding)
{
Checksum CKSUM;
u_char *ptr;
size_t len;
+ size_t ofs = 0;
+ int i;
krb5_crypto crypto;
krb5_error_code ret;
assert(sgn_cksum_sz == 8);
- len = l1 + l2 + l3;
+ len = l1 + l2;
+
+ for (i=0; i < iov_count; i++) {
+ switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
+ break;
+ default:
+ continue;
+ }
+
+ len += iov[i].buffer.length;
+ }
+
+ if (padding) {
+ len += padding->buffer.length;
+ }
ptr = malloc(len);
if (ptr == NULL)
return ENOMEM;
- memcpy(ptr, v1, l1);
- memcpy(ptr + l1, v2, l2);
- memcpy(ptr + l1 + l2, v3, l3);
+ memcpy(ptr + ofs, v1, l1);
+ ofs += l1;
+ memcpy(ptr + ofs, v2, l2);
+ ofs += l2;
+
+ for (i=0; i < iov_count; i++) {
+ switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
+ break;
+ default:
+ continue;
+ }
+
+ memcpy(ptr + ofs,
+ iov[i].buffer.value,
+ iov[i].buffer.length);
+ ofs += iov[i].buffer.length;
+ }
+
+ if (padding) {
+ memcpy(ptr + ofs,
+ padding->buffer.value,
+ padding->buffer.length);
+ ofs += padding->buffer.length;
+ }
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
@@ -149,6 +192,7 @@ arcfour_mic_cksum(krb5_context context,
0,
ptr, len,
&CKSUM);
+ memset(ptr, 0, len);
free(ptr);
if (ret == 0) {
memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
@@ -159,6 +203,26 @@ arcfour_mic_cksum(krb5_context context,
return ret;
}
+static krb5_error_code
+arcfour_mic_cksum(krb5_context context,
+ krb5_keyblock *key, unsigned usage,
+ u_char *sgn_cksum, size_t sgn_cksum_sz,
+ const u_char *v1, size_t l1,
+ const void *v2, size_t l2,
+ const void *v3, size_t l3)
+{
+ gss_iov_buffer_desc iov;
+
+ iov.type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+ iov.buffer.value = rk_UNCONST(v3);
+ iov.buffer.length = l3;
+
+ return arcfour_mic_cksum_iov(context, key, usage,
+ sgn_cksum, sgn_cksum_sz,
+ v1, l1, v2, l2,
+ &iov, 1, NULL);
+}
+
OM_uint32
_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
@@ -760,3 +824,563 @@ _gssapi_wrap_size_arcfour(OM_uint32 *minor_status,
return GSS_S_COMPLETE;
}
+
+OM_uint32
+_gssapi_wrap_iov_length_arcfour(OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ OM_uint32 major_status;
+ size_t data_len = 0;
+ int i;
+ gss_iov_buffer_desc *header = NULL;
+ gss_iov_buffer_desc *padding = NULL;
+ gss_iov_buffer_desc *trailer = NULL;
+
+ *minor_status = 0;
+
+ for (i = 0; i < iov_count; i++) {
+ switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+ case GSS_IOV_BUFFER_TYPE_EMPTY:
+ break;
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ data_len += iov[i].buffer.length;
+ break;
+ case GSS_IOV_BUFFER_TYPE_HEADER:
+ if (header != NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ header = &iov[i];
+ break;
+ case GSS_IOV_BUFFER_TYPE_TRAILER:
+ if (trailer != NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ trailer = &iov[i];
+ break;
+ case GSS_IOV_BUFFER_TYPE_PADDING:
+ if (padding != NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ padding = &iov[i];
+ break;
+ case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
+ break;
+ default:
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+ if (major_status != GSS_S_COMPLETE) {
+ return major_status;
+ }
+
+ if (IS_DCE_STYLE(ctx)) {
+ size_t len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ size_t total_len;
+ _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+ header->buffer.length = total_len;
+ } else {
+ size_t len;
+ size_t total_len;
+ if (padding) {
+ data_len += 1; /* padding */
+ }
+ len = data_len + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+ header->buffer.length = total_len - data_len;
+ }
+
+ if (trailer) {
+ trailer->buffer.length = 0;
+ }
+
+ if (padding) {
+ padding->buffer.length = 1;
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gssapi_wrap_iov_arcfour(OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ int conf_req_flag,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ krb5_keyblock *key)
+{
+ OM_uint32 major_status, junk;
+ gss_iov_buffer_desc *header, *padding, *trailer;
+ krb5_error_code kret;
+ int32_t seq_number;
+ u_char Klocaldata[16], k6_data[16], *p, *p0;
+ size_t make_len = 0;
+ size_t header_len = 0;
+ size_t data_len = 0;
+ krb5_keyblock Klocal;
+ int i;
+
+ header = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+ trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+
+ major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+ if (major_status != GSS_S_COMPLETE) {
+ return major_status;
+ }
+
+ for (i = 0; i < iov_count; i++) {
+ switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ break;
+ default:
+ continue;
+ }
+
+ data_len += iov[i].buffer.length;
+ }
+
+ if (padding) {
+ data_len += 1;
+ }
+
+ if (IS_DCE_STYLE(ctx)) {
+ size_t unwrapped_len;
+ unwrapped_len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ _gssapi_encap_length(unwrapped_len,
+ &make_len,
+ &header_len,
+ GSS_KRB5_MECHANISM);
+ } else {
+ size_t unwrapped_len;
+ unwrapped_len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + data_len;
+ _gssapi_encap_length(unwrapped_len,
+ &make_len,
+ &header_len,
+ GSS_KRB5_MECHANISM);
+ header_len -= data_len;
+ }
+
+ if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
+ major_status = _gk_allocate_buffer(minor_status, header,
+ header_len);
+ if (major_status != GSS_S_COMPLETE)
+ goto failure;
+ } else if (header->buffer.length < header_len) {
+ *minor_status = KRB5_BAD_MSIZE;
+ major_status = GSS_S_FAILURE;
+ goto failure;
+ } else {
+ header->buffer.length = header_len;
+ }
+
+ if (padding) {
+ if (GSS_IOV_BUFFER_FLAGS(padding->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
+ major_status = _gk_allocate_buffer(minor_status, padding, 1);
+ if (major_status != GSS_S_COMPLETE)
+ goto failure;
+ } else if (padding->buffer.length < 1) {
+ *minor_status = KRB5_BAD_MSIZE;
+ major_status = GSS_S_FAILURE;
+ goto failure;
+ } else {
+ padding->buffer.length = 1;
+ }
+ memset(padding->buffer.value, 1, 1);
+ }
+
+ if (trailer) {
+ trailer->buffer.length = 0;
+ trailer->buffer.value = NULL;
+ }
+
+ p0 = _gssapi_make_mech_header(header->buffer.value,
+ make_len,
+ GSS_KRB5_MECHANISM);
+ p = p0;
+
+ *p++ = 0x02; /* TOK_ID */
+ *p++ = 0x01;
+ *p++ = 0x11; /* SGN_ALG */
+ *p++ = 0x00;
+ if (conf_req_flag) {
+ *p++ = 0x10; /* SEAL_ALG */
+ *p++ = 0x00;
+ } else {
+ *p++ = 0xff; /* SEAL_ALG */
+ *p++ = 0xff;
+ }
+ *p++ = 0xff; /* Filler */
+ *p++ = 0xff;
+
+ p = NULL;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ krb5_auth_con_getlocalseqnumber(context,
+ ctx->auth_context,
+ &seq_number);
+ _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8);
+
+ krb5_auth_con_setlocalseqnumber(context,
+ ctx->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ memset(p0 + 8 + 4,
+ (ctx->more_flags & LOCAL) ? 0 : 0xff,
+ 4);
+
+ krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
+
+ /* Sign Data */
+ kret = arcfour_mic_cksum_iov(context,
+ key, KRB5_KU_USAGE_SEAL,
+ p0 + 16, 8, /* SGN_CKSUM */
+ p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
+ p0 + 24, 8, /* Confounder */
+ iov, iov_count, /* Data + SignOnly */
+ padding); /* padding */
+ if (kret) {
+ *minor_status = kret;
+ major_status = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ Klocal.keytype = key->keytype;
+ Klocal.keyvalue.data = Klocaldata;
+ Klocal.keyvalue.length = sizeof(Klocaldata);
+
+ for (i = 0; i < 16; i++) {
+ Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
+ }
+ kret = arcfour_mic_key(context, &Klocal,
+ p0 + 8, 4, /* SND_SEQ */
+ k6_data, sizeof(k6_data));
+ memset(Klocaldata, 0, sizeof(Klocaldata));
+ if (kret) {
+ *minor_status = kret;
+ major_status = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ if (conf_req_flag) {
+ EVP_CIPHER_CTX rc4_key;
+
+ EVP_CIPHER_CTX_init(&rc4_key);
+ EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+
+ /* Confounder */
+ EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8);
+
+ /* Seal Data */
+ for (i=0; i < iov_count; i++) {
+ switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ break;
+ default:
+ continue;
+ }
+
+ EVP_Cipher(&rc4_key, iov[i].buffer.value,
+ iov[i].buffer.value, iov[i].buffer.length);
+ }
+
+ /* Padding */
+ if (padding) {
+ EVP_Cipher(&rc4_key, padding->buffer.value,
+ padding->buffer.value, padding->buffer.length);
+ }
+
+ EVP_CIPHER_CTX_cleanup(&rc4_key);
+ }
+ memset(k6_data, 0, sizeof(k6_data));
+
+ kret = arcfour_mic_key(context, key,
+ p0 + 16, 8, /* SGN_CKSUM */
+ k6_data, sizeof(k6_data));
+ if (kret) {
+ *minor_status = kret;
+ major_status = GSS_S_FAILURE;
+ return major_status;
+ }
+
+ {
+ EVP_CIPHER_CTX rc4_key;
+
+ EVP_CIPHER_CTX_init(&rc4_key);
+ EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ EVP_Cipher(&rc4_key, p0 + 8, p0 + 8, 8); /* SND_SEQ */
+ EVP_CIPHER_CTX_cleanup(&rc4_key);
+
+ memset(k6_data, 0, sizeof(k6_data));
+ }
+
+ if (conf_state)
+ *conf_state = conf_req_flag;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+
+failure:
+
+ gss_release_iov_buffer(&junk, iov, iov_count);
+
+ return major_status;
+}
+
+OM_uint32
+_gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ int *pconf_state,
+ gss_qop_t *pqop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ krb5_keyblock *key)
+{
+ OM_uint32 major_status;
+ gss_iov_buffer_desc *header, *padding, *trailer;
+ krb5_keyblock Klocal;
+ uint8_t Klocaldata[16];
+ uint8_t k6_data[16], snd_seq[8], Confounder[8];
+ uint8_t cksum_data[8];
+ uint8_t *_p = NULL;
+ const uint8_t *p, *p0;
+ size_t verify_len = 0;
+ uint32_t seq_number;
+ size_t hlen = 0;
+ int conf_state;
+ int cmp;
+ size_t i;
+ krb5_error_code kret;
+ OM_uint32 ret;
+
+ if (pconf_state != NULL) {
+ *pconf_state = 0;
+ }
+ if (pqop_state != NULL) {
+ *pqop_state = 0;
+ }
+
+ header = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+ trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+
+ /* Check if the packet is correct */
+ major_status = _gk_verify_buffers(minor_status,
+ ctx,
+ header,
+ padding,
+ trailer);
+ if (major_status != GSS_S_COMPLETE) {
+ return major_status;
+ }
+
+ if (padding != NULL && padding->buffer.length != 1) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (IS_DCE_STYLE(context)) {
+ verify_len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
+ GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
+ if (header->buffer.length > verify_len) {
+ return GSS_S_BAD_MECH;
+ }
+ } else {
+ verify_len = header->buffer.length;
+ }
+ _p = header->buffer.value;
+
+ ret = _gssapi_verify_mech_header(&_p,
+ verify_len,
+ GSS_KRB5_MECHANISM);
+ if (ret) {
+ return ret;
+ }
+ p0 = _p;
+
+ /* length of mech header */
+ hlen = (p0 - (uint8_t *)header->buffer.value);
+ hlen += GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+
+ if (hlen > header->buffer.length) {
+ return GSS_S_BAD_MECH;
+ }
+
+ p = p0;
+
+ if (memcmp(p, "\x02\x01", 2) != 0)
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
+ return GSS_S_BAD_SIG;
+ p += 2;
+
+ if (memcmp (p, "\x10\x00", 2) == 0)
+ conf_state = 1;
+ else if (memcmp (p, "\xff\xff", 2) == 0)
+ conf_state = 0;
+ else
+ return GSS_S_BAD_SIG;
+
+ p += 2;
+ if (memcmp (p, "\xff\xff", 2) != 0)
+ return GSS_S_BAD_MIC;
+ p = NULL;
+
+ kret = arcfour_mic_key(context,
+ key,
+ p0 + 16, /* SGN_CKSUM */
+ 8, /* SGN_CKSUM_LEN */
+ k6_data,
+ sizeof(k6_data));
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ {
+ EVP_CIPHER_CTX rc4_key;
+
+ EVP_CIPHER_CTX_init(&rc4_key);
+ EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ EVP_Cipher(&rc4_key, snd_seq, p0 + 8, 8); /* SND_SEQ */
+ EVP_CIPHER_CTX_cleanup(&rc4_key);
+
+ memset(k6_data, 0, sizeof(k6_data));
+ }
+
+ _gsskrb5_decode_be_om_uint32(snd_seq, &seq_number);
+
+ if (ctx->more_flags & LOCAL) {
+ cmp = memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4);
+ } else {
+ cmp = memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4);
+ }
+ if (cmp != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ if (ctx->more_flags & LOCAL) {
+ cmp = memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4);
+ } else {
+ cmp = memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4);
+ }
+ if (cmp != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ /* keyblock */
+ Klocal.keytype = key->keytype;
+ Klocal.keyvalue.data = Klocaldata;
+ Klocal.keyvalue.length = sizeof(Klocaldata);
+
+ for (i = 0; i < 16; i++) {
+ Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
+ }
+
+ kret = arcfour_mic_key(context,
+ &Klocal,
+ snd_seq,
+ 4,
+ k6_data, sizeof(k6_data));
+ memset(Klocaldata, 0, sizeof(Klocaldata));
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (conf_state == 1) {
+ EVP_CIPHER_CTX rc4_key;
+
+ EVP_CIPHER_CTX_init(&rc4_key);
+ EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+
+ /* Confounder */
+ EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
+
+ /* Data */
+ for (i = 0; i < iov_count; i++) {
+ switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ break;
+ default:
+ continue;
+ }
+
+ EVP_Cipher(&rc4_key, iov[i].buffer.value,
+ iov[i].buffer.value, iov[i].buffer.length);
+ }
+
+ /* Padding */
+ if (padding) {
+ EVP_Cipher(&rc4_key, padding->buffer.value,
+ padding->buffer.value, padding->buffer.length);
+ }
+
+ EVP_CIPHER_CTX_cleanup(&rc4_key);
+ } else {
+ /* Confounder */
+ memcpy(Confounder, p0 + 24, 8);
+ }
+ memset(k6_data, 0, sizeof(k6_data));
+
+ /* Prepare the buffer for signing */
+ kret = arcfour_mic_cksum_iov(context,
+ key, KRB5_KU_USAGE_SEAL,
+ cksum_data, sizeof(cksum_data),
+ p0, 8,
+ Confounder, sizeof(Confounder),
+ iov, iov_count,
+ padding);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
+ if (cmp != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ if (padding) {
+ size_t plen;
+
+ ret = _gssapi_verify_pad(&padding->buffer, 1, &plen);
+ if (ret) {
+ *minor_status = 0;
+ return ret;
+ }
+ }
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gssapi_msg_order_check(ctx->order, seq_number);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret != 0) {
+ return ret;
+ }
+
+ if (pconf_state) {
+ *pconf_state = conf_state;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/lib/gssapi/krb5/authorize_localname.c b/lib/gssapi/krb5/authorize_localname.c
index 4bab062ac4ce..5621c1f9cfe0 100644
--- a/lib/gssapi/krb5/authorize_localname.c
+++ b/lib/gssapi/krb5/authorize_localname.c
@@ -34,7 +34,7 @@
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_authorize_localname(OM_uint32 *minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_const_buffer_t user_name,
gss_const_OID user_name_type)
{
diff --git a/lib/gssapi/krb5/canonicalize_name.c b/lib/gssapi/krb5/canonicalize_name.c
index 7fc921bac095..62de42358f62 100644
--- a/lib/gssapi/krb5/canonicalize_name.c
+++ b/lib/gssapi/krb5/canonicalize_name.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_canonicalize_name (
OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t * output_name
)
@@ -48,7 +48,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_canonicalize_name (
GSSAPI_KRB5_INIT (&context);
- ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, input_name, &name);
+ ret = _gsskrb5_canon_name(minor_status, context, input_name, &name);
if (ret)
return ret;
diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c
index 3c1536b60ea5..29fecca861ce 100644
--- a/lib/gssapi/krb5/cfx.c
+++ b/lib/gssapi/krb5/cfx.c
@@ -391,7 +391,6 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
if (IS_DCE_STYLE(ctx))
rrc -= ec;
gsshsize += gsstsize;
- gsstsize = 0;
} else if (GSS_IOV_BUFFER_FLAGS(trailer->type) & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
major_status = _gk_allocate_buffer(minor_status, trailer, gsstsize);
if (major_status)
@@ -683,6 +682,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
if (iov[i].buffer.length <= skip) {
skip -= iov[i].buffer.length;
} else {
+ /* copy back to original buffer */
memcpy(((uint8_t *)iov[i].buffer.value) + skip, q, iov[i].buffer.length - skip);
q += iov[i].buffer.length - skip;
skip = 0;
@@ -697,13 +697,14 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING ||
GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
{
- memcpy(q, iov[i].buffer.value, min(iov[i].buffer.length, skip));
+ memcpy(iov[i].buffer.value, q, min(iov[i].buffer.length, skip));
if (iov[i].buffer.length > skip)
break;
skip -= iov[i].buffer.length;
q += iov[i].buffer.length;
}
}
+ free(p);
return GSS_S_COMPLETE;
}
@@ -930,7 +931,6 @@ _gssapi_unwrap_cfx_iov(OM_uint32 *minor_status,
}
gsshsize += gsstsize;
- gsstsize = 0;
} else if (trailer->buffer.length != gsstsize) {
major_status = GSS_S_DEFECTIVE_TOKEN;
goto failure;
diff --git a/lib/gssapi/krb5/compare_name.c b/lib/gssapi/krb5/compare_name.c
index 7409d45fcb89..4a37e877df5d 100644
--- a/lib/gssapi/krb5/compare_name.c
+++ b/lib/gssapi/krb5/compare_name.c
@@ -35,8 +35,8 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_compare_name
(OM_uint32 * minor_status,
- const gss_name_t name1,
- const gss_name_t name2,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
int * name_equal
)
{
diff --git a/lib/gssapi/krb5/context_time.c b/lib/gssapi/krb5/context_time.c
index cb1550011cd7..58249cb5a311 100644
--- a/lib/gssapi/krb5/context_time.c
+++ b/lib/gssapi/krb5/context_time.c
@@ -36,27 +36,28 @@
OM_uint32
_gsskrb5_lifetime_left(OM_uint32 *minor_status,
krb5_context context,
- OM_uint32 lifetime,
+ OM_uint32 endtime,
OM_uint32 *lifetime_rec)
{
- krb5_timestamp timeret;
+ krb5_timestamp now;
krb5_error_code kret;
- if (lifetime == 0) {
+ if (endtime == 0) {
*lifetime_rec = GSS_C_INDEFINITE;
return GSS_S_COMPLETE;
}
- kret = krb5_timeofday(context, &timeret);
+ kret = krb5_timeofday(context, &now);
if (kret) {
+ *lifetime_rec = 0;
*minor_status = kret;
return GSS_S_FAILURE;
}
- if (lifetime < timeret)
+ if (endtime < now)
*lifetime_rec = 0;
else
- *lifetime_rec = lifetime - timeret;
+ *lifetime_rec = endtime - now;
return GSS_S_COMPLETE;
}
@@ -64,23 +65,23 @@ _gsskrb5_lifetime_left(OM_uint32 *minor_status,
OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 * time_rec
)
{
krb5_context context;
- OM_uint32 lifetime;
+ OM_uint32 endtime;
OM_uint32 major_status;
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
GSSAPI_KRB5_INIT (&context);
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
- lifetime = ctx->lifetime;
+ endtime = ctx->endtime;
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
major_status = _gsskrb5_lifetime_left(minor_status, context,
- lifetime, time_rec);
+ endtime, time_rec);
if (major_status != GSS_S_COMPLETE)
return major_status;
diff --git a/lib/gssapi/krb5/copy_ccache.c b/lib/gssapi/krb5/copy_ccache.c
index e332d29c84aa..14296bccd7e2 100644
--- a/lib/gssapi/krb5/copy_ccache.c
+++ b/lib/gssapi/krb5/copy_ccache.c
@@ -89,6 +89,8 @@ _gsskrb5_krb5_import_cred(OM_uint32 *minor_status,
handle->usage = 0;
if (id) {
+ time_t now;
+ OM_uint32 left;
char *str;
handle->usage |= GSS_C_INITIATE;
@@ -116,17 +118,18 @@ _gsskrb5_krb5_import_cred(OM_uint32 *minor_status,
}
}
+ krb5_timeofday(context, &now);
ret = __gsskrb5_ccache_lifetime(minor_status,
context,
id,
handle->principal,
- &handle->lifetime);
+ &left);
if (ret != GSS_S_COMPLETE) {
krb5_free_principal(context, handle->principal);
free(handle);
return ret;
}
-
+ handle->endtime = now + left;
kret = krb5_cc_get_full_name(context, id, &str);
if (kret)
diff --git a/lib/gssapi/krb5/creds.c b/lib/gssapi/krb5/creds.c
index fa45d19b9812..1cc3ac848ad0 100644
--- a/lib/gssapi/krb5/creds.c
+++ b/lib/gssapi/krb5/creds.c
@@ -62,6 +62,9 @@ _gsskrb5_export_cred(OM_uint32 *minor_status,
type = krb5_cc_get_type(context, handle->ccache);
if (strcmp(type, "MEMORY") == 0) {
krb5_creds *creds;
+ krb5_data config_start_realm;
+ char *start_realm;
+
ret = krb5_store_uint32(sp, 0);
if (ret) {
krb5_storage_free(sp);
@@ -69,9 +72,25 @@ _gsskrb5_export_cred(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- ret = _krb5_get_krbtgt(context, handle->ccache,
- handle->principal->realm,
- &creds);
+ ret = krb5_cc_get_config(context, handle->ccache, NULL, "start_realm",
+ &config_start_realm);
+ if (ret == 0) {
+ start_realm = strndup(config_start_realm.data,
+ config_start_realm.length);
+ krb5_data_free(&config_start_realm);
+ } else {
+ start_realm = strdup(krb5_principal_get_realm(context,
+ handle->principal));
+ }
+ if (start_realm == NULL) {
+ *minor_status = krb5_enomem(context);
+ krb5_storage_free(sp);
+ return GSS_S_FAILURE;
+ }
+
+ ret = _krb5_get_krbtgt(context, handle->ccache, start_realm, &creds);
+ free(start_realm);
+ start_realm = NULL;
if (ret) {
krb5_storage_free(sp);
*minor_status = ret;
@@ -210,6 +229,10 @@ _gsskrb5_import_cred(OM_uint32 * minor_status,
ret = krb5_cc_store_cred(context, id, &creds);
krb5_free_cred_contents(context, &creds);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c
index 640c064d0bf1..86085f569501 100644
--- a/lib/gssapi/krb5/decapsulate.c
+++ b/lib/gssapi/krb5/decapsulate.c
@@ -190,6 +190,9 @@ _gssapi_verify_pad(gss_buffer_t wrapped_token,
size_t padlength;
int i;
+ if (wrapped_token->length < 1)
+ return GSS_S_BAD_MECH;
+
pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
padlength = *pad;
diff --git a/lib/gssapi/krb5/display_name.c b/lib/gssapi/krb5/display_name.c
index a296399cecad..67cb61e7cb81 100644
--- a/lib/gssapi/krb5/display_name.c
+++ b/lib/gssapi/krb5/display_name.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_name
(OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t output_name_buffer,
gss_OID * output_name_type
)
diff --git a/lib/gssapi/krb5/duplicate_name.c b/lib/gssapi/krb5/duplicate_name.c
index 0bc57e8a03ed..43519d6a2d53 100644
--- a/lib/gssapi/krb5/duplicate_name.c
+++ b/lib/gssapi/krb5/duplicate_name.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_duplicate_name (
OM_uint32 * minor_status,
- const gss_name_t src_name,
+ gss_const_name_t src_name,
gss_name_t * dest_name
)
{
diff --git a/lib/gssapi/krb5/export_name.c b/lib/gssapi/krb5/export_name.c
index 32368d3ccefd..1686a6570af5 100644
--- a/lib/gssapi/krb5/export_name.c
+++ b/lib/gssapi/krb5/export_name.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_export_name
(OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t exported_name
)
{
diff --git a/lib/gssapi/krb5/export_sec_context.c b/lib/gssapi/krb5/export_sec_context.c
index eeb2743b4322..b500f4230cd3 100644
--- a/lib/gssapi/krb5/export_sec_context.c
+++ b/lib/gssapi/krb5/export_sec_context.c
@@ -34,9 +34,9 @@
#include "gsskrb5_locl.h"
OM_uint32 GSSAPI_CALLCONV
-_gsskrb5_export_sec_context (
- OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
+_gsskrb5_export_sec_context(
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
gss_buffer_t interprocess_token
)
{
@@ -204,7 +204,11 @@ _gsskrb5_export_sec_context (
*minor_status = kret;
goto failure;
}
- kret = krb5_store_int32 (sp, ctx->lifetime);
+ /*
+ * XXX We should put a 64-bit int here, but we don't have a
+ * krb5_store_int64() yet.
+ */
+ kret = krb5_store_int32 (sp, ctx->endtime);
if (kret) {
*minor_status = kret;
goto failure;
diff --git a/lib/gssapi/krb5/external.c b/lib/gssapi/krb5/external.c
index 26ede2487d30..deae016bc96b 100644
--- a/lib/gssapi/krb5/external.c
+++ b/lib/gssapi/krb5/external.c
@@ -202,67 +202,131 @@ static gss_mo_desc krb5_mo[] = {
},
{
GSS_C_MA_MECH_CONCRETE,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_ITOK_FRAMED,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_AUTH_INIT,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_AUTH_TARG,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_AUTH_INIT_ANON,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_DELEG_CRED,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_INTEG_PROT,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_CONF_PROT,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_MIC,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_WRAP,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_PROT_READY,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_REPLAY_DET,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_OOS_DET,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_CBINDINGS,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_PFS,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_CTX_TRANS,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
}
};
@@ -324,7 +388,7 @@ static gssapi_mech_interface_desc krb5_mech = {
NULL,
krb5_mo,
sizeof(krb5_mo) / sizeof(krb5_mo[0]),
- _gsskrb5_pname_to_uid,
+ _gsskrb5_localname,
_gsskrb5_authorize_localname,
NULL,
NULL,
diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c
index 0109ca7c6e76..643385d9e892 100644
--- a/lib/gssapi/krb5/get_mic.c
+++ b/lib/gssapi/krb5/get_mic.c
@@ -275,7 +275,7 @@ mic_des3
OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token
@@ -285,7 +285,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
krb5_keyblock *key;
OM_uint32 ret;
- krb5_keytype keytype;
GSSAPI_KRB5_INIT (&context);
@@ -300,10 +299,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
*minor_status = ret;
return GSS_S_FAILURE;
}
- krb5_enctype_to_keytype (context, key->keytype, &keytype);
- switch (keytype) {
- case KEYTYPE_DES :
+ switch (key->keytype) {
+ case KRB5_ENCTYPE_DES_CBC_CRC :
+ case KRB5_ENCTYPE_DES_CBC_MD4 :
+ case KRB5_ENCTYPE_DES_CBC_MD5 :
#ifdef HEIM_WEAK_CRYPTO
ret = mic_des (minor_status, ctx, context, qop_req,
message_buffer, message_token, key);
@@ -311,12 +311,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
ret = GSS_S_FAILURE;
#endif
break;
- case KEYTYPE_DES3 :
+ case KRB5_ENCTYPE_DES3_CBC_MD5 :
+ case KRB5_ENCTYPE_DES3_CBC_SHA1 :
ret = mic_des3 (minor_status, ctx, context, qop_req,
message_buffer, message_token, key);
break;
- case KEYTYPE_ARCFOUR:
- case KEYTYPE_ARCFOUR_56:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req,
message_buffer, message_token, key);
break;
diff --git a/lib/gssapi/krb5/gsskrb5-private.h b/lib/gssapi/krb5/gsskrb5-private.h
index 2a669d867f16..e05d4a6b6da6 100644
--- a/lib/gssapi/krb5/gsskrb5-private.h
+++ b/lib/gssapi/krb5/gsskrb5-private.h
@@ -179,6 +179,17 @@ _gssapi_unwrap_cfx_iov (
int /*iov_count*/);
OM_uint32
+_gssapi_unwrap_iov_arcfour (
+ OM_uint32 */*minor_status*/,
+ gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ int */*pconf_state*/,
+ gss_qop_t */*pqop_state*/,
+ gss_iov_buffer_desc */*iov*/,
+ int /*iov_count*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
_gssapi_verify_mech_header (
u_char **/*str*/,
size_t /*total_len*/,
@@ -243,6 +254,28 @@ _gssapi_wrap_cfx_iov (
int /*iov_count*/);
OM_uint32
+_gssapi_wrap_iov_arcfour (
+ OM_uint32 */*minor_status*/,
+ gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ int /*conf_req_flag*/,
+ int */*conf_state*/,
+ gss_iov_buffer_desc */*iov*/,
+ int /*iov_count*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_wrap_iov_length_arcfour (
+ OM_uint32 */*minor_status*/,
+ gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ int */*conf_state*/,
+ gss_iov_buffer_desc */*iov*/,
+ int /*iov_count*/);
+
+OM_uint32
_gssapi_wrap_iov_length_cfx (
OM_uint32 */*minor_status*/,
gsskrb5_ctx /*ctx*/,
@@ -278,7 +311,7 @@ OM_uint32 GSSAPI_CALLCONV
_gsskrb5_accept_sec_context (
OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_cred_id_t /*acceptor_cred_handle*/,
+ gss_const_cred_id_t /*acceptor_cred_handle*/,
const gss_buffer_t /*input_token_buffer*/,
const gss_channel_bindings_t /*input_chan_bindings*/,
gss_name_t * /*src_name*/,
@@ -291,7 +324,7 @@ _gsskrb5_accept_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_acquire_cred (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*desired_name*/,
+ gss_const_name_t /*desired_name*/,
OM_uint32 /*time_req*/,
const gss_OID_set /*desired_mechs*/,
gss_cred_usage_t /*cred_usage*/,
@@ -302,7 +335,7 @@ _gsskrb5_acquire_cred (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_acquire_cred_ext (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*desired_name*/,
+ gss_const_name_t /*desired_name*/,
gss_const_OID /*credential_type*/,
const void */*credential_data*/,
OM_uint32 /*time_req*/,
@@ -313,8 +346,8 @@ _gsskrb5_acquire_cred_ext (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_add_cred (
OM_uint32 */*minor_status*/,
- const gss_cred_id_t /*input_cred_handle*/,
- const gss_name_t /*desired_name*/,
+ gss_const_cred_id_t /*input_cred_handle*/,
+ gss_const_name_t /*desired_name*/,
const gss_OID /*desired_mech*/,
gss_cred_usage_t /*cred_usage*/,
OM_uint32 /*initiator_time_req*/,
@@ -327,7 +360,7 @@ _gsskrb5_add_cred (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_authorize_localname (
OM_uint32 */*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_const_buffer_t /*user_name*/,
gss_const_OID /*user_name_type*/);
@@ -335,15 +368,13 @@ OM_uint32
_gsskrb5_canon_name (
OM_uint32 */*minor_status*/,
krb5_context /*context*/,
- int /*use_dns*/,
- krb5_const_principal /*sourcename*/,
- gss_name_t /*targetname*/,
+ gss_const_name_t /*targetname*/,
krb5_principal */*out*/);
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_canonicalize_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
const gss_OID /*mech_type*/,
gss_name_t * output_name );
@@ -353,14 +384,14 @@ _gsskrb5_clear_status (void);
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_compare_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*name1*/,
- const gss_name_t /*name2*/,
+ gss_const_name_t /*name1*/,
+ gss_const_name_t /*name2*/,
int * name_equal );
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_context_time (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
OM_uint32 * time_rec );
OM_uint32
@@ -406,7 +437,7 @@ _gsskrb5_delete_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_display_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t /*output_name_buffer*/,
gss_OID * output_name_type );
@@ -422,7 +453,7 @@ _gsskrb5_display_status (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_duplicate_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*src_name*/,
+ gss_const_name_t /*src_name*/,
gss_name_t * dest_name );
void
@@ -459,13 +490,13 @@ _gsskrb5_export_cred (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_export_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t exported_name );
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_export_sec_context (
- OM_uint32 * /*minor_status*/,
- gss_ctx_id_t * /*context_handle*/,
+ OM_uint32 */*minor_status*/,
+ gss_ctx_id_t */*context_handle*/,
gss_buffer_t interprocess_token );
ssize_t
@@ -477,7 +508,7 @@ _gsskrb5_get_mech (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_get_mic (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*message_buffer*/,
gss_buffer_t message_token );
@@ -518,9 +549,9 @@ _gsskrb5_init (krb5_context */*context*/);
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_init_sec_context (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_name_t /*target_name*/,
+ gss_const_name_t /*target_name*/,
const gss_OID /*mech_type*/,
OM_uint32 /*req_flags*/,
OM_uint32 /*time_req*/,
@@ -534,7 +565,7 @@ _gsskrb5_init_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_inquire_context (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_name_t * /*src_name*/,
gss_name_t * /*targ_name*/,
OM_uint32 * /*lifetime_rec*/,
@@ -546,7 +577,7 @@ _gsskrb5_inquire_context (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_inquire_cred (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
gss_name_t * /*output_name*/,
OM_uint32 * /*lifetime*/,
gss_cred_usage_t * /*cred_usage*/,
@@ -555,7 +586,7 @@ _gsskrb5_inquire_cred (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_inquire_cred_by_mech (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
const gss_OID /*mech_type*/,
gss_name_t * /*name*/,
OM_uint32 * /*initiator_lifetime*/,
@@ -565,14 +596,14 @@ _gsskrb5_inquire_cred_by_mech (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_inquire_cred_by_oid (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t */*data_set*/);
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_inquire_mechs_for_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_OID_set * mech_types );
OM_uint32 GSSAPI_CALLCONV
@@ -584,7 +615,7 @@ _gsskrb5_inquire_names_for_mech (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_inquire_sec_context_by_oid (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t */*data_set*/);
@@ -606,9 +637,16 @@ OM_uint32
_gsskrb5_lifetime_left (
OM_uint32 */*minor_status*/,
krb5_context /*context*/,
- OM_uint32 /*lifetime*/,
+ OM_uint32 /*endtime*/,
OM_uint32 */*lifetime_rec*/);
+OM_uint32 GSSAPI_CALLCONV
+_gsskrb5_localname (
+ OM_uint32 */*minor_status*/,
+ gss_const_name_t /*pname*/,
+ const gss_OID /*mech_type*/,
+ gss_buffer_t /*localname*/);
+
void *
_gsskrb5_make_header (
void */*ptr*/,
@@ -617,16 +655,9 @@ _gsskrb5_make_header (
const gss_OID /*mech*/);
OM_uint32 GSSAPI_CALLCONV
-_gsskrb5_pname_to_uid (
- OM_uint32 */*minor_status*/,
- const gss_name_t /*pname*/,
- const gss_OID /*mech_type*/,
- uid_t */*uidp*/);
-
-OM_uint32 GSSAPI_CALLCONV
_gsskrb5_process_context_token (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t token_buffer );
OM_uint32 GSSAPI_CALLCONV
@@ -692,7 +723,7 @@ _gsskrb5_store_cred (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_unwrap (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*input_message_buffer*/,
gss_buffer_t /*output_message_buffer*/,
int * /*conf_state*/,
@@ -716,7 +747,7 @@ _gsskrb5_verify_header (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_verify_mic (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*message_buffer*/,
const gss_buffer_t /*token_buffer*/,
gss_qop_t * qop_state );
@@ -734,7 +765,7 @@ _gsskrb5_verify_mic_internal (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_wrap (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*input_message_buffer*/,
@@ -744,7 +775,7 @@ _gsskrb5_wrap (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_wrap_size_limit (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
OM_uint32 /*req_output_size*/,
diff --git a/lib/gssapi/krb5/gsskrb5_locl.h b/lib/gssapi/krb5/gsskrb5_locl.h
index 6b9b03f34908..4119730576fc 100644
--- a/lib/gssapi/krb5/gsskrb5_locl.h
+++ b/lib/gssapi/krb5/gsskrb5_locl.h
@@ -81,7 +81,7 @@ typedef struct gsskrb5_ctx {
krb5_creds *kcred;
krb5_ccache ccache;
struct krb5_ticket *ticket;
- OM_uint32 lifetime;
+ time_t endtime;
HEIMDAL_MUTEX ctx_id_mutex;
struct gss_msg_order *order;
krb5_keyblock *service_keyblock;
@@ -95,7 +95,7 @@ typedef struct {
#define GSS_CF_DESTROY_CRED_ON_RELEASE 1
#define GSS_CF_NO_CI_FLAGS 2
struct krb5_keytab_data *keytab;
- OM_uint32 lifetime;
+ time_t endtime;
gss_cred_usage_t usage;
gss_OID_set mechanisms;
struct krb5_ccache_data *ccache;
@@ -134,7 +134,4 @@ extern HEIMDAL_MUTEX gssapi_keytab_mutex;
#define SC_LOCAL_SUBKEY 0x08
#define SC_REMOTE_SUBKEY 0x10
-/* type to signal that that dns canon maybe should be done */
-#define MAGIC_HOSTBASED_NAME_TYPE 4711
-
#endif
diff --git a/lib/gssapi/krb5/import_name.c b/lib/gssapi/krb5/import_name.c
index 5fe512672f95..6a362640b6fe 100644
--- a/lib/gssapi/krb5/import_name.c
+++ b/lib/gssapi/krb5/import_name.c
@@ -83,26 +83,21 @@ import_krb5_name (OM_uint32 *minor_status,
OM_uint32
_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
- int use_dns, krb5_const_principal sourcename, gss_name_t targetname,
- krb5_principal *out)
+ gss_const_name_t targetname, krb5_principal *out)
{
- krb5_principal p = (krb5_principal)targetname;
+ krb5_const_principal p = (krb5_const_principal)targetname;
krb5_error_code ret;
char *hostname = NULL, *service;
+ int type;
+ const char *comp;
*minor_status = 0;
/* If its not a hostname */
- if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) {
- ret = krb5_copy_principal(context, p, out);
- } else if (!use_dns) {
- ret = krb5_copy_principal(context, p, out);
- if (ret)
- goto out;
- krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
- if (sourcename)
- ret = krb5_principal_set_realm(context, *out, sourcename->realm);
- } else {
+ type = krb5_principal_get_type(context, p);
+ comp = krb5_principal_get_comp_string(context, p, 0);
+ if (type == KRB5_NT_SRV_HST || type == KRB5_NT_SRV_HST_NEEDS_CANON ||
+ (type == KRB5_NT_UNKNOWN && comp != NULL && strcmp(comp, "host") == 0)) {
if (p->name.name_string.len == 0)
return GSS_S_BAD_NAME;
else if (p->name.name_string.len > 1)
@@ -115,9 +110,10 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
service,
KRB5_NT_SRV_HST,
out);
+ } else {
+ ret = krb5_copy_principal(context, p, out);
}
- out:
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
@@ -128,10 +124,10 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
- krb5_context context,
- const gss_buffer_t input_name_buffer,
- gss_name_t *output_name)
+import_hostbased_name(OM_uint32 *minor_status,
+ krb5_context context,
+ const gss_buffer_t input_name_buffer,
+ gss_name_t *output_name)
{
krb5_principal princ = NULL;
krb5_error_code kerr;
@@ -153,7 +149,7 @@ import_hostbased_name (OM_uint32 *minor_status,
host = p + 1;
}
- kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL);
+ kerr = krb5_make_principal(context, &princ, "", tmp, host, NULL);
free (tmp);
*minor_status = kerr;
if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
@@ -161,7 +157,7 @@ import_hostbased_name (OM_uint32 *minor_status,
else if (kerr)
return GSS_S_FAILURE;
- krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE);
+ krb5_principal_set_type(context, princ, KRB5_NT_SRV_HST);
*output_name = (gss_name_t)princ;
return 0;
diff --git a/lib/gssapi/krb5/import_sec_context.c b/lib/gssapi/krb5/import_sec_context.c
index 3bab1802b3c9..e34e07115a5f 100644
--- a/lib/gssapi/krb5/import_sec_context.c
+++ b/lib/gssapi/krb5/import_sec_context.c
@@ -192,9 +192,13 @@ _gsskrb5_import_sec_context (
if (krb5_ret_int32 (sp, &tmp))
goto failure;
ctx->more_flags = tmp;
+ /*
+ * XXX endtime should be a 64-bit int, but we don't have
+ * krb5_ret_int64() yet.
+ */
if (krb5_ret_int32 (sp, &tmp))
goto failure;
- ctx->lifetime = tmp;
+ ctx->endtime = tmp;
ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order);
if (ret)
diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
index 5f8b01b72707..4ef5c9c7123a 100644
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -128,7 +128,7 @@ _gsskrb5_create_ctx(
ctx->service_keyblock = NULL;
ctx->ticket = NULL;
krb5_data_zero(&ctx->fwd_data);
- ctx->lifetime = GSS_C_INDEFINITE;
+ ctx->endtime = 0;
ctx->order = NULL;
ctx->crypto = NULL;
HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
@@ -137,6 +137,7 @@ _gsskrb5_create_ctx(
if (kret) {
*minor_status = kret;
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ free(ctx);
return GSS_S_FAILURE;
}
@@ -145,6 +146,7 @@ _gsskrb5_create_ctx(
*minor_status = kret;
krb5_auth_con_free(context, ctx->auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ free(ctx);
return GSS_S_FAILURE;
}
@@ -156,7 +158,7 @@ _gsskrb5_create_ctx(
krb5_auth_con_free(context, ctx->deleg_auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
+ free(ctx);
return GSS_S_BAD_BINDINGS;
}
@@ -168,7 +170,7 @@ _gsskrb5_create_ctx(
krb5_auth_con_free(context, ctx->deleg_auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
+ free(ctx);
return GSS_S_BAD_BINDINGS;
}
@@ -204,8 +206,7 @@ gsskrb5_get_creds(
krb5_context context,
krb5_ccache ccache,
gsskrb5_ctx ctx,
- const gss_name_t target_name,
- int use_dns,
+ gss_const_name_t target_name,
OM_uint32 time_req,
OM_uint32 * time_rec)
{
@@ -223,8 +224,8 @@ gsskrb5_get_creds(
ctx->kcred = NULL;
}
- ret = _gsskrb5_canon_name(minor_status, context, use_dns,
- ctx->source, target_name, &ctx->target);
+ ret = _gsskrb5_canon_name(minor_status, context, target_name,
+ &ctx->target);
if (ret)
return ret;
@@ -253,10 +254,10 @@ gsskrb5_get_creds(
return GSS_S_FAILURE;
}
- ctx->lifetime = ctx->kcred->times.endtime;
+ ctx->endtime = ctx->kcred->times.endtime;
ret = _gsskrb5_lifetime_left(minor_status, context,
- ctx->lifetime, &lifetime_rec);
+ ctx->endtime, &lifetime_rec);
if (ret) return ret;
if (lifetime_rec == 0) {
@@ -344,8 +345,7 @@ do_delegation (krb5_context context,
fwd_flags.forwarded = 1;
fwd_flags.forwardable = 1;
- if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
- name->name.name_string.len < 2)
+ if (name->name.name_string.len < 2)
goto out;
kret = krb5_get_forwarded_creds(context,
@@ -378,7 +378,7 @@ init_auth
gsskrb5_cred cred,
gsskrb5_ctx ctx,
krb5_context context,
- gss_name_t name,
+ gss_const_name_t name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -391,12 +391,9 @@ init_auth
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
- krb5_data outbuf;
krb5_data fwd_data;
OM_uint32 lifetime_rec;
- int allow_dns = 1;
- krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
*minor_status = 0;
@@ -425,44 +422,17 @@ init_auth
/*
* This is hideous glue for (NFS) clients that wants to limit the
* available enctypes to what it can support (encryption in
- * kernel). If there is no enctypes selected for this credential,
- * reset it to the default set of enctypes.
+ * kernel).
*/
- {
- krb5_enctype *enctypes = NULL;
+ if (cred && cred->enctypes)
+ krb5_set_default_in_tkt_etypes(context, cred->enctypes);
- if (cred && cred->enctypes)
- enctypes = cred->enctypes;
- krb5_set_default_in_tkt_etypes(context, enctypes);
- }
-
- /* canon name if needed for client + target realm */
- kret = krb5_cc_get_config(context, ctx->ccache, NULL,
- "realm-config", &outbuf);
- if (kret == 0) {
- /* XXX 2 is no server canon */
- if (outbuf.length < 1 || ((((unsigned char *)outbuf.data)[0]) & 2))
- allow_dns = 0;
- krb5_data_free(&outbuf);
- }
-
- /*
- * First we try w/o dns, hope that the KDC have register alias
- * (and referrals if cross realm) for this principal. If that
- * fails and if we are allowed to using this realm try again with
- * DNS canonicalizion.
- */
ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
- ctx, name, 0, time_req,
- time_rec);
- if (ret && allow_dns)
- ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
- ctx, name, 1, time_req,
- time_rec);
+ ctx, name, time_req, time_rec);
if (ret)
goto failure;
- ctx->lifetime = ctx->kcred->times.endtime;
+ ctx->endtime = ctx->kcred->times.endtime;
ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
if (ret)
@@ -470,7 +440,7 @@ init_auth
ret = _gsskrb5_lifetime_left(minor_status,
context,
- ctx->lifetime,
+ ctx->endtime,
&lifetime_rec);
if (ret)
goto failure;
@@ -817,14 +787,11 @@ repl_mutual
repl);
*minor_status = 0;
- if (time_rec) {
- ret = _gsskrb5_lifetime_left(minor_status,
- context,
- ctx->lifetime,
- time_rec);
- } else {
- ret = GSS_S_COMPLETE;
- }
+ if (time_rec)
+ _gsskrb5_lifetime_left(minor_status,
+ context,
+ ctx->endtime,
+ time_rec);
if (ret_flags)
*ret_flags = ctx->flags;
@@ -865,9 +832,9 @@ repl_mutual
OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
+ gss_const_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
diff --git a/lib/gssapi/krb5/inquire_context.c b/lib/gssapi/krb5/inquire_context.c
index ade8ec4b9cb6..e225c33ba2be 100644
--- a/lib/gssapi/krb5/inquire_context.c
+++ b/lib/gssapi/krb5/inquire_context.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_context (
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
@@ -76,7 +76,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_context (
if (lifetime_rec) {
ret = _gsskrb5_lifetime_left(minor_status,
context,
- ctx->lifetime,
+ ctx->endtime,
lifetime_rec);
if (ret)
goto failed;
diff --git a/lib/gssapi/krb5/inquire_cred.c b/lib/gssapi/krb5/inquire_cred.c
index f88199692cd7..1770fec76eab 100644
--- a/lib/gssapi/krb5/inquire_cred.c
+++ b/lib/gssapi/krb5/inquire_cred.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
gss_name_t * output_name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
@@ -45,136 +45,179 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
krb5_context context;
gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
- gsskrb5_cred acred = NULL, icred = NULL;
+ gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
+ gss_OID_set amechs = GSS_C_NO_OID_SET;
+ gss_OID_set imechs = GSS_C_NO_OID_SET;
+ OM_uint32 junk;
+ OM_uint32 aminor;
OM_uint32 ret;
+ OM_uint32 aret;
+ OM_uint32 alife = GSS_C_INDEFINITE;
+ OM_uint32 ilife = GSS_C_INDEFINITE;
+
+ /*
+ * XXX This function is more complex than it has to be. It should call
+ * _gsskrb5_inquire_cred_by_mech() twice and merge the results in the
+ * cred_handle == GSS_C_NO_CREDENTIAL case, but since
+ * _gsskrb5_inquire_cred_by_mech() is implemented in terms of this
+ * function, first we must fix _gsskrb5_inquire_cred_by_mech().
+ */
*minor_status = 0;
if (output_name)
- *output_name = NULL;
+ *output_name = GSS_C_NO_NAME;
+ if (cred_usage)
+ *cred_usage = GSS_C_BOTH; /* There's no NONE */
if (mechanisms)
- *mechanisms = GSS_C_NO_OID_SET;
+ *mechanisms = GSS_C_NO_OID_SET;
GSSAPI_KRB5_INIT (&context);
if (cred_handle == GSS_C_NO_CREDENTIAL) {
- ret = _gsskrb5_acquire_cred(minor_status,
- GSS_C_NO_NAME,
- GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET,
- GSS_C_ACCEPT,
- &aqcred_accept,
- NULL,
- NULL);
- if (ret == GSS_S_COMPLETE)
- acred = (gsskrb5_cred)aqcred_accept;
-
- ret = _gsskrb5_acquire_cred(minor_status,
- GSS_C_NO_NAME,
- GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET,
- GSS_C_INITIATE,
- &aqcred_init,
- NULL,
- NULL);
- if (ret == GSS_S_COMPLETE)
- icred = (gsskrb5_cred)aqcred_init;
-
- if (icred == NULL && acred == NULL) {
- *minor_status = 0;
- return GSS_S_NO_CRED;
- }
- } else
- acred = (gsskrb5_cred)cred_handle;
+ /*
+ * From here to the end of this if we should refactor into a separate
+ * function.
+ */
+ /* Get the info for the default ACCEPT credential */
+ aret = _gsskrb5_acquire_cred(&aminor,
+ GSS_C_NO_NAME,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ GSS_C_ACCEPT,
+ &aqcred_accept,
+ NULL,
+ NULL);
+ if (aret == GSS_S_COMPLETE) {
+ aret = _gsskrb5_inquire_cred(&aminor,
+ aqcred_accept,
+ output_name,
+ &alife,
+ NULL,
+ &amechs);
+ (void) _gsskrb5_release_cred(&junk, &aqcred_accept);
+ if (aret == GSS_S_COMPLETE) {
+ output_name = NULL; /* Can't merge names; output only one */
+ if (cred_usage)
+ *cred_usage = GSS_C_ACCEPT;
+ if (lifetime)
+ *lifetime = alife;
+ if (mechanisms) {
+ *mechanisms = amechs;
+ amechs = GSS_C_NO_OID_SET;
+ }
+ (void) gss_release_oid_set(&junk, &amechs);
+ } else if (aret != GSS_S_NO_CRED) {
+ *minor_status = aminor;
+ return aret;
+ } else {
+ alife = GSS_C_INDEFINITE;
+ }
+ }
+
+ /* Get the info for the default INITIATE credential */
+ ret = _gsskrb5_acquire_cred(minor_status,
+ GSS_C_NO_NAME,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ GSS_C_INITIATE,
+ &aqcred_init,
+ NULL,
+ NULL);
+ if (ret == GSS_S_COMPLETE) {
+ ret = _gsskrb5_inquire_cred(minor_status,
+ aqcred_init,
+ output_name,
+ &ilife,
+ NULL,
+ &imechs);
+ (void) _gsskrb5_release_cred(&junk, &aqcred_init);
+ if (ret == GSS_S_COMPLETE) {
+ /*
+ * Merge results for INITIATE with ACCEPT if we had ACCEPT and
+ * for those outputs that are desired.
+ */
+ if (cred_usage) {
+ *cred_usage = (*cred_usage == GSS_C_ACCEPT) ?
+ GSS_C_BOTH : GSS_C_INITIATE;
+ }
+ if (lifetime)
+ *lifetime = min(alife, ilife);
+ if (mechanisms) {
+ /*
+ * This is just one mechanism (IAKERB and such would live
+ * elsewhere). imechs will be equal to amechs, though not
+ * ==.
+ */
+ if (aret != GSS_S_COMPLETE) {
+ *mechanisms = imechs;
+ imechs = GSS_C_NO_OID_SET;
+ }
+ }
+ (void) gss_release_oid_set(&junk, &amechs);
+ } else if (ret != GSS_S_NO_CRED) {
+ *minor_status = aminor;
+ return aret;
+ }
+ }
+
+ if (aret != GSS_S_COMPLETE && ret != GSS_S_COMPLETE) {
+ *minor_status = aminor;
+ return aret;
+ }
+ *minor_status = 0; /* Even though 0 is not specified to be special */
+ return GSS_S_COMPLETE;
+ }
- if (acred)
- HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
- if (icred)
- HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
+ HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
if (output_name != NULL) {
- if (icred && icred->principal != NULL) {
- gss_name_t name;
-
- if (acred && acred->principal)
- name = (gss_name_t)acred->principal;
- else
- name = (gss_name_t)icred->principal;
-
+ if (cred->principal != NULL) {
+ gss_name_t name = (gss_name_t)cred->principal;
ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
if (ret)
- goto out;
- } else if (acred && acred->usage == GSS_C_ACCEPT) {
- krb5_principal princ;
- *minor_status = krb5_sname_to_principal(context, NULL,
- NULL, KRB5_NT_SRV_HST,
- &princ);
- if (*minor_status) {
- ret = GSS_S_FAILURE;
- goto out;
- }
- *output_name = (gss_name_t)princ;
- } else {
- krb5_principal princ;
- *minor_status = krb5_get_default_principal(context,
- &princ);
- if (*minor_status) {
- ret = GSS_S_FAILURE;
- goto out;
- }
- *output_name = (gss_name_t)princ;
- }
+ goto out;
+ } else if (cred->usage == GSS_C_ACCEPT) {
+ /*
+ * Keytab case, princ may not be set (yet, ever, whatever).
+ *
+ * We used to unconditionally output the krb5_sname_to_principal()
+ * of the host service for the hostname, but we didn't know if we
+ * had keytab entries for it, so it was incorrect. We can't be
+ * breaking anything in tree by outputting GSS_C_NO_NAME, but we
+ * might be breaking other callers.
+ */
+ *output_name = GSS_C_NO_NAME;
+ } else {
+ /* This shouldn't happen */
+ *minor_status = KRB5_NOCREDS_SUPPLIED; /* XXX */
+ ret = GSS_S_NO_CRED;
+ goto out;
+ }
}
if (lifetime != NULL) {
- OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
-
- if (acred) alife = acred->lifetime;
- if (icred) ilife = icred->lifetime;
-
- ret = _gsskrb5_lifetime_left(minor_status,
- context,
- min(alife,ilife),
- lifetime);
- if (ret)
- goto out;
- }
- if (cred_usage != NULL) {
- if (acred && icred)
- *cred_usage = GSS_C_BOTH;
- else if (acred)
- *cred_usage = GSS_C_ACCEPT;
- else if (icred)
- *cred_usage = GSS_C_INITIATE;
- else
- abort();
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ cred->endtime,
+ lifetime);
+ if (ret)
+ goto out;
}
-
+ if (cred_usage != NULL)
+ *cred_usage = cred->usage;
if (mechanisms != NULL) {
ret = gss_create_empty_oid_set(minor_status, mechanisms);
if (ret)
- goto out;
- if (acred)
- ret = gss_add_oid_set_member(minor_status,
- &acred->mechanisms->elements[0],
- mechanisms);
- if (ret == GSS_S_COMPLETE && icred)
- ret = gss_add_oid_set_member(minor_status,
- &icred->mechanisms->elements[0],
- mechanisms);
+ goto out;
+ ret = gss_add_oid_set_member(minor_status,
+ &cred->mechanisms->elements[0],
+ mechanisms);
if (ret)
- goto out;
+ goto out;
}
ret = GSS_S_COMPLETE;
-out:
- if (acred)
- HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
- if (icred)
- HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
-
- if (aqcred_init != GSS_C_NO_CREDENTIAL)
- ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
- if (aqcred_accept != GSS_C_NO_CREDENTIAL)
- ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
+out:
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
return ret;
}
diff --git a/lib/gssapi/krb5/inquire_cred_by_mech.c b/lib/gssapi/krb5/inquire_cred_by_mech.c
index 7bd9c11c6056..6ce4994ebe08 100644
--- a/lib/gssapi/krb5/inquire_cred_by_mech.c
+++ b/lib/gssapi/krb5/inquire_cred_by_mech.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_mech (
OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
@@ -47,6 +47,10 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_mech (
OM_uint32 maj_stat;
OM_uint32 lifetime;
+ /*
+ * XXX This is busted. _gsskrb5_inquire_cred() should be implemented in
+ * terms of _gsskrb5_inquire_cred_by_mech(), NOT the other way around.
+ */
maj_stat =
_gsskrb5_inquire_cred (minor_status, cred_handle,
name, &lifetime, &usage, NULL);
diff --git a/lib/gssapi/krb5/inquire_cred_by_oid.c b/lib/gssapi/krb5/inquire_cred_by_oid.c
index d560ed4ba1c6..7dae3d25c4ff 100644
--- a/lib/gssapi/krb5/inquire_cred_by_oid.c
+++ b/lib/gssapi/krb5/inquire_cred_by_oid.c
@@ -34,7 +34,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_oid
(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/krb5/inquire_mechs_for_name.c b/lib/gssapi/krb5/inquire_mechs_for_name.c
index 6197a81b40a7..c6c67464fc55 100644
--- a/lib/gssapi/krb5/inquire_mechs_for_name.c
+++ b/lib/gssapi/krb5/inquire_mechs_for_name.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_mechs_for_name (
OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_OID_set * mech_types
)
{
diff --git a/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/lib/gssapi/krb5/inquire_sec_context_by_oid.c
index b57217a4e830..f1ed99320975 100644
--- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -149,7 +149,6 @@ static OM_uint32 inquire_sec_context_get_subkey
}
ret = krb5_store_keyblock(sp, *key);
- krb5_free_keyblock (context, key);
if (ret)
goto out;
@@ -169,6 +168,7 @@ static OM_uint32 inquire_sec_context_get_subkey
}
out:
+ krb5_free_keyblock(context, key);
krb5_data_free(&data);
if (sp)
krb5_storage_free(sp);
@@ -333,7 +333,8 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
if (ret) goto out;
ret = krb5_store_int32(sp, (context_handle->more_flags & LOCAL) ? 1 : 0);
if (ret) goto out;
- ret = krb5_store_int32(sp, context_handle->lifetime);
+ /* XXX need krb5_store_int64() */
+ ret = krb5_store_int32(sp, context_handle->endtime);
if (ret) goto out;
krb5_auth_con_getlocalseqnumber (context,
context_handle->auth_context,
@@ -529,7 +530,7 @@ out:
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid
(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/krb5/pname_to_uid.c b/lib/gssapi/krb5/pname_to_uid.c
index ff754e779813..dca74645de6d 100644
--- a/lib/gssapi/krb5/pname_to_uid.c
+++ b/lib/gssapi/krb5/pname_to_uid.c
@@ -33,53 +33,38 @@
#include "gsskrb5_locl.h"
OM_uint32 GSSAPI_CALLCONV
-_gsskrb5_pname_to_uid(OM_uint32 *minor_status,
- const gss_name_t pname,
- const gss_OID mech_type,
- uid_t *uidp)
+_gsskrb5_localname(OM_uint32 *minor_status,
+ gss_const_name_t pname,
+ const gss_OID mech_type,
+ gss_buffer_t localname)
{
-#ifdef NO_LOCALNAME
- *minor_status = KRB5_NO_LOCALNAME;
- return GSS_S_FAILURE;
-#else
krb5_error_code ret;
krb5_context context;
krb5_const_principal princ = (krb5_const_principal)pname;
- char localname[256];
-#ifdef POSIX_GETPWNAM_R
- char pwbuf[2048];
- struct passwd pw, *pwd;
-#else
- struct passwd *pwd;
-#endif
+ char lnamebuf[256];
GSSAPI_KRB5_INIT(&context);
*minor_status = 0;
ret = krb5_aname_to_localname(context, princ,
- sizeof(localname), localname);
+ sizeof(lnamebuf), lnamebuf);
if (ret != 0) {
*minor_status = ret;
return GSS_S_FAILURE;
}
-#ifdef POSIX_GETPWNAM_R
- if (getpwnam_r(localname, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) {
- *minor_status = KRB5_NO_LOCALNAME;
- return GSS_S_FAILURE;
- }
-#else
- pwd = getpwnam(localname);
-#endif
+ localname->length = strlen(lnamebuf);
- if (pwd == NULL) {
- *minor_status = KRB5_NO_LOCALNAME;
+ localname->value = malloc(localname->length + 1);
+ if (localname->value == NULL) {
+ localname->length = 0;
+ *minor_status = ENOMEM;
return GSS_S_FAILURE;
}
- *uidp = pwd->pw_uid;
+ memcpy(localname->value, lnamebuf, localname->length + 1);
+ *minor_status = 0;
return GSS_S_COMPLETE;
-#endif /* NO_LOCALNAME */
}
diff --git a/lib/gssapi/krb5/prf.c b/lib/gssapi/krb5/prf.c
index 162a3097099f..671ab2c6d982 100644
--- a/lib/gssapi/krb5/prf.c
+++ b/lib/gssapi/krb5/prf.c
@@ -119,7 +119,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
while(dol > 0) {
size_t tsize;
- _gsskrb5_encode_om_uint32(num, input.data);
+ _gsskrb5_encode_be_om_uint32(num, input.data);
ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) {
@@ -133,7 +133,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
tsize = min(dol, output.length);
memcpy(p, output.data, tsize);
- p += output.length;
+ p += tsize;
dol -= tsize;
krb5_data_free(&output);
num++;
diff --git a/lib/gssapi/krb5/process_context_token.c b/lib/gssapi/krb5/process_context_token.c
index 0cc1c07cfbe9..601b0e8a5a8a 100644
--- a/lib/gssapi/krb5/process_context_token.c
+++ b/lib/gssapi/krb5/process_context_token.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t token_buffer
)
{
diff --git a/lib/gssapi/krb5/set_sec_context_option.c b/lib/gssapi/krb5/set_sec_context_option.c
index 141ff722fb64..a0e6fd02c59a 100644
--- a/lib/gssapi/krb5/set_sec_context_option.c
+++ b/lib/gssapi/krb5/set_sec_context_option.c
@@ -178,23 +178,9 @@ _gsskrb5_set_sec_context_option
} else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) {
- if (value == NULL || value->length == 0) {
- krb5_set_send_to_kdc_func(context, NULL, NULL);
- } else {
- struct gsskrb5_send_to_kdc c;
-
- if (value->length != sizeof(c)) {
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
- }
- memcpy(&c, value->value, sizeof(c));
- krb5_set_send_to_kdc_func(context,
- (krb5_send_to_kdc_func)c.func,
- c.ptr);
- }
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
- *minor_status = 0;
- return GSS_S_COMPLETE;
} else if (gss_oid_equal(desired_object, GSS_KRB5_CCACHE_NAME_X)) {
char *str;
diff --git a/lib/gssapi/krb5/store_cred.c b/lib/gssapi/krb5/store_cred.c
index a3aa2fb83e71..40b75771dd17 100644
--- a/lib/gssapi/krb5/store_cred.c
+++ b/lib/gssapi/krb5/store_cred.c
@@ -46,8 +46,11 @@ _gsskrb5_store_cred(OM_uint32 *minor_status,
krb5_context context;
krb5_error_code ret;
gsskrb5_cred cred;
- krb5_ccache id;
- int destroy = 0;
+ krb5_ccache id = NULL;
+ krb5_ccache def_ccache = NULL;
+ const char *def_type = NULL;
+ time_t exp_current;
+ time_t exp_new;
*minor_status = 0;
@@ -56,7 +59,8 @@ _gsskrb5_store_cred(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0)
+ if (desired_mech != GSS_C_NO_OID &&
+ gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0)
return GSS_S_BAD_MECH;
cred = (gsskrb5_cred)input_cred_handle;
@@ -69,48 +73,87 @@ _gsskrb5_store_cred(OM_uint32 *minor_status,
if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
- return(GSS_S_FAILURE);
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_cc_get_lifetime(context, cred->ccache, &exp_new);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = ret;
+ return GSS_S_NO_CRED;
}
if (cred->principal == NULL) {
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
*minor_status = GSS_KRB5_S_KG_TGT_MISSING;
- return(GSS_S_FAILURE);
+ return GSS_S_FAILURE;
}
- /* write out cred to credential cache */
+ ret = krb5_cc_default(context, &def_ccache);
+ if (ret == 0) {
+ def_type = krb5_cc_get_type(context, def_ccache);
+ krb5_cc_close(context, def_ccache);
+ }
+ def_ccache = NULL;
+ /* write out cred to credential cache */
ret = krb5_cc_cache_match(context, cred->principal, &id);
if (ret) {
- ret = krb5_cc_new_unique(context, NULL, NULL, &id);
- if (ret) {
- HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
- *minor_status = ret;
- return(GSS_S_FAILURE);
- }
- destroy = 1;
+ if (default_cred) {
+ ret = krb5_cc_default(context, &id);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ } else {
+ if (def_type == NULL ||
+ !krb5_cc_support_switch(context, def_type)) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = 0; /* XXX */
+ return GSS_S_NO_CRED; /* XXX */
+ }
+ ret = krb5_cc_new_unique(context, def_type, NULL, &id);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ overwrite_cred = 1;
+ }
+ }
+
+ if (!overwrite_cred) {
+ /* If current creds are expired or near it, overwrite */
+ ret = krb5_cc_get_lifetime(context, id, &exp_current);
+ if (ret != 0 || exp_new > exp_current)
+ overwrite_cred = 1;
+ }
+
+ if (!overwrite_cred) {
+ /* Nothing to do */
+ krb5_cc_close(context, id);
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = 0;
+ return GSS_S_DUPLICATE_ELEMENT;
}
ret = krb5_cc_initialize(context, id, cred->principal);
if (ret == 0)
ret = krb5_cc_copy_match_f(context, cred->ccache, id, NULL, NULL, NULL);
if (ret) {
- if (destroy)
- krb5_cc_destroy(context, id);
- else
- krb5_cc_close(context, id);
+ krb5_cc_close(context, id);
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
*minor_status = ret;
return(GSS_S_FAILURE);
}
- if (default_cred)
+ if (default_cred && def_type != NULL &&
+ krb5_cc_support_switch(context, def_type))
krb5_cc_switch(context, id);
krb5_cc_close(context, id);
-
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-
*minor_status = 0;
return GSS_S_COMPLETE;
}
diff --git a/lib/gssapi/krb5/test_acquire_cred.c b/lib/gssapi/krb5/test_acquire_cred.c
new file mode 100644
index 000000000000..9f7c9ef4e430
--- /dev/null
+++ b/lib/gssapi/krb5/test_acquire_cred.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gsskrb5_locl.h"
+#include <err.h>
+
+static void
+print_time(OM_uint32 time_rec)
+{
+ if (time_rec == GSS_C_INDEFINITE) {
+ printf("cred never expire\n");
+ } else {
+ time_t t = time_rec + time(NULL);
+ printf("expiration time: %s", ctime(&t));
+ }
+}
+
+static void
+test_add(gss_cred_id_t cred_handle)
+{
+ OM_uint32 major_status, minor_status;
+ gss_cred_id_t copy_cred;
+ OM_uint32 time_rec;
+
+ major_status = gss_add_cred (&minor_status,
+ cred_handle,
+ GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM,
+ GSS_C_INITIATE,
+ 0,
+ 0,
+ &copy_cred,
+ NULL,
+ &time_rec,
+ NULL);
+
+ if (GSS_ERROR(major_status))
+ errx(1, "add_cred failed");
+
+ print_time(time_rec);
+
+ major_status = gss_release_cred(&minor_status,
+ &copy_cred);
+ if (GSS_ERROR(major_status))
+ errx(1, "release_cred failed");
+}
+
+static void
+copy_cred(void)
+{
+ OM_uint32 major_status, minor_status;
+ gss_cred_id_t cred_handle;
+ OM_uint32 time_rec;
+
+ major_status = gss_acquire_cred(&minor_status,
+ GSS_C_NO_NAME,
+ 0,
+ NULL,
+ GSS_C_INITIATE,
+ &cred_handle,
+ NULL,
+ &time_rec);
+ if (GSS_ERROR(major_status))
+ errx(1, "acquire_cred failed");
+
+ print_time(time_rec);
+
+ test_add(cred_handle);
+ test_add(cred_handle);
+ test_add(cred_handle);
+
+ major_status = gss_release_cred(&minor_status,
+ &cred_handle);
+ if (GSS_ERROR(major_status))
+ errx(1, "release_cred failed");
+}
+
+static void
+acquire_cred_service(const char *service)
+{
+ OM_uint32 major_status, minor_status;
+ gss_cred_id_t cred_handle;
+ OM_uint32 time_rec;
+ gss_buffer_desc name_buffer;
+ gss_name_t name;
+
+ name_buffer.value = rk_UNCONST(service);
+ name_buffer.length = strlen(service);
+
+ major_status = gss_import_name(&minor_status,
+ &name_buffer,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &name);
+ if (GSS_ERROR(major_status))
+ errx(1, "import_name failed");
+
+
+ major_status = gss_acquire_cred(&minor_status,
+ name,
+ 0,
+ NULL,
+ GSS_C_ACCEPT,
+ &cred_handle,
+ NULL,
+ &time_rec);
+ if (GSS_ERROR(major_status))
+ errx(1, "acquire_cred failed");
+
+ print_time(time_rec);
+
+ major_status = gss_release_cred(&minor_status,
+ &cred_handle);
+ if (GSS_ERROR(major_status))
+ errx(1, "release_cred failed");
+
+
+ major_status = gss_release_name(&minor_status,
+ &name);
+ if (GSS_ERROR(major_status))
+ errx(1, "release_name failed");
+
+}
+
+int
+main(int argc, char **argv)
+{
+ copy_cred();
+
+ acquire_cred_service("host@xen2-heimdal-linux.lab.it.su.se");
+
+ return 0;
+}
diff --git a/lib/gssapi/krb5/test_cfx.c b/lib/gssapi/krb5/test_cfx.c
index 0b196fcad24d..15f853c6b602 100644
--- a/lib/gssapi/krb5/test_cfx.c
+++ b/lib/gssapi/krb5/test_cfx.c
@@ -148,7 +148,7 @@ main(int argc, char **argv)
errx(1, "krb5_context_init: %d", ret);
ret = krb5_generate_random_keyblock(context,
- ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
&keyblock);
if (ret)
krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
diff --git a/lib/gssapi/krb5/test_cred.c b/lib/gssapi/krb5/test_cred.c
new file mode 100644
index 000000000000..06dd6632d0be
--- /dev/null
+++ b/lib/gssapi/krb5/test_cred.c
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gsskrb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+static void
+gss_print_errors (int min_stat)
+{
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ OM_uint32 ret;
+
+ do {
+ ret = gss_display_status (&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ fprintf (stderr, "%.*s\n", (int)status_string.length,
+ (char *)status_string.value);
+ gss_release_buffer (&new_stat, &status_string);
+ } while (!GSS_ERROR(ret) && msg_ctx != 0);
+}
+
+static void
+gss_err(int exitval, int status, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vwarnx (fmt, args);
+ gss_print_errors (status);
+ va_end(args);
+ exit (exitval);
+}
+
+static void
+acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_cred_id_t cred;
+ int i;
+
+ for (i = 0; i < counter; i++) {
+ maj_stat = gss_acquire_cred(&min_stat, name,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ usage,
+ &cred,
+ NULL,
+ NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE",
+ i, (int)maj_stat);
+
+ maj_stat = gss_release_cred(&min_stat, &cred);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE",
+ i, (int)maj_stat);
+ }
+}
+
+
+static void
+acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_cred_id_t cred, cred2, cred3;
+
+ maj_stat = gss_acquire_cred(&min_stat, name,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ usage,
+ &cred,
+ NULL,
+ NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_add_cred(&min_stat,
+ cred,
+ GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM,
+ usage,
+ GSS_C_INDEFINITE,
+ GSS_C_INDEFINITE,
+ &cred2,
+ NULL,
+ NULL,
+ NULL);
+
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_release_cred(&min_stat, &cred);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_add_cred(&min_stat,
+ cred2,
+ GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM,
+ GSS_C_BOTH,
+ GSS_C_INDEFINITE,
+ GSS_C_INDEFINITE,
+ &cred3,
+ NULL,
+ NULL,
+ NULL);
+
+ maj_stat = gss_release_cred(&min_stat, &cred2);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_release_cred(&min_stat, &cred3);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "service@host");
+ exit (ret);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ struct gss_buffer_desc_struct name_buffer;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc < 1)
+ errx(1, "argc < 1");
+
+ name_buffer.value = argv[0];
+ name_buffer.length = strlen(argv[0]);
+
+ maj_stat = gss_import_name(&min_stat, &name_buffer,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &name);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "import name error");
+
+ acquire_release_loop(name, 100, GSS_C_ACCEPT);
+ acquire_release_loop(name, 100, GSS_C_INITIATE);
+ acquire_release_loop(name, 100, GSS_C_BOTH);
+
+ acquire_add_release_add(name, GSS_C_ACCEPT);
+ acquire_add_release_add(name, GSS_C_INITIATE);
+ acquire_add_release_add(name, GSS_C_BOTH);
+
+ gss_release_name(&min_stat, &name);
+
+ return 0;
+}
diff --git a/lib/gssapi/krb5/test_kcred.c b/lib/gssapi/krb5/test_kcred.c
new file mode 100644
index 000000000000..f53ce783bb07
--- /dev/null
+++ b/lib/gssapi/krb5/test_kcred.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gsskrb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static void
+copy_import(void)
+{
+ gss_cred_id_t cred1, cred2;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name1, name2;
+ OM_uint32 lifetime1, lifetime2;
+ gss_cred_usage_t usage1, usage2;
+ gss_OID_set mechs1, mechs2;
+ krb5_ccache id;
+ krb5_error_code ret;
+ krb5_context context;
+ int equal;
+
+ maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET, GSS_C_INITIATE,
+ &cred1, NULL, NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_acquire_cred");
+
+ maj_stat = gss_inquire_cred(&min_stat, cred1, &name1, &lifetime1,
+ &usage1, &mechs1);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_inquire_cred");
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context");
+
+ ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_new_unique");
+
+ maj_stat = gss_krb5_copy_ccache(&min_stat, context, cred1, id);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_copy_ccache");
+
+ maj_stat = gss_krb5_import_cred(&min_stat, id, NULL, NULL, &cred2);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_import_cred");
+
+ maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
+ &usage2, &mechs2);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_inquire_cred 2");
+
+ maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_compare_name");
+ if (!equal)
+ errx(1, "names not equal");
+
+ if (lifetime1 != lifetime1)
+ errx(1, "lifetime not equal");
+
+ if (usage1 != usage1)
+ errx(1, "usage not equal");
+
+ gss_release_cred(&min_stat, &cred1);
+ gss_release_cred(&min_stat, &cred2);
+
+ gss_release_name(&min_stat, &name1);
+ gss_release_name(&min_stat, &name2);
+
+#if 0
+ compare(mechs1, mechs2);
+#endif
+
+ gss_release_oid_set(&min_stat, &mechs1);
+ gss_release_oid_set(&min_stat, &mechs2);
+
+ krb5_cc_destroy(context, id);
+ krb5_free_context(context);
+}
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ copy_import();
+
+ return 0;
+}
diff --git a/lib/gssapi/krb5/test_oid.c b/lib/gssapi/krb5/test_oid.c
new file mode 100644
index 000000000000..00219b91e066
--- /dev/null
+++ b/lib/gssapi/krb5/test_oid.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gsskrb5_locl.h"
+
+int
+main(int argc, char **argv)
+{
+ OM_uint32 minor_status, maj_stat;
+ gss_buffer_desc data;
+ int ret;
+
+ maj_stat = gss_oid_to_str(&minor_status, GSS_KRB5_MECHANISM, &data);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "gss_oid_to_str failed");
+ ret = strncmp(data.value, "1 2 840 113554 1 2 2", data.length);
+ gss_release_buffer(&maj_stat, &data);
+ if (ret)
+ return 1;
+ return 0;
+}
diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
index d6bc20477787..da939c052930 100644
--- a/lib/gssapi/krb5/unwrap.c
+++ b/lib/gssapi/krb5/unwrap.c
@@ -382,7 +382,7 @@ unwrap_des3
OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
@@ -392,7 +392,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
krb5_keyblock *key;
krb5_context context;
OM_uint32 ret;
- krb5_keytype keytype;
gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
output_message_buffer->value = NULL;
@@ -414,12 +413,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
*minor_status = ret;
return GSS_S_FAILURE;
}
- krb5_enctype_to_keytype (context, key->keytype, &keytype);
*minor_status = 0;
- switch (keytype) {
- case KEYTYPE_DES :
+ switch (key->keytype) {
+ case KRB5_ENCTYPE_DES_CBC_CRC :
+ case KRB5_ENCTYPE_DES_CBC_MD4 :
+ case KRB5_ENCTYPE_DES_CBC_MD5 :
#ifdef HEIM_WEAK_CRYPTO
ret = unwrap_des (minor_status, ctx,
input_message_buffer, output_message_buffer,
@@ -428,13 +428,14 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
ret = GSS_S_FAILURE;
#endif
break;
- case KEYTYPE_DES3 :
+ case KRB5_ENCTYPE_DES3_CBC_MD5 :
+ case KRB5_ENCTYPE_DES3_CBC_SHA1 :
ret = unwrap_des3 (minor_status, ctx, context,
input_message_buffer, output_message_buffer,
conf_state, qop_state, key);
break;
- case KEYTYPE_ARCFOUR:
- case KEYTYPE_ARCFOUR_56:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
ret = _gssapi_unwrap_arcfour (minor_status, ctx, context,
input_message_buffer, output_message_buffer,
conf_state, qop_state, key);
diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c
index 3814ef7062c1..9968ce403ef7 100644
--- a/lib/gssapi/krb5/verify_mic.c
+++ b/lib/gssapi/krb5/verify_mic.c
@@ -254,15 +254,11 @@ retry:
krb5_crypto_destroy (context, crypto);
ret = krb5_crypto_init(context, key,
ETYPE_DES3_CBC_SHA1, &crypto);
- if (ret){
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- ret = krb5_verify_checksum (context, crypto,
- KRB5_KU_USAGE_SIGN,
- tmp, message_buffer->length + 8,
- &csum);
+ if (ret == 0)
+ ret = krb5_verify_checksum(context, crypto,
+ KRB5_KU_USAGE_SIGN,
+ tmp, message_buffer->length + 8,
+ &csum);
free (tmp);
if (ret) {
krb5_crypto_destroy (context, crypto);
@@ -289,7 +285,6 @@ _gsskrb5_verify_mic_internal
{
krb5_keyblock *key;
OM_uint32 ret;
- krb5_keytype keytype;
if (ctx->more_flags & IS_CFX)
return _gssapi_verify_mic_cfx (minor_status, ctx,
@@ -304,9 +299,11 @@ _gsskrb5_verify_mic_internal
return GSS_S_FAILURE;
}
*minor_status = 0;
- krb5_enctype_to_keytype (context, key->keytype, &keytype);
- switch (keytype) {
- case KEYTYPE_DES :
+
+ switch (key->keytype) {
+ case KRB5_ENCTYPE_DES_CBC_CRC :
+ case KRB5_ENCTYPE_DES_CBC_MD4 :
+ case KRB5_ENCTYPE_DES_CBC_MD5 :
#ifdef HEIM_WEAK_CRYPTO
ret = verify_mic_des (minor_status, ctx, context,
message_buffer, token_buffer, qop_state, key,
@@ -315,13 +312,14 @@ _gsskrb5_verify_mic_internal
ret = GSS_S_FAILURE;
#endif
break;
- case KEYTYPE_DES3 :
+ case KRB5_ENCTYPE_DES3_CBC_MD5 :
+ case KRB5_ENCTYPE_DES3_CBC_SHA1 :
ret = verify_mic_des3 (minor_status, ctx, context,
message_buffer, token_buffer, qop_state, key,
type);
break;
- case KEYTYPE_ARCFOUR :
- case KEYTYPE_ARCFOUR_56 :
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
ret = _gssapi_verify_mic_arcfour (minor_status, ctx,
context,
message_buffer, token_buffer,
@@ -338,7 +336,7 @@ _gsskrb5_verify_mic_internal
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_verify_mic
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state
diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c
index 1026e41914e9..481e30375a44 100644
--- a/lib/gssapi/krb5/wrap.c
+++ b/lib/gssapi/krb5/wrap.c
@@ -137,7 +137,7 @@ sub_wrap_size (
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_wrap_size_limit (
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
@@ -147,7 +147,6 @@ _gsskrb5_wrap_size_limit (
krb5_context context;
krb5_keyblock *key;
OM_uint32 ret;
- krb5_keytype keytype;
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
GSSAPI_KRB5_INIT (&context);
@@ -164,23 +163,25 @@ _gsskrb5_wrap_size_limit (
*minor_status = ret;
return GSS_S_FAILURE;
}
- krb5_enctype_to_keytype (context, key->keytype, &keytype);
- switch (keytype) {
- case KEYTYPE_DES :
+ switch (key->keytype) {
+ case KRB5_ENCTYPE_DES_CBC_CRC :
+ case KRB5_ENCTYPE_DES_CBC_MD4 :
+ case KRB5_ENCTYPE_DES_CBC_MD5 :
#ifdef HEIM_WEAK_CRYPTO
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
#else
ret = GSS_S_FAILURE;
#endif
break;
- case ENCTYPE_ARCFOUR_HMAC_MD5:
- case ENCTYPE_ARCFOUR_HMAC_MD5_56:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
conf_req_flag, qop_req,
req_output_size, max_input_size, key);
break;
- case KEYTYPE_DES3 :
+ case KRB5_ENCTYPE_DES3_CBC_MD5 :
+ case KRB5_ENCTYPE_DES3_CBC_SHA1 :
ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
break;
default :
@@ -527,7 +528,7 @@ wrap_des3
OM_uint32 GSSAPI_CALLCONV
_gsskrb5_wrap
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
@@ -538,7 +539,6 @@ _gsskrb5_wrap
krb5_context context;
krb5_keyblock *key;
OM_uint32 ret;
- krb5_keytype keytype;
const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
output_message_buffer->value = NULL;
@@ -558,10 +558,11 @@ _gsskrb5_wrap
*minor_status = ret;
return GSS_S_FAILURE;
}
- krb5_enctype_to_keytype (context, key->keytype, &keytype);
- switch (keytype) {
- case KEYTYPE_DES :
+ switch (key->keytype) {
+ case KRB5_ENCTYPE_DES_CBC_CRC :
+ case KRB5_ENCTYPE_DES_CBC_MD4 :
+ case KRB5_ENCTYPE_DES_CBC_MD5 :
#ifdef HEIM_WEAK_CRYPTO
ret = wrap_des (minor_status, ctx, context, conf_req_flag,
qop_req, input_message_buffer, conf_state,
@@ -570,13 +571,14 @@ _gsskrb5_wrap
ret = GSS_S_FAILURE;
#endif
break;
- case KEYTYPE_DES3 :
+ case KRB5_ENCTYPE_DES3_CBC_MD5 :
+ case KRB5_ENCTYPE_DES3_CBC_SHA1 :
ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, key);
break;
- case KEYTYPE_ARCFOUR:
- case KEYTYPE_ARCFOUR_56:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+ case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, key);
diff --git a/lib/gssapi/libgssapi-exports.def b/lib/gssapi/libgssapi-exports.def
index 3cbcc4eb1844..b8e4dce4111c 100644
--- a/lib/gssapi/libgssapi-exports.def
+++ b/lib/gssapi/libgssapi-exports.def
@@ -65,6 +65,7 @@ EXPORTS
gss_krb5_get_tkt_flags
gss_krb5_import_cred
gss_krb5_set_allowable_enctypes
+ gss_localname
gss_mg_collect_error
gss_mo_get
gss_mo_set
@@ -93,11 +94,13 @@ EXPORTS
gss_test_oid_set_member
gss_unseal
gss_unwrap
+ gss_unwrap_aead
gss_unwrap_iov
gss_userok
gss_verify
gss_verify_mic
gss_wrap
+ gss_wrap_aead
gss_wrap_iov
gss_wrap_iov_length
gss_wrap_size_limit
diff --git a/lib/gssapi/mech/compat.h b/lib/gssapi/mech/compat.h
index e63f1e534306..d23a6e916a57 100644
--- a/lib/gssapi/mech/compat.h
+++ b/lib/gssapi/mech/compat.h
@@ -53,7 +53,7 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_attrs_for_mech_t (
typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
(OM_uint32 *, /* minor_status */
- const gss_name_t, /* desired_name */
+ gss_const_name_t, /* desired_name */
const gss_buffer_t, /* password */
OM_uint32, /* time_req */
const gss_OID_set, /* desired_mechs */
@@ -65,8 +65,8 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t (
OM_uint32 *, /* minor_status */
- const gss_cred_id_t, /* input_cred_handle */
- const gss_name_t, /* desired_name */
+ gss_const_cred_id_t, /* input_cred_handle */
+ gss_const_name_t, /* desired_name */
const gss_OID, /* desired_mech */
const gss_buffer_t, /* password */
gss_cred_usage_t, /* cred_usage */
diff --git a/lib/gssapi/mech/doxygen.c b/lib/gssapi/mech/doxygen.c
index a341cba2dac1..4ead9f17e93a 100644
--- a/lib/gssapi/mech/doxygen.c
+++ b/lib/gssapi/mech/doxygen.c
@@ -39,13 +39,12 @@
* - SPNEGO
* - NTLM
*
- * See @ref gssapi_mechs for more describtion about these mechanisms.
- *
- * The project web page: http://www.h5l.org/
+ * @sa
*
* - @ref gssapi_services_intro
* - @ref gssapi_mechs
* - @ref gssapi_api_INvsMN
+ * - The project web page: http://www.h5l.org/
*/
/**
@@ -105,28 +104,30 @@
* @page internalVSmechname Internal names and mechanism names
* @section gssapi_api_INvsMN Name forms
*
- * There are two forms of name in GSS-API, Internal form and
- * Contiguous string ("flat") form. gss_export_name() and
+ * There are two name representations in GSS-API: Internal form and
+ * Contiguous string ("flat") form. Functions gss_export_name() and
* gss_import_name() can be used to convert between the two forms.
*
* - The contiguous string form is described by an oid specificing the
* type and an octet string. A special form of the contiguous
* string form is the exported name object. The exported name
* defined for each mechanism, is something that can be stored and
- * complared later. The exported name is what should be used for
+ * compared later. The exported name is what should be used for
* ACLs comparisons.
*
- * - The Internal form
+ * - The Internal form is opaque to the application programmer and
+ * is implementation-dependent.
*
- * There is also special form of the Internal Name (IN), and that is
+ * - There is also a special form of the Internal Name (IN), and that is
* the Mechanism Name (MN). In the mechanism name all the generic
* information is stripped of and only contain the information for
* one mechanism. In GSS-API some function return MN and some
* require MN as input. Each of these function is marked up as such.
*
- *
- * Describe relationship between import_name, canonicalize_name,
- * export_name and friends.
+ * @FIXME Describe relationship between import_name, canonicalize_name,
+ * export_name and friends. Also, update for RFC2743 language
+ * ("contiguous" and "flat" are gone, leaving just "exported name
+ * token", "internal", and "MN").
*/
/** @defgroup gssapi Heimdal GSS-API functions */
diff --git a/lib/gssapi/mech/gss_accept_sec_context.c b/lib/gssapi/mech/gss_accept_sec_context.c
index bf7ea03f72e4..25205f437acf 100644
--- a/lib/gssapi/mech/gss_accept_sec_context.c
+++ b/lib/gssapi/mech/gss_accept_sec_context.c
@@ -144,7 +144,7 @@ choose_mech(const gss_buffer_t input, gss_OID mech_oid)
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_accept_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
diff --git a/lib/gssapi/mech/gss_acquire_cred.c b/lib/gssapi/mech/gss_acquire_cred.c
index ade65df8ec86..095f9056ca69 100644
--- a/lib/gssapi/mech/gss_acquire_cred.c
+++ b/lib/gssapi/mech/gss_acquire_cred.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_acquire_cred(OM_uint32 *minor_status,
- const gss_name_t desired_name,
+ gss_const_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
diff --git a/lib/gssapi/mech/gss_acquire_cred_ext.c b/lib/gssapi/mech/gss_acquire_cred_ext.c
index 1cbb29f141f3..9f2674c26ecc 100644
--- a/lib/gssapi/mech/gss_acquire_cred_ext.c
+++ b/lib/gssapi/mech/gss_acquire_cred_ext.c
@@ -100,13 +100,22 @@ _gss_acquire_mech_cred(OM_uint32 *minor_status,
mc= NULL;
}
- *output_cred_handle = mc;
+ if (major_status != GSS_S_COMPLETE)
+ free(mc);
+ else
+ *output_cred_handle = mc;
return major_status;
}
+/**
+ * This function is not a public interface and is deprecated anyways, do
+ * not use. Use gss_acquire_cred_with_password() instead for now.
+ *
+ * @deprecated
+ */
OM_uint32
_gss_acquire_cred_ext(OM_uint32 *minor_status,
- const gss_name_t desired_name,
+ gss_const_name_t desired_name,
gss_const_OID credential_type,
const void *credential_data,
OM_uint32 time_req,
@@ -152,7 +161,6 @@ _gss_acquire_cred_ext(OM_uint32 *minor_status,
for (i = 0; i < mechs->count; i++) {
struct _gss_mechanism_name *mn = NULL;
struct _gss_mechanism_cred *mc = NULL;
- gss_name_t desired_mech_name = GSS_C_NO_NAME;
m = __gss_get_mechanism(&mechs->elements[i]);
if (!m)
@@ -163,16 +171,17 @@ _gss_acquire_cred_ext(OM_uint32 *minor_status,
&mechs->elements[i], &mn);
if (major_status != GSS_S_COMPLETE)
continue;
-
- desired_mech_name = mn->gmn_name;
}
major_status = _gss_acquire_mech_cred(minor_status, m, mn,
credential_type, credential_data,
time_req, desired_mech, cred_usage,
&mc);
- if (GSS_ERROR(major_status))
+ if (GSS_ERROR(major_status)) {
+ if (mechs->count == 1)
+ _gss_mg_error(m, major_status, *minor_status);
continue;
+ }
HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
}
@@ -183,7 +192,8 @@ _gss_acquire_cred_ext(OM_uint32 *minor_status,
*/
if (!HEIM_SLIST_FIRST(&cred->gc_mc)) {
free(cred);
- *minor_status = 0;
+ if (mechs->count > 1)
+ *minor_status = 0;
return GSS_S_NO_CRED;
}
diff --git a/lib/gssapi/mech/gss_acquire_cred_with_password.c b/lib/gssapi/mech/gss_acquire_cred_with_password.c
index 8c2a6488f8ad..2f41f8906dc2 100644
--- a/lib/gssapi/mech/gss_acquire_cred_with_password.c
+++ b/lib/gssapi/mech/gss_acquire_cred_with_password.c
@@ -34,7 +34,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_acquire_cred_with_password(OM_uint32 *minor_status,
- const gss_name_t desired_name,
+ gss_const_name_t desired_name,
const gss_buffer_t password,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
@@ -93,7 +93,8 @@ gss_acquire_cred_with_password(OM_uint32 *minor_status,
if (!HEIM_SLIST_FIRST(&new_cred->gc_mc)) {
free(new_cred);
- *minor_status = 0;
+ if (desired_mechs->count > 1)
+ *minor_status = 0;
return GSS_S_NO_CRED;
}
diff --git a/lib/gssapi/mech/gss_add_cred.c b/lib/gssapi/mech/gss_add_cred.c
index a998bc60ff80..b56e3d760824 100644
--- a/lib/gssapi/mech/gss_add_cred.c
+++ b/lib/gssapi/mech/gss_add_cred.c
@@ -72,8 +72,8 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc)
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_add_cred(OM_uint32 *minor_status,
- const gss_cred_id_t input_cred_handle,
- const gss_name_t desired_name,
+ gss_const_cred_id_t input_cred_handle,
+ gss_const_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
diff --git a/lib/gssapi/mech/gss_add_cred_with_password.c b/lib/gssapi/mech/gss_add_cred_with_password.c
index f966305cfb16..b20f64f774b6 100644
--- a/lib/gssapi/mech/gss_add_cred_with_password.c
+++ b/lib/gssapi/mech/gss_add_cred_with_password.c
@@ -30,8 +30,8 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_add_cred_with_password(OM_uint32 *minor_status,
- const gss_cred_id_t input_cred_handle,
- const gss_name_t desired_name,
+ gss_const_cred_id_t input_cred_handle,
+ gss_const_name_t desired_name,
const gss_OID desired_mech,
const gss_buffer_t password,
gss_cred_usage_t cred_usage,
diff --git a/lib/gssapi/mech/gss_aeap.c b/lib/gssapi/mech/gss_aeap.c
index 3008c0d34484..6395d8442b8c 100644
--- a/lib/gssapi/mech/gss_aeap.c
+++ b/lib/gssapi/mech/gss_aeap.c
@@ -199,7 +199,7 @@ gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc =
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_context_query_attributes(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID attribute,
void *data,
size_t len)
@@ -214,3 +214,121 @@ gss_context_query_attributes(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
+
+/*
+ * AEAD wrap API for a single piece of associated data, for compatibility
+ * with MIT and as specified by draft-howard-gssapi-aead-00.txt.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_wrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t input_payload_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ OM_uint32 major_status, tmp, flags = 0;
+ gss_iov_buffer_desc iov[5];
+ size_t i;
+ unsigned char *p;
+
+ memset(iov, 0, sizeof(iov));
+
+ iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
+
+ iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+ if (input_assoc_buffer)
+ iov[1].buffer = *input_assoc_buffer;
+
+ iov[2].type = GSS_IOV_BUFFER_TYPE_DATA;
+ if (input_payload_buffer)
+ iov[2].buffer.length = input_payload_buffer->length;
+
+ gss_inquire_context(minor_status, context_handle, NULL, NULL,
+ NULL, NULL, &flags, NULL, NULL);
+
+ /* krb5 mech rejects padding/trailer if DCE-style is set */
+ iov[3].type = (flags & GSS_C_DCE_STYLE) ? GSS_IOV_BUFFER_TYPE_EMPTY
+ : GSS_IOV_BUFFER_TYPE_PADDING;
+ iov[4].type = (flags & GSS_C_DCE_STYLE) ? GSS_IOV_BUFFER_TYPE_EMPTY
+ : GSS_IOV_BUFFER_TYPE_TRAILER;
+
+ major_status = gss_wrap_iov_length(minor_status, context_handle,
+ conf_req_flag, qop_req, conf_state,
+ iov, 5);
+ if (GSS_ERROR(major_status))
+ return major_status;
+
+ for (i = 0, output_message_buffer->length = 0; i < 5; i++) {
+ if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+ continue;
+
+ output_message_buffer->length += iov[i].buffer.length;
+ }
+
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if (output_message_buffer->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ for (i = 0, p = output_message_buffer->value; i < 5; i++) {
+ if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+ continue;
+ else if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA)
+ memcpy(p, input_payload_buffer->value, input_payload_buffer->length);
+
+ iov[i].buffer.value = p;
+ p += iov[i].buffer.length;
+ }
+
+ major_status = gss_wrap_iov(minor_status, context_handle, conf_req_flag,
+ qop_req, conf_state, iov, 5);
+ if (GSS_ERROR(major_status))
+ gss_release_buffer(&tmp, output_message_buffer);
+
+ return major_status;
+}
+
+/*
+ * AEAD unwrap for a single piece of associated data, for compatibility
+ * with MIT and as specified by draft-howard-gssapi-aead-00.txt.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_unwrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+{
+ OM_uint32 major_status, tmp;
+ gss_iov_buffer_desc iov[3];
+
+ memset(iov, 0, sizeof(iov));
+
+ iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+ iov[0].buffer = *input_message_buffer;
+
+ iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+ if (input_assoc_buffer)
+ iov[1].buffer = *input_assoc_buffer;
+
+ iov[2].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+
+ major_status = gss_unwrap_iov(minor_status, context_handle, conf_state,
+ qop_state, iov, 3);
+ if (GSS_ERROR(major_status))
+ gss_release_iov_buffer(&tmp, &iov[2], 1);
+ else
+ *output_payload_buffer = iov[2].buffer;
+
+ return major_status;
+}
diff --git a/lib/gssapi/mech/gss_authorize_localname.c b/lib/gssapi/mech/gss_authorize_localname.c
index a0ad065da887..c04cfe01879e 100644
--- a/lib/gssapi/mech/gss_authorize_localname.c
+++ b/lib/gssapi/mech/gss_authorize_localname.c
@@ -114,8 +114,8 @@ attr_authorize_localname(OM_uint32 *minor_status,
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_authorize_localname(OM_uint32 *minor_status,
- const gss_name_t gss_name,
- const gss_name_t gss_user)
+ gss_const_name_t gss_name,
+ gss_const_name_t gss_user)
{
OM_uint32 major_status;
@@ -164,7 +164,7 @@ gss_authorize_localname(OM_uint32 *minor_status,
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
-gss_userok(const gss_name_t name,
+gss_userok(gss_const_name_t name,
const char *user)
{
OM_uint32 major_status, minor_status;
diff --git a/lib/gssapi/mech/gss_canonicalize_name.c b/lib/gssapi/mech/gss_canonicalize_name.c
index bd8ff5212071..4918e5e0034e 100644
--- a/lib/gssapi/mech/gss_canonicalize_name.c
+++ b/lib/gssapi/mech/gss_canonicalize_name.c
@@ -54,7 +54,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_canonicalize_name(OM_uint32 *minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t *output_name)
{
diff --git a/lib/gssapi/mech/gss_compare_name.c b/lib/gssapi/mech/gss_compare_name.c
index 70b4b1c20673..18a8536ab4fa 100644
--- a/lib/gssapi/mech/gss_compare_name.c
+++ b/lib/gssapi/mech/gss_compare_name.c
@@ -30,8 +30,8 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_compare_name(OM_uint32 *minor_status,
- const gss_name_t name1_arg,
- const gss_name_t name2_arg,
+ gss_const_name_t name1_arg,
+ gss_const_name_t name2_arg,
int *name_equal)
{
struct _gss_name *name1 = (struct _gss_name *) name1_arg;
@@ -47,7 +47,7 @@ gss_compare_name(OM_uint32 *minor_status,
if (!gss_oid_equal(&name1->gn_type, &name2->gn_type)) {
*name_equal = 0;
} else if (name1->gn_value.length != name2->gn_value.length ||
- memcmp(name1->gn_value.value, name1->gn_value.value,
+ memcmp(name1->gn_value.value, name2->gn_value.value,
name1->gn_value.length)) {
*name_equal = 0;
}
diff --git a/lib/gssapi/mech/gss_context_time.c b/lib/gssapi/mech/gss_context_time.c
index 69434ee898e5..a5b646cf6625 100644
--- a/lib/gssapi/mech/gss_context_time.c
+++ b/lib/gssapi/mech/gss_context_time.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_context_time(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 *time_rec)
{
struct _gss_context *ctx = (struct _gss_context *) context_handle;
diff --git a/lib/gssapi/mech/gss_delete_sec_context.c b/lib/gssapi/mech/gss_delete_sec_context.c
index ce57a76682ab..69d9cb6a07d7 100644
--- a/lib/gssapi/mech/gss_delete_sec_context.c
+++ b/lib/gssapi/mech/gss_delete_sec_context.c
@@ -33,7 +33,7 @@ gss_delete_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t output_token)
{
- OM_uint32 major_status;
+ OM_uint32 major_status = GSS_S_COMPLETE;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
if (output_token)
@@ -53,5 +53,5 @@ gss_delete_sec_context(OM_uint32 *minor_status,
*context_handle = GSS_C_NO_CONTEXT;
}
- return (GSS_S_COMPLETE);
+ return (major_status);
}
diff --git a/lib/gssapi/mech/gss_display_name.c b/lib/gssapi/mech/gss_display_name.c
index 524a586fbef8..a4af66a90474 100644
--- a/lib/gssapi/mech/gss_display_name.c
+++ b/lib/gssapi/mech/gss_display_name.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_display_name(OM_uint32 *minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t output_name_buffer,
gss_OID *output_name_type)
{
diff --git a/lib/gssapi/mech/gss_display_status.c b/lib/gssapi/mech/gss_display_status.c
index 1e508caa9baf..a79ef350dc93 100644
--- a/lib/gssapi/mech/gss_display_status.c
+++ b/lib/gssapi/mech/gss_display_status.c
@@ -134,25 +134,43 @@ supplementary_error(OM_uint32 v)
return msgs[v];
}
-
+/**
+ * Convert a GSS-API status code to text
+ *
+ * @param minor_status minor status code
+ * @param status_value status value to convert
+ * @param status_type One of:
+ * GSS_C_GSS_CODE - status_value is a GSS status code,
+ * GSS_C_MECH_CODE - status_value is a mechanism status code
+ * @param mech_type underlying mechanism. Use GSS_C_NO_OID to obtain the
+ * system default.
+ * @param message_context state information to extract further messages from the
+ * status_value
+ * @param status_string the allocated text representation. Release with
+ * gss_release_buffer()
+ *
+ * @returns a gss_error code.
+ *
+ * @ingroup gssapi
+ */
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_display_status(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
const gss_OID mech_type,
- OM_uint32 *message_content,
+ OM_uint32 *message_context,
gss_buffer_t status_string)
{
OM_uint32 major_status;
_mg_buffer_zero(status_string);
- *message_content = 0;
+ *message_context = 0;
major_status = _gss_mg_get_error(mech_type, status_type,
status_value, status_string);
if (major_status == GSS_S_COMPLETE) {
- *message_content = 0;
+ *message_context = 0;
*minor_status = 0;
return GSS_S_COMPLETE;
}
diff --git a/lib/gssapi/mech/gss_duplicate_name.c b/lib/gssapi/mech/gss_duplicate_name.c
index a76c87cb852a..d6aaf49233fe 100644
--- a/lib/gssapi/mech/gss_duplicate_name.c
+++ b/lib/gssapi/mech/gss_duplicate_name.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_duplicate_name(OM_uint32 *minor_status,
- const gss_name_t src_name,
+ gss_const_name_t src_name,
gss_name_t *dest_name)
{
OM_uint32 major_status;
diff --git a/lib/gssapi/mech/gss_export_name.c b/lib/gssapi/mech/gss_export_name.c
index 3e6e62681913..7365c720d28e 100644
--- a/lib/gssapi/mech/gss_export_name.c
+++ b/lib/gssapi/mech/gss_export_name.c
@@ -28,9 +28,23 @@
#include "mech_locl.h"
+/**
+ * Convert a GGS-API name from internal form to contiguous string.
+ *
+ * @sa gss_import_name(), @ref internalVSmechname.
+ *
+ * @param minor_status minor status code
+ * @param input_name input name in internal name form
+ * @param exported_name output name in contiguos string form
+ *
+ * @returns a gss_error code, see gss_display_status() about printing
+ * the error code.
+ *
+ * @ingroup gssapi
+ */
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_export_name(OM_uint32 *minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t exported_name)
{
struct _gss_name *name = (struct _gss_name *) input_name;
diff --git a/lib/gssapi/mech/gss_get_mic.c b/lib/gssapi/mech/gss_get_mic.c
index 6eebfe0bbb03..8663053d48e7 100644
--- a/lib/gssapi/mech/gss_get_mic.c
+++ b/lib/gssapi/mech/gss_get_mic.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_get_mic(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token)
diff --git a/lib/gssapi/mech/gss_import_name.c b/lib/gssapi/mech/gss_import_name.c
index d1b3dc95b4a4..4c1d940d9af8 100644
--- a/lib/gssapi/mech/gss_import_name.c
+++ b/lib/gssapi/mech/gss_import_name.c
@@ -149,7 +149,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
}
/**
- * Import a name internal or mechanism name
+ * Convert a GGS-API name from contiguous string to internal form.
*
* Type of name and their format:
* - GSS_C_NO_OID
@@ -159,12 +159,12 @@ _gss_import_export_name(OM_uint32 *minor_status,
* - GSS_C_NT_ANONYMOUS
* - GSS_KRB5_NT_PRINCIPAL_NAME
*
- * For more information about @ref internalVSmechname.
+ * @sa gss_export_name(), @ref internalVSmechname.
*
- * @param minor_status minor status code
- * @param input_name_buffer import name buffer
- * @param input_name_type type of the import name buffer
- * @param output_name the resulting type, release with
+ * @param minor_status minor status code
+ * @param input_name_buffer import name buffer
+ * @param input_name_type type of the import name buffer
+ * @param output_name the resulting type, release with
* gss_release_name(), independent of input_name
*
* @returns a gss_error code, see gss_display_status() about printing
diff --git a/lib/gssapi/mech/gss_indicate_mechs.c b/lib/gssapi/mech/gss_indicate_mechs.c
index 8fd53d956d58..12d7f1ae300e 100644
--- a/lib/gssapi/mech/gss_indicate_mechs.c
+++ b/lib/gssapi/mech/gss_indicate_mechs.c
@@ -43,6 +43,7 @@ gss_indicate_mechs(OM_uint32 *minor_status,
if (major_status)
return (major_status);
+ /* XXX We ignore ENOMEM from gss_add_oid_set_member() */
HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
if (m->gm_mech.gm_indicate_mechs) {
major_status = m->gm_mech.gm_indicate_mechs(
@@ -50,11 +51,11 @@ gss_indicate_mechs(OM_uint32 *minor_status,
if (major_status)
continue;
for (i = 0; i < set->count; i++)
- major_status = gss_add_oid_set_member(
+ gss_add_oid_set_member(
minor_status, &set->elements[i], mech_set);
gss_release_oid_set(minor_status, &set);
} else {
- major_status = gss_add_oid_set_member(
+ gss_add_oid_set_member(
minor_status, &m->gm_mech_oid, mech_set);
}
}
diff --git a/lib/gssapi/mech/gss_init_sec_context.c b/lib/gssapi/mech/gss_init_sec_context.c
index af0170a50a51..21e02aea6972 100644
--- a/lib/gssapi/mech/gss_init_sec_context.c
+++ b/lib/gssapi/mech/gss_init_sec_context.c
@@ -29,7 +29,7 @@
#include "mech_locl.h"
static gss_cred_id_t
-_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
+_gss_mech_cred_find(gss_const_cred_id_t cred_handle, gss_OID mech_type)
{
struct _gss_cred *cred = (struct _gss_cred *)cred_handle;
struct _gss_mechanism_cred *mc;
@@ -107,9 +107,9 @@ _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_init_sec_context(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
+ gss_const_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
+ gss_const_name_t target_name,
const gss_OID input_mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -125,7 +125,7 @@ gss_init_sec_context(OM_uint32 * minor_status,
struct _gss_name *name = (struct _gss_name *) target_name;
struct _gss_mechanism_name *mn;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
- gss_cred_id_t cred_handle;
+ gss_const_cred_id_t cred_handle;
int allocated_ctx;
gss_OID mech_type = input_mech_type;
@@ -172,7 +172,7 @@ gss_init_sec_context(OM_uint32 * minor_status,
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
- free(ctx);
+ free(ctx);
return major_status;
}
@@ -184,6 +184,13 @@ gss_init_sec_context(OM_uint32 * minor_status,
else
cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type);
+ if (initiator_cred_handle != GSS_C_NO_CREDENTIAL &&
+ cred_handle == NULL) {
+ if (allocated_ctx)
+ free(ctx);
+ return GSS_S_NO_CRED;
+ }
+
major_status = m->gm_init_sec_context(minor_status,
cred_handle,
&ctx->gc_ctx,
diff --git a/lib/gssapi/mech/gss_inquire_context.c b/lib/gssapi/mech/gss_inquire_context.c
index 2568075988f1..aedaa6cb9ff4 100644
--- a/lib/gssapi/mech/gss_inquire_context.c
+++ b/lib/gssapi/mech/gss_inquire_context.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_context(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_name_t *src_name,
gss_name_t *targ_name,
OM_uint32 *lifetime_rec,
diff --git a/lib/gssapi/mech/gss_inquire_cred.c b/lib/gssapi/mech/gss_inquire_cred.c
index 1db0f233033c..992514a9acdf 100644
--- a/lib/gssapi/mech/gss_inquire_cred.c
+++ b/lib/gssapi/mech/gss_inquire_cred.c
@@ -44,7 +44,7 @@ updateusage(gss_cred_usage_t usage, int *usagemask)
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_cred(OM_uint32 *minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
gss_name_t *name_ret,
OM_uint32 *lifetime,
gss_cred_usage_t *cred_usage,
diff --git a/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/lib/gssapi/mech/gss_inquire_cred_by_mech.c
index e7746e46578d..7bd0bfaad90a 100644
--- a/lib/gssapi/mech/gss_inquire_cred_by_mech.c
+++ b/lib/gssapi/mech/gss_inquire_cred_by_mech.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_cred_by_mech(OM_uint32 *minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t *cred_name,
OM_uint32 *initiator_lifetime,
diff --git a/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/lib/gssapi/mech/gss_inquire_cred_by_oid.c
index e674dd48f3e4..8836a09ffe47 100644
--- a/lib/gssapi/mech/gss_inquire_cred_by_oid.c
+++ b/lib/gssapi/mech/gss_inquire_cred_by_oid.c
@@ -34,7 +34,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_cred_by_oid (OM_uint32 *minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/lib/gssapi/mech/gss_inquire_mechs_for_name.c
index f8eab82dc1cd..8fd2286ea7c3 100644
--- a/lib/gssapi/mech/gss_inquire_mechs_for_name.c
+++ b/lib/gssapi/mech/gss_inquire_mechs_for_name.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_mechs_for_name(OM_uint32 *minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_OID_set *mech_types)
{
OM_uint32 major_status;
diff --git a/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
index cc6e5c9cb6e2..ac45265b3ed1 100644
--- a/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
+++ b/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
@@ -34,7 +34,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c
index 55e01094ff91..58b187eda296 100644
--- a/lib/gssapi/mech/gss_mech_switch.c
+++ b/lib/gssapi/mech/gss_mech_switch.c
@@ -315,6 +315,8 @@ _gss_load_mech(void)
goto bad;
m->gm_so = so;
+ m->gm_mech_oid = mech_oid;
+ m->gm_mech.gm_name = strdup(name);
m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0;
m->gm_mech.gm_compat = calloc(1, sizeof(struct gss_mech_compat_desc_struct));
@@ -381,7 +383,7 @@ _gss_load_mech(void)
OPTSYM(set_name_attribute);
OPTSYM(delete_name_attribute);
OPTSYM(export_name_composite);
- OPTSYM(pname_to_uid);
+ OPTSYM(localname);
OPTSPISYM(authorize_localname);
mi = dlsym(so, "gss_mo_init");
@@ -414,6 +416,7 @@ _gss_load_mech(void)
if (m != NULL) {
free(m->gm_mech.gm_compat);
free(m->gm_mech.gm_mech_oid.elements);
+ free((char *)m->gm_mech.gm_name);
free(m);
}
dlclose(so);
diff --git a/lib/gssapi/mech/gss_mo.c b/lib/gssapi/mech/gss_mo.c
index ad74d9237a2d..d0cde08ef1b8 100644
--- a/lib/gssapi/mech/gss_mo.c
+++ b/lib/gssapi/mech/gss_mo.c
@@ -203,6 +203,7 @@ make_sasl_name(OM_uint32 *minor, const gss_OID mech, char sasl_name[16])
EVP_DigestUpdate(ctx, hdr, 2);
EVP_DigestUpdate(ctx, mech->elements, mech->length);
EVP_DigestFinal_ex(ctx, hash, NULL);
+ EVP_MD_CTX_destroy(ctx);
memcpy(p, "GS2-", 4);
p += 4;
diff --git a/lib/gssapi/mech/gss_oid.c b/lib/gssapi/mech/gss_oid.c
index 916d1e4dda5e..fe9686d53638 100644
--- a/lib/gssapi/mech/gss_oid.c
+++ b/lib/gssapi/mech/gss_oid.c
@@ -104,10 +104,10 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") };
/* GSS_C_CRED_PASSWORD - 1.2.752.43.13.200 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x48" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x81\x48") };
/* GSS_C_CRED_CERTIFICATE - 1.2.752.43.13.201 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x49" };
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x81\x49") };
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
@@ -139,8 +139,8 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONS
/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") };
-/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
-gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") };
+/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.5322.19.5 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05") };
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
@@ -224,43 +224,43 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST(
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") };
struct _gss_oid_name_table _gss_ont_ma[] = {
- { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
+ { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" },
+ { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" },
+ { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" },
+ { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" },
+ { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" },
{ GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" },
{ GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" },
- { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" },
+ { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
+ { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" },
+ { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" },
+ { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" },
+ { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" },
+ { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" },
{ GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" },
- { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" },
{ GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" },
- { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" },
- { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" },
- { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" },
- { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" },
- { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" },
- { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" },
- { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" },
- { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" },
+ { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" },
+ { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" },
+ { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" },
{ GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" },
- { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" },
+ { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" },
+ { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" },
{ GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" },
- { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" },
- { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" },
- { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" },
{ GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" },
- { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" },
- { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" },
- { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" },
- { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" },
+ { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" },
{ GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" },
- { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" },
- { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" },
+ { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" },
+ { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" },
+ { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" },
{ GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" },
- { NULL }
+ { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" },
+ { NULL, NULL, NULL, NULL }
};
struct _gss_oid_name_table _gss_ont_mech[] = {
{ GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" },
- { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" },
{ GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" },
- { NULL }
+ { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" },
+ { NULL, NULL, NULL, NULL }
};
diff --git a/lib/gssapi/mech/gss_pname_to_uid.c b/lib/gssapi/mech/gss_pname_to_uid.c
index c5f26949f2ae..315f0e0d8147 100644
--- a/lib/gssapi/mech/gss_pname_to_uid.c
+++ b/lib/gssapi/mech/gss_pname_to_uid.c
@@ -33,21 +33,21 @@
#include "mech_locl.h"
static OM_uint32
-mech_pname_to_uid(OM_uint32 *minor_status,
- struct _gss_mechanism_name *mn,
- uid_t *uidp)
+mech_localname(OM_uint32 *minor_status,
+ struct _gss_mechanism_name *mn,
+ gss_buffer_t localname)
{
OM_uint32 major_status = GSS_S_UNAVAILABLE;
*minor_status = 0;
- if (mn->gmn_mech->gm_pname_to_uid == NULL)
+ if (mn->gmn_mech->gm_localname == NULL)
return GSS_S_UNAVAILABLE;
- major_status = mn->gmn_mech->gm_pname_to_uid(minor_status,
- mn->gmn_name,
- mn->gmn_mech_oid,
- uidp);
+ major_status = mn->gmn_mech->gm_localname(minor_status,
+ mn->gmn_name,
+ mn->gmn_mech_oid,
+ localname);
if (GSS_ERROR(major_status))
_gss_mg_error(mn->gmn_mech, major_status, *minor_status);
@@ -55,86 +55,55 @@ mech_pname_to_uid(OM_uint32 *minor_status,
}
static OM_uint32
-attr_pname_to_uid(OM_uint32 *minor_status,
- struct _gss_mechanism_name *mn,
- uid_t *uidp)
+attr_localname(OM_uint32 *minor_status,
+ struct _gss_mechanism_name *mn,
+ gss_buffer_t localname)
{
-#ifdef NO_LOCALNAME
- return GSS_S_UNAVAILABLE;
-#else
OM_uint32 major_status = GSS_S_UNAVAILABLE;
OM_uint32 tmpMinor;
+ gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc display_value = GSS_C_EMPTY_BUFFER;
+ int authenticated = 0, complete = 0;
int more = -1;
*minor_status = 0;
+ localname->length = 0;
+ localname->value = NULL;
+
if (mn->gmn_mech->gm_get_name_attribute == NULL)
return GSS_S_UNAVAILABLE;
- while (more != 0) {
- gss_buffer_desc value;
- gss_buffer_desc display_value;
- int authenticated = 0, complete = 0;
-#ifdef POSIX_GETPWNAM_R
- char pwbuf[2048];
- struct passwd pw, *pwd;
-#else
- struct passwd *pwd;
-#endif
- char *localname;
-
- major_status = mn->gmn_mech->gm_get_name_attribute(minor_status,
- mn->gmn_name,
- GSS_C_ATTR_LOCAL_LOGIN_USER,
- &authenticated,
- &complete,
- &value,
- &display_value,
- &more);
- if (GSS_ERROR(major_status)) {
- _gss_mg_error(mn->gmn_mech, major_status, *minor_status);
- break;
- }
-
- localname = malloc(value.length + 1);
- if (localname == NULL) {
- major_status = GSS_S_FAILURE;
- *minor_status = ENOMEM;
- break;
- }
-
- memcpy(localname, value.value, value.length);
- localname[value.length] = '\0';
-
-#ifdef POSIX_GETPWNAM_R
- if (getpwnam_r(localname, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
- pwd = NULL;
-#else
- pwd = getpwnam(localname);
-#endif
+ major_status = mn->gmn_mech->gm_get_name_attribute(minor_status,
+ mn->gmn_name,
+ GSS_C_ATTR_LOCAL_LOGIN_USER,
+ &authenticated,
+ &complete,
+ &value,
+ &display_value,
+ &more);
+ if (GSS_ERROR(major_status)) {
+ _gss_mg_error(mn->gmn_mech, major_status, *minor_status);
+ return major_status;
+ }
- free(localname);
+ if (authenticated) {
+ *localname = value;
+ } else {
+ major_status = GSS_S_UNAVAILABLE;
gss_release_buffer(&tmpMinor, &value);
- gss_release_buffer(&tmpMinor, &display_value);
-
- if (pwd != NULL) {
- *uidp = pwd->pw_uid;
- major_status = GSS_S_COMPLETE;
- *minor_status = 0;
- break;
- } else
- major_status = GSS_S_UNAVAILABLE;
}
+ gss_release_buffer(&tmpMinor, &display_value);
+
return major_status;
-#endif /* NO_LOCALNAME */
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
-gss_pname_to_uid(OM_uint32 *minor_status,
- const gss_name_t pname,
- const gss_OID mech_type,
- uid_t *uidp)
+gss_localname(OM_uint32 *minor_status,
+ gss_const_name_t pname,
+ const gss_OID mech_type,
+ gss_buffer_t localname)
{
OM_uint32 major_status = GSS_S_UNAVAILABLE;
struct _gss_name *name = (struct _gss_name *) pname;
@@ -147,14 +116,14 @@ gss_pname_to_uid(OM_uint32 *minor_status,
if (GSS_ERROR(major_status))
return major_status;
- major_status = mech_pname_to_uid(minor_status, mn, uidp);
+ major_status = mech_localname(minor_status, mn, localname);
if (major_status != GSS_S_COMPLETE)
- major_status = attr_pname_to_uid(minor_status, mn, uidp);
+ major_status = attr_localname(minor_status, mn, localname);
} else {
HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
- major_status = mech_pname_to_uid(minor_status, mn, uidp);
+ major_status = mech_localname(minor_status, mn, localname);
if (major_status != GSS_S_COMPLETE)
- major_status = attr_pname_to_uid(minor_status, mn, uidp);
+ major_status = attr_localname(minor_status, mn, localname);
if (major_status != GSS_S_UNAVAILABLE)
break;
}
@@ -165,3 +134,60 @@ gss_pname_to_uid(OM_uint32 *minor_status,
return major_status;
}
+
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_pname_to_uid(OM_uint32 *minor_status,
+ gss_const_name_t pname,
+ const gss_OID mech_type,
+ uid_t *uidp)
+{
+#ifdef NO_LOCALNAME
+ return GSS_S_UNAVAILABLE;
+#else
+ OM_uint32 major, tmpMinor;
+ gss_buffer_desc localname = GSS_C_EMPTY_BUFFER;
+ char *szLocalname;
+#ifdef POSIX_GETPWNAM_R
+ char pwbuf[2048];
+ struct passwd pw, *pwd;
+#else
+ struct passwd *pwd;
+#endif
+
+ major = gss_localname(minor_status, pname, mech_type, &localname);
+ if (GSS_ERROR(major))
+ return major;
+
+ szLocalname = malloc(localname.length + 1);
+ if (szLocalname == NULL) {
+ gss_release_buffer(&tmpMinor, &localname);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(szLocalname, localname.value, localname.length);
+ szLocalname[localname.length] = '\0';
+
+#ifdef POSIX_GETPWNAM_R
+ if (getpwnam_r(szLocalname, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
+ pwd = NULL;
+#else
+ pwd = getpwnam(szLocalname);
+#endif
+
+ gss_release_buffer(&tmpMinor, &localname);
+ free(szLocalname);
+
+ *minor_status = 0;
+
+ if (pwd != NULL) {
+ *uidp = pwd->pw_uid;
+ major = GSS_S_COMPLETE;
+ } else {
+ major = GSS_S_UNAVAILABLE;
+ }
+
+ return major;
+#endif
+}
diff --git a/lib/gssapi/mech/gss_process_context_token.c b/lib/gssapi/mech/gss_process_context_token.c
index e8e9b56cdc7f..d10eb47dbae3 100644
--- a/lib/gssapi/mech/gss_process_context_token.c
+++ b/lib/gssapi/mech/gss_process_context_token.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_process_context_token(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t token_buffer)
{
struct _gss_context *ctx = (struct _gss_context *) context_handle;
diff --git a/lib/gssapi/mech/gss_store_cred.c b/lib/gssapi/mech/gss_store_cred.c
index 4d2bfdec8b1a..a92611570eb6 100644
--- a/lib/gssapi/mech/gss_store_cred.c
+++ b/lib/gssapi/mech/gss_store_cred.c
@@ -45,7 +45,9 @@ gss_store_cred(OM_uint32 *minor_status,
{
struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle;
struct _gss_mechanism_cred *mc;
- OM_uint32 maj, junk;
+ OM_uint32 maj = GSS_S_FAILURE;
+ OM_uint32 junk;
+ size_t successes = 0;
if (minor_status == NULL)
return GSS_S_FAILURE;
@@ -69,26 +71,30 @@ gss_store_cred(OM_uint32 *minor_status,
if (m == NULL || m->gm_store_cred == NULL)
continue;
- if (desired_mech) {
- maj = gss_oid_equal(&m->gm_mech_oid, desired_mech);
- if (maj != 0)
- continue;
- }
+ if (desired_mech != GSS_C_NO_OID &&
+ !gss_oid_equal(&m->gm_mech_oid, desired_mech))
+ continue;
maj = (m->gm_store_cred)(minor_status, mc->gmc_cred,
cred_usage, desired_mech, overwrite_cred,
default_cred, NULL, cred_usage_stored);
- if (maj != GSS_S_COMPLETE) {
- gss_release_oid_set(&junk, elements_stored);
- return maj;
- }
+ if (maj == GSS_S_COMPLETE) {
+ if (elements_stored)
+ gss_add_oid_set_member(&junk, desired_mech, elements_stored);
+ successes++;
+ } else if (desired_mech != GSS_C_NO_OID) {
+ gss_release_oid_set(&junk, elements_stored);
+ return maj;
+ }
- if (elements_stored) {
- gss_add_oid_set_member(&junk,
- &m->gm_mech_oid,
- elements_stored);
- }
+ }
+ if (successes == 0) {
+ if (maj != GSS_S_COMPLETE)
+ return maj; /* last failure */
+ return GSS_S_FAILURE;
}
+
+ *minor_status = 0;
return GSS_S_COMPLETE;
}
diff --git a/lib/gssapi/mech/gss_unwrap.c b/lib/gssapi/mech/gss_unwrap.c
index d0d18aca25b1..6bf6088f37dd 100644
--- a/lib/gssapi/mech/gss_unwrap.c
+++ b/lib/gssapi/mech/gss_unwrap.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_unwrap(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
diff --git a/lib/gssapi/mech/gss_verify_mic.c b/lib/gssapi/mech/gss_verify_mic.c
index a791dc732761..ae3b52f72af5 100644
--- a/lib/gssapi/mech/gss_verify_mic.c
+++ b/lib/gssapi/mech/gss_verify_mic.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_verify_mic(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t *qop_state)
diff --git a/lib/gssapi/mech/gss_wrap.c b/lib/gssapi/mech/gss_wrap.c
index d9864b36ccb4..82378d3d0d05 100644
--- a/lib/gssapi/mech/gss_wrap.c
+++ b/lib/gssapi/mech/gss_wrap.c
@@ -45,7 +45,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_wrap(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
diff --git a/lib/gssapi/mech/gss_wrap_size_limit.c b/lib/gssapi/mech/gss_wrap_size_limit.c
index 9bebcf6cf08e..3bcd9eceeda2 100644
--- a/lib/gssapi/mech/gss_wrap_size_limit.c
+++ b/lib/gssapi/mech/gss_wrap_size_limit.c
@@ -30,7 +30,7 @@
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_wrap_size_limit(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
diff --git a/lib/gssapi/mech/mech.5 b/lib/gssapi/mech/mech.5
index e7b083d3158a..56e916e3aea3 100644
--- a/lib/gssapi/mech/mech.5
+++ b/lib/gssapi/mech/mech.5
@@ -91,4 +91,4 @@ manual page example first appeared in
.Sh AUTHORS
This
manual page was written by
-.An Doug Rabson Aq dfr@FreeBSD.org .
+.An Doug Rabson Aq Mt dfr@FreeBSD.org .
diff --git a/lib/gssapi/mech/mech.cat5 b/lib/gssapi/mech/mech.cat5
index 821a193df6e1..998079f2959c 100644
--- a/lib/gssapi/mech/mech.cat5
+++ b/lib/gssapi/mech/mech.cat5
@@ -56,6 +56,6 @@ HHIISSTTOORRYY
The mmeecchh manual page example first appeared in FreeBSD 7.0.
AAUUTTHHOORRSS
- This manual page was written by Doug Rabson <dfr@FreeBSD.org>.
+ This manual page was written by Doug Rabson <_d_f_r_@_F_r_e_e_B_S_D_._o_r_g>.
BSD November 14, 2005 BSD
diff --git a/lib/gssapi/ntlm/accept_sec_context.c b/lib/gssapi/ntlm/accept_sec_context.c
index 533fc15df8f3..7ba55cd33d04 100644
--- a/lib/gssapi/ntlm/accept_sec_context.c
+++ b/lib/gssapi/ntlm/accept_sec_context.c
@@ -68,7 +68,7 @@ OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_accept_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
diff --git a/lib/gssapi/ntlm/acquire_cred.c b/lib/gssapi/ntlm/acquire_cred.c
index b186271f590f..9e2cca4ffc4b 100644
--- a/lib/gssapi/ntlm/acquire_cred.c
+++ b/lib/gssapi/ntlm/acquire_cred.c
@@ -33,18 +33,18 @@
#include "ntlm.h"
-OM_uint32 GSSAPI_CALLCONV _gss_ntlm_acquire_cred
- (OM_uint32 * min_stat,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
- )
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_acquire_cred(OM_uint32 *min_stat,
+ gss_const_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec)
{
ntlm_name name = (ntlm_name) desired_name;
+ const char *domain = NULL;
OM_uint32 maj_stat;
ntlm_ctx ctx;
@@ -55,17 +55,14 @@ OM_uint32 GSSAPI_CALLCONV _gss_ntlm_acquire_cred
if (time_rec)
*time_rec = GSS_C_INDEFINITE;
- if (desired_name == NULL)
- return GSS_S_NO_CRED;
-
if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
if (maj_stat != GSS_S_COMPLETE)
return maj_stat;
- maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx,
- name->domain);
+ domain = name != NULL ? name->domain : NULL;
+ maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
{
gss_ctx_id_t context = (gss_ctx_id_t)ctx;
OM_uint32 junk;
@@ -79,7 +76,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_ntlm_acquire_cred
*min_stat = _gss_ntlm_get_user_cred(name, &cred);
if (*min_stat)
- return GSS_S_FAILURE;
+ return GSS_S_NO_CRED;
cred->usage = cred_usage;
*output_cred_handle = (gss_cred_id_t)cred;
diff --git a/lib/gssapi/ntlm/add_cred.c b/lib/gssapi/ntlm/add_cred.c
index 7c6b5ba255a0..151723262bc7 100644
--- a/lib/gssapi/ntlm/add_cred.c
+++ b/lib/gssapi/ntlm/add_cred.c
@@ -35,8 +35,8 @@
OM_uint32 GSSAPI_CALLCONV _gss_ntlm_add_cred (
OM_uint32 *minor_status,
- const gss_cred_id_t input_cred_handle,
- const gss_name_t desired_name,
+ gss_const_cred_id_t input_cred_handle,
+ gss_const_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
diff --git a/lib/gssapi/ntlm/canonicalize_name.c b/lib/gssapi/ntlm/canonicalize_name.c
index 0ea64299dd0c..3409b3b759b9 100644
--- a/lib/gssapi/ntlm/canonicalize_name.c
+++ b/lib/gssapi/ntlm/canonicalize_name.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_canonicalize_name (
OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t * output_name
)
diff --git a/lib/gssapi/ntlm/compare_name.c b/lib/gssapi/ntlm/compare_name.c
index 6e095bdee2a7..d185ab940e4c 100644
--- a/lib/gssapi/ntlm/compare_name.c
+++ b/lib/gssapi/ntlm/compare_name.c
@@ -35,8 +35,8 @@
OM_uint32 GSSAPI_CALLCONV _gss_ntlm_compare_name
(OM_uint32 * minor_status,
- const gss_name_t name1,
- const gss_name_t name2,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
int * name_equal
)
{
diff --git a/lib/gssapi/ntlm/context_time.c b/lib/gssapi/ntlm/context_time.c
index 73debda48326..589ee2a71604 100644
--- a/lib/gssapi/ntlm/context_time.c
+++ b/lib/gssapi/ntlm/context_time.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gss_ntlm_context_time
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 * time_rec
)
{
diff --git a/lib/gssapi/ntlm/creds.c b/lib/gssapi/ntlm/creds.c
index ffbf35504eea..84a710c69e60 100644
--- a/lib/gssapi/ntlm/creds.c
+++ b/lib/gssapi/ntlm/creds.c
@@ -38,7 +38,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_cred
(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
@@ -60,8 +60,11 @@ _gss_ntlm_inquire_cred
n->domain = strdup(c->domain);
}
if (n == NULL || n->user == NULL || n->domain == NULL) {
- if (n)
+ if (n) {
free(n->user);
+ free(n->domain);
+ free(n);
+ }
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
diff --git a/lib/gssapi/ntlm/crypto.c b/lib/gssapi/ntlm/crypto.c
index 85dc638dda58..40469a7a7bda 100644
--- a/lib/gssapi/ntlm/crypto.c
+++ b/lib/gssapi/ntlm/crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * Copyright (c) 2006-2016 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,11 +32,17 @@
*/
#include "ntlm.h"
-
-uint32_t
-_krb5_crc_update (const char *p, size_t len, uint32_t res);
-void
-_krb5_crc_init_table(void);
+struct hx509_certs_data;
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+struct ContentInfo;
+struct AlgorithmIdentifier;
+struct _krb5_krb_auth_data;
+struct krb5_dh_moduli;
+struct _krb5_key_data;
+struct _krb5_encryption_type;
+struct _krb5_key_type;
+#include "krb5_locl.h"
/*
*
@@ -263,7 +269,7 @@ v2_unseal_message(gss_buffer_t in,
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_get_mic
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token
@@ -338,7 +344,7 @@ _gss_ntlm_get_mic
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_verify_mic
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state
@@ -424,7 +430,7 @@ _gss_ntlm_verify_mic
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_wrap_size_limit (
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
@@ -455,7 +461,7 @@ _gss_ntlm_wrap_size_limit (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_wrap
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
@@ -526,7 +532,7 @@ _gss_ntlm_wrap
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_unwrap
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
diff --git a/lib/gssapi/ntlm/display_name.c b/lib/gssapi/ntlm/display_name.c
index 4f8e3e6828c4..59d2c8471915 100644
--- a/lib/gssapi/ntlm/display_name.c
+++ b/lib/gssapi/ntlm/display_name.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_display_name
(OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t output_name_buffer,
gss_OID * output_name_type
)
diff --git a/lib/gssapi/ntlm/duplicate_name.c b/lib/gssapi/ntlm/duplicate_name.c
index 4ef574fb50ee..060fa55936ae 100644
--- a/lib/gssapi/ntlm/duplicate_name.c
+++ b/lib/gssapi/ntlm/duplicate_name.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_duplicate_name (
OM_uint32 * minor_status,
- const gss_name_t src_name,
+ gss_const_name_t src_name,
gss_name_t * dest_name
)
{
diff --git a/lib/gssapi/ntlm/export_name.c b/lib/gssapi/ntlm/export_name.c
index 8fe69aaaf45e..e5bdca4c9dd7 100644
--- a/lib/gssapi/ntlm/export_name.c
+++ b/lib/gssapi/ntlm/export_name.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_export_name
(OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t exported_name
)
{
diff --git a/lib/gssapi/ntlm/external.c b/lib/gssapi/ntlm/external.c
index d0474f4ec812..aea76cb783c9 100644
--- a/lib/gssapi/ntlm/external.c
+++ b/lib/gssapi/ntlm/external.c
@@ -120,6 +120,9 @@ static gssapi_mech_interface_desc ntlm_mech = {
NULL,
NULL,
NULL,
+ NULL,
+ NULL,
+ NULL,
};
gssapi_mech_interface
diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c
index bae04e174060..5499a1b814e7 100644
--- a/lib/gssapi/ntlm/init_sec_context.c
+++ b/lib/gssapi/ntlm/init_sec_context.c
@@ -35,11 +35,13 @@
static int
from_file(const char *fn, const char *target_domain,
- char **username, struct ntlm_buf *key)
+ char **domainp, char **usernamep, struct ntlm_buf *key)
{
char *str, buf[1024];
FILE *f;
+ *domainp = NULL;
+
f = fopen(fn, "r");
if (f == NULL)
return ENOENT;
@@ -52,14 +54,21 @@ from_file(const char *fn, const char *target_domain,
continue;
str = NULL;
d = strtok_r(buf, ":", &str);
- if (d && strcasecmp(target_domain, d) != 0)
+ free(*domainp);
+ *domainp = NULL;
+ if (d && target_domain != NULL && strcasecmp(target_domain, d) != 0)
continue;
+ *domainp = strdup(d);
+ if (*domainp == NULL)
+ return ENOMEM;
u = strtok_r(NULL, ":", &str);
p = strtok_r(NULL, ":", &str);
if (u == NULL || p == NULL)
continue;
- *username = strdup(u);
+ *usernamep = strdup(u);
+ if (*usernamep == NULL)
+ return ENOMEM;
heim_ntlm_nt_key(p, key);
@@ -74,17 +83,22 @@ from_file(const char *fn, const char *target_domain,
static int
get_user_file(const ntlm_name target_name,
- char **username, struct ntlm_buf *key)
+ char **domainp, char **usernamep, struct ntlm_buf *key)
{
+ const char *domain;
const char *fn;
+ *domainp = NULL;
+
if (issuid())
return ENOENT;
+ domain = target_name != NULL ? target_name->domain : NULL;
+
fn = getenv("NTLM_USER_FILE");
if (fn == NULL)
return ENOENT;
- if (from_file(fn, target_name->domain, username, key) == 0)
+ if (from_file(fn, domain, domainp, usernamep, key) == 0)
return 0;
return ENOENT;
@@ -95,7 +109,7 @@ get_user_file(const ntlm_name target_name,
*/
static int
-get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
+get_user_ccache(const ntlm_name name, char **domainp, char **usernamep, struct ntlm_buf *key)
{
krb5_context context = NULL;
krb5_principal client;
@@ -103,8 +117,10 @@ get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
krb5_error_code ret;
char *confname;
krb5_data data;
+ int aret;
- *username = NULL;
+ *domainp = NULL;
+ *usernamep = NULL;
krb5_data_zero(&data);
key->length = 0;
key->data = NULL;
@@ -123,22 +139,40 @@ get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
ret = krb5_unparse_name_flags(context, client,
KRB5_PRINCIPAL_UNPARSE_NO_REALM,
- username);
+ usernamep);
krb5_free_principal(context, client);
if (ret)
goto out;
- asprintf(&confname, "ntlm-key-%s", name->domain);
- if (confname == NULL) {
- krb5_clear_error_message(context);
- ret = ENOMEM;
+ if (name != NULL) {
+ *domainp = strdup(name->domain);
+ } else {
+ krb5_data data_domain;
+
+ krb5_data_zero(&data_domain);
+ ret = krb5_cc_get_config(context, id, NULL, "default-ntlm-domain",
+ &data_domain);
+ if (ret)
+ goto out;
+
+ *domainp = strndup(data_domain.data, data_domain.length);
+ krb5_data_free(&data_domain);
+ }
+
+ if (*domainp == NULL) {
+ ret = krb5_enomem(context);
goto out;
}
- ret = krb5_cc_get_config(context, id, NULL,
- confname, &data);
- if (ret)
+ aret = asprintf(&confname, "ntlm-key-%s", *domainp);
+ if (aret == -1) {
+ ret = krb5_enomem(context);
goto out;
+ }
+
+ ret = krb5_cc_get_config(context, id, NULL, confname, &data);
+ if (ret)
+ goto out;
key->data = malloc(data.length);
if (key->data == NULL) {
@@ -169,15 +203,16 @@ _gss_ntlm_get_user_cred(const ntlm_name target_name,
if (cred == NULL)
return ENOMEM;
- ret = get_user_file(target_name, &cred->username, &cred->key);
+ ret = get_user_file(target_name,
+ &cred->domain, &cred->username, &cred->key);
if (ret)
- ret = get_user_ccache(target_name, &cred->username, &cred->key);
+ ret = get_user_ccache(target_name,
+ &cred->domain, &cred->username, &cred->key);
if (ret) {
free(cred);
return ret;
}
- cred->domain = strdup(target_name->domain);
*rcred = cred;
return ret;
@@ -216,9 +251,9 @@ _gss_copy_cred(ntlm_cred from, ntlm_cred *to)
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_init_sec_context
(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
+ gss_const_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
+ gss_const_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -472,7 +507,7 @@ _gss_ntlm_init_sec_context
- ret = heim_ntlm_encode_type3(&type3, &data);
+ ret = heim_ntlm_encode_type3(&type3, &data, NULL);
free(type3.sessionkey.data);
if (type3.lm.data)
free(type3.lm.data);
diff --git a/lib/gssapi/ntlm/inquire_context.c b/lib/gssapi/ntlm/inquire_context.c
index fd0cb8799637..741ad6e14fa5 100644
--- a/lib/gssapi/ntlm/inquire_context.c
+++ b/lib/gssapi/ntlm/inquire_context.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_context (
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
diff --git a/lib/gssapi/ntlm/inquire_cred_by_mech.c b/lib/gssapi/ntlm/inquire_cred_by_mech.c
index b5976b99d728..ed42094c9732 100644
--- a/lib/gssapi/ntlm/inquire_cred_by_mech.c
+++ b/lib/gssapi/ntlm/inquire_cred_by_mech.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_cred_by_mech (
OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
diff --git a/lib/gssapi/ntlm/inquire_mechs_for_name.c b/lib/gssapi/ntlm/inquire_mechs_for_name.c
index 4fd5380946a4..25450ab17d69 100644
--- a/lib/gssapi/ntlm/inquire_mechs_for_name.c
+++ b/lib/gssapi/ntlm/inquire_mechs_for_name.c
@@ -36,7 +36,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_mechs_for_name (
OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_OID_set * mech_types
)
{
diff --git a/lib/gssapi/ntlm/inquire_sec_context_by_oid.c b/lib/gssapi/ntlm/inquire_sec_context_by_oid.c
index ee791b15adf2..c40bf492f52b 100644
--- a/lib/gssapi/ntlm/inquire_sec_context_by_oid.c
+++ b/lib/gssapi/ntlm/inquire_sec_context_by_oid.c
@@ -37,7 +37,7 @@
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_sec_context_by_oid(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/ntlm/kdc.c b/lib/gssapi/ntlm/kdc.c
index 7d56c7510fbb..06d738206375 100644
--- a/lib/gssapi/ntlm/kdc.c
+++ b/lib/gssapi/ntlm/kdc.c
@@ -251,7 +251,7 @@ kdc_type2(OM_uint32 *minor_status,
struct ntlmkrb5 *c = ctx;
krb5_error_code ret;
struct ntlm_type2 type2;
- krb5_data challange;
+ krb5_data challenge;
struct ntlm_buf data;
krb5_data ti;
@@ -293,18 +293,18 @@ kdc_type2(OM_uint32 *minor_status,
}
*ret_flags = type2.flags;
- ret = krb5_ntlm_init_get_challange(c->context, c->ntlm, &challange);
+ ret = krb5_ntlm_init_get_challenge(c->context, c->ntlm, &challenge);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
- if (challange.length != sizeof(type2.challenge)) {
+ if (challenge.length != sizeof(type2.challenge)) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
- memcpy(type2.challenge, challange.data, sizeof(type2.challenge));
- krb5_data_free(&challange);
+ memcpy(type2.challenge, challenge.data, sizeof(type2.challenge));
+ krb5_data_free(&challenge);
ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm,
&type2.targetname);
diff --git a/lib/gssapi/ntlm/ntlm-private.h b/lib/gssapi/ntlm/ntlm-private.h
index 0c62b3533937..b78f0b87b505 100644
--- a/lib/gssapi/ntlm/ntlm-private.h
+++ b/lib/gssapi/ntlm/ntlm-private.h
@@ -11,7 +11,7 @@ OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_accept_sec_context (
OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_cred_id_t /*acceptor_cred_handle*/,
+ gss_const_cred_id_t /*acceptor_cred_handle*/,
const gss_buffer_t /*input_token_buffer*/,
const gss_channel_bindings_t /*input_chan_bindings*/,
gss_name_t * /*src_name*/,
@@ -23,20 +23,20 @@ _gss_ntlm_accept_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_acquire_cred (
- OM_uint32 * /*min_stat*/,
- const gss_name_t /*desired_name*/,
+ OM_uint32 */*min_stat*/,
+ gss_const_name_t /*desired_name*/,
OM_uint32 /*time_req*/,
const gss_OID_set /*desired_mechs*/,
gss_cred_usage_t /*cred_usage*/,
- gss_cred_id_t * /*output_cred_handle*/,
- gss_OID_set * /*actual_mechs*/,
- OM_uint32 * time_rec );
+ gss_cred_id_t */*output_cred_handle*/,
+ gss_OID_set */*actual_mechs*/,
+ OM_uint32 */*time_rec*/);
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_add_cred (
OM_uint32 */*minor_status*/,
- const gss_cred_id_t /*input_cred_handle*/,
- const gss_name_t /*desired_name*/,
+ gss_const_cred_id_t /*input_cred_handle*/,
+ gss_const_name_t /*desired_name*/,
const gss_OID /*desired_mech*/,
gss_cred_usage_t /*cred_usage*/,
OM_uint32 /*initiator_time_req*/,
@@ -54,21 +54,21 @@ _gss_ntlm_allocate_ctx (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_canonicalize_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
const gss_OID /*mech_type*/,
gss_name_t * output_name );
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_compare_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*name1*/,
- const gss_name_t /*name2*/,
+ gss_const_name_t /*name1*/,
+ gss_const_name_t /*name2*/,
int * name_equal );
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_context_time (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
OM_uint32 * time_rec );
OM_uint32 GSSAPI_CALLCONV
@@ -85,7 +85,7 @@ _gss_ntlm_destroy_cred (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_display_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t /*output_name_buffer*/,
gss_OID * output_name_type );
@@ -101,13 +101,13 @@ _gss_ntlm_display_status (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_duplicate_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*src_name*/,
+ gss_const_name_t /*src_name*/,
gss_name_t * dest_name );
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_export_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t exported_name );
OM_uint32 GSSAPI_CALLCONV
@@ -119,7 +119,7 @@ _gss_ntlm_export_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_get_mic (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*message_buffer*/,
gss_buffer_t message_token );
@@ -150,9 +150,9 @@ _gss_ntlm_indicate_mechs (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_init_sec_context (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_const_cred_id_t /*initiator_cred_handle*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_name_t /*target_name*/,
+ gss_const_name_t /*target_name*/,
const gss_OID /*mech_type*/,
OM_uint32 /*req_flags*/,
OM_uint32 /*time_req*/,
@@ -166,7 +166,7 @@ _gss_ntlm_init_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_context (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_name_t * /*src_name*/,
gss_name_t * /*targ_name*/,
OM_uint32 * /*lifetime_rec*/,
@@ -178,7 +178,7 @@ _gss_ntlm_inquire_context (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_cred (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
gss_name_t * /*name*/,
OM_uint32 * /*lifetime*/,
gss_cred_usage_t * /*cred_usage*/,
@@ -187,7 +187,7 @@ _gss_ntlm_inquire_cred (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_cred_by_mech (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
const gss_OID /*mech_type*/,
gss_name_t * /*name*/,
OM_uint32 * /*initiator_lifetime*/,
@@ -197,7 +197,7 @@ _gss_ntlm_inquire_cred_by_mech (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_mechs_for_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_OID_set * mech_types );
OM_uint32 GSSAPI_CALLCONV
@@ -209,7 +209,7 @@ _gss_ntlm_inquire_names_for_mech (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_inquire_sec_context_by_oid (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t */*data_set*/);
@@ -222,7 +222,7 @@ _gss_ntlm_iter_creds_f (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_process_context_token (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t token_buffer );
OM_uint32 GSSAPI_CALLCONV
@@ -246,7 +246,7 @@ _gss_ntlm_set_key (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_unwrap (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*input_message_buffer*/,
gss_buffer_t /*output_message_buffer*/,
int * /*conf_state*/,
@@ -255,7 +255,7 @@ _gss_ntlm_unwrap (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_verify_mic (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*message_buffer*/,
const gss_buffer_t /*token_buffer*/,
gss_qop_t * qop_state );
@@ -263,7 +263,7 @@ _gss_ntlm_verify_mic (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_wrap (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*input_message_buffer*/,
@@ -273,7 +273,7 @@ _gss_ntlm_wrap (
OM_uint32 GSSAPI_CALLCONV
_gss_ntlm_wrap_size_limit (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
OM_uint32 /*req_output_size*/,
diff --git a/lib/gssapi/ntlm/process_context_token.c b/lib/gssapi/ntlm/process_context_token.c
index 16efcd1525d7..2add53b6d787 100644
--- a/lib/gssapi/ntlm/process_context_token.c
+++ b/lib/gssapi/ntlm/process_context_token.c
@@ -35,7 +35,7 @@
OM_uint32 GSSAPI_CALLCONV _gss_ntlm_process_context_token (
OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t token_buffer
)
{
diff --git a/lib/gssapi/oid.txt b/lib/gssapi/oid.txt
new file mode 100644
index 000000000000..cd6c2fa04fb5
--- /dev/null
+++ b/lib/gssapi/oid.txt
@@ -0,0 +1,142 @@
+# /* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */
+
+# /*
+# * 1.2.752.43.13 Heimdal GSS-API Extentions
+# */
+
+oid base GSS_KRB5_COPY_CCACHE_X 1.2.752.43.13.1
+oid base GSS_KRB5_GET_TKT_FLAGS_X 1.2.752.43.13.2
+oid base GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X 1.2.752.43.13.3
+oid base GSS_KRB5_COMPAT_DES3_MIC_X 1.2.752.43.13.4
+oid base GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1.2.752.43.13.5
+oid base GSS_KRB5_EXPORT_LUCID_CONTEXT_X 1.2.752.43.13.6
+oid base GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X 1.2.752.43.13.6.1
+oid base GSS_KRB5_SET_DNS_CANONICALIZE_X 1.2.752.43.13.7
+oid base GSS_KRB5_GET_SUBKEY_X 1.2.752.43.13.8
+oid base GSS_KRB5_GET_INITIATOR_SUBKEY_X 1.2.752.43.13.9
+oid base GSS_KRB5_GET_ACCEPTOR_SUBKEY_X 1.2.752.43.13.10
+oid base GSS_KRB5_SEND_TO_KDC_X 1.2.752.43.13.11
+oid base GSS_KRB5_GET_AUTHTIME_X 1.2.752.43.13.12
+oid base GSS_KRB5_GET_SERVICE_KEYBLOCK_X 1.2.752.43.13.13
+oid base GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X 1.2.752.43.13.14
+oid base GSS_KRB5_SET_DEFAULT_REALM_X 1.2.752.43.13.15
+oid base GSS_KRB5_CCACHE_NAME_X 1.2.752.43.13.16
+oid base GSS_KRB5_SET_TIME_OFFSET_X 1.2.752.43.13.17
+oid base GSS_KRB5_GET_TIME_OFFSET_X 1.2.752.43.13.18
+oid base GSS_KRB5_PLUGIN_REGISTER_X 1.2.752.43.13.19
+oid base GSS_NTLM_GET_SESSION_KEY_X 1.2.752.43.13.20
+oid base GSS_C_NT_NTLM 1.2.752.43.13.21
+oid base GSS_C_NT_DN 1.2.752.43.13.22
+oid base GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL 1.2.752.43.13.23
+oid base GSS_C_NTLM_AVGUEST 1.2.752.43.13.24
+oid base GSS_C_NTLM_V1 1.2.752.43.13.25
+oid base GSS_C_NTLM_V2 1.2.752.43.13.26
+oid base GSS_C_NTLM_SESSION_KEY 1.2.752.43.13.27
+oid base GSS_C_NTLM_FORCE_V1 1.2.752.43.13.28
+oid base GSS_KRB5_CRED_NO_CI_FLAGS_X 1.2.752.43.13.29
+oid base GSS_KRB5_IMPORT_CRED_X 1.2.752.43.13.30
+
+# /* glue for gss_inquire_saslname_for_mech */
+oid base GSS_C_MA_SASL_MECH_NAME 1.2.752.43.13.100
+oid base GSS_C_MA_MECH_NAME 1.2.752.43.13.101
+oid base GSS_C_MA_MECH_DESCRIPTION 1.2.752.43.13.102
+
+# /* credential types */
+oid base GSS_C_CRED_PASSWORD 1.2.752.43.13.200
+oid base GSS_C_CRED_CERTIFICATE 1.2.752.43.13.201
+
+#/* Heimdal mechanisms - 1.2.752.43.14 */
+
+oid base GSS_SASL_DIGEST_MD5_MECHANISM 1.2.752.43.14.1
+oid base GSS_NETLOGON_MECHANISM 1.2.752.43.14.2
+oid base GSS_NETLOGON_SET_SESSION_KEY_X 1.2.752.43.14.3
+oid base GSS_NETLOGON_SET_SIGN_ALGORITHM_X 1.2.752.43.14.4
+oid base GSS_NETLOGON_NT_NETBIOS_DNS_NAME 1.2.752.43.14.5
+
+#/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */
+oid base GSS_C_INQ_WIN2K_PAC_X 1.2.752.43.13.3.128
+oid base GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5
+
+#/*
+# * "Standard" mechs
+# */
+
+oid base GSS_KRB5_MECHANISM 1.2.840.113554.1.2.2
+oid base GSS_NTLM_MECHANISM 1.3.6.1.4.1.311.2.2.10
+oid base GSS_SPNEGO_MECHANISM 1.3.6.1.5.5.2
+
+# /* From Luke Howard */
+
+oid base GSS_C_PEER_HAS_UPDATED_SPNEGO 1.3.6.1.4.1.5322.19.5
+
+#/*
+# * OID mappings with name and short description and and slightly longer description
+# */
+
+desc mech GSS_KRB5_MECHANISM "Kerberos 5" "Heimdal Kerberos 5 mechanism"
+desc mech GSS_NTLM_MECHANISM "NTLM" "Heimdal NTLM mechanism"
+desc mech GSS_SPNEGO_MECHANISM "SPNEGO" "Heimdal SPNEGO mechanism"
+
+desc ma GSS_C_MA_MECH_NAME "GSS mech name" "The name of the GSS-API mechanism"
+desc ma GSS_C_MA_SASL_MECH_NAME "SASL mechanism name" "The name of the SASL mechanism"
+desc ma GSS_C_MA_MECH_DESCRIPTION "Mech description" "The long description of the mechanism"
+
+#/*
+# * RFC5587
+# */
+
+oid base GSS_C_MA_MECH_CONCRETE 1.3.6.1.5.5.13.1
+oid base GSS_C_MA_MECH_PSEUDO 1.3.6.1.5.5.13.2
+oid base GSS_C_MA_MECH_COMPOSITE 1.3.6.1.5.5.13.3
+oid base GSS_C_MA_MECH_NEGO 1.3.6.1.5.5.13.4
+oid base GSS_C_MA_MECH_GLUE 1.3.6.1.5.5.13.5
+oid base GSS_C_MA_NOT_MECH 1.3.6.1.5.5.13.6
+oid base GSS_C_MA_DEPRECATED 1.3.6.1.5.5.13.7
+oid base GSS_C_MA_NOT_DFLT_MECH 1.3.6.1.5.5.13.8
+oid base GSS_C_MA_ITOK_FRAMED 1.3.6.1.5.5.13.9
+oid base GSS_C_MA_AUTH_INIT 1.3.6.1.5.5.13.10
+oid base GSS_C_MA_AUTH_TARG 1.3.6.1.5.5.13.11
+oid base GSS_C_MA_AUTH_INIT_INIT 1.3.6.1.5.5.13.12
+oid base GSS_C_MA_AUTH_TARG_INIT 1.3.6.1.5.5.13.13
+oid base GSS_C_MA_AUTH_INIT_ANON 1.3.6.1.5.5.13.14
+oid base GSS_C_MA_AUTH_TARG_ANON 1.3.6.1.5.5.13.15
+oid base GSS_C_MA_DELEG_CRED 1.3.6.1.5.5.13.16
+oid base GSS_C_MA_INTEG_PROT 1.3.6.1.5.5.13.17
+oid base GSS_C_MA_CONF_PROT 1.3.6.1.5.5.13.18
+oid base GSS_C_MA_MIC 1.3.6.1.5.5.13.19
+oid base GSS_C_MA_WRAP 1.3.6.1.5.5.13.20
+oid base GSS_C_MA_PROT_READY 1.3.6.1.5.5.13.21
+oid base GSS_C_MA_REPLAY_DET 1.3.6.1.5.5.13.22
+oid base GSS_C_MA_OOS_DET 1.3.6.1.5.5.13.23
+oid base GSS_C_MA_CBINDINGS 1.3.6.1.5.5.13.24
+oid base GSS_C_MA_PFS 1.3.6.1.5.5.13.25
+oid base GSS_C_MA_COMPRESS 1.3.6.1.5.5.13.26
+oid base GSS_C_MA_CTX_TRANS 1.3.6.1.5.5.13.27
+
+desc ma GSS_C_MA_MECH_CONCRETE "concrete-mech" "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism"
+desc ma GSS_C_MA_MECH_PSEUDO "pseudo-mech" ""
+desc ma GSS_C_MA_MECH_COMPOSITE "composite-mech" ""
+desc ma GSS_C_MA_MECH_NEGO "mech-negotiation-mech" ""
+desc ma GSS_C_MA_MECH_GLUE "mech-glue" ""
+desc ma GSS_C_MA_NOT_MECH "not-mech" ""
+desc ma GSS_C_MA_DEPRECATED "mech-deprecated" ""
+desc ma GSS_C_MA_NOT_DFLT_MECH "mech-not-default" ""
+desc ma GSS_C_MA_ITOK_FRAMED "initial-is-framed" ""
+desc ma GSS_C_MA_AUTH_INIT "auth-init-princ" ""
+desc ma GSS_C_MA_AUTH_TARG "auth-targ-princ" ""
+desc ma GSS_C_MA_AUTH_INIT_INIT "auth-init-princ-initial" ""
+desc ma GSS_C_MA_AUTH_TARG_INIT "auth-targ-princ-initial" ""
+desc ma GSS_C_MA_AUTH_INIT_ANON "auth-init-princ-anon" ""
+desc ma GSS_C_MA_AUTH_TARG_ANON "auth-targ-princ-anon" ""
+desc ma GSS_C_MA_DELEG_CRED "deleg-cred" ""
+desc ma GSS_C_MA_INTEG_PROT "integ-prot" ""
+desc ma GSS_C_MA_CONF_PROT "conf-prot" ""
+desc ma GSS_C_MA_MIC "mic" ""
+desc ma GSS_C_MA_WRAP "wrap" ""
+desc ma GSS_C_MA_PROT_READY "prot-ready" ""
+desc ma GSS_C_MA_REPLAY_DET "replay-detection" ""
+desc ma GSS_C_MA_OOS_DET "oos-detection" ""
+desc ma GSS_C_MA_CBINDINGS "channel-bindings" ""
+desc ma GSS_C_MA_PFS "pfs" ""
+desc ma GSS_C_MA_COMPRESS "compress" ""
+desc ma GSS_C_MA_CTX_TRANS "context-transfer" ""
diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c
index 3a51dd3a0a61..48b786c29ed1 100644
--- a/lib/gssapi/spnego/accept_sec_context.c
+++ b/lib/gssapi/spnego/accept_sec_context.c
@@ -470,7 +470,7 @@ static OM_uint32 GSSAPI_CALLCONV
acceptor_start
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
@@ -687,7 +687,7 @@ static OM_uint32 GSSAPI_CALLCONV
acceptor_continue
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
@@ -874,7 +874,7 @@ OM_uint32 GSSAPI_CALLCONV
_gss_spnego_accept_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
diff --git a/lib/gssapi/spnego/compat.c b/lib/gssapi/spnego/compat.c
index cf5ee30a84a9..6e90fe6faf86 100644
--- a/lib/gssapi/spnego/compat.c
+++ b/lib/gssapi/spnego/compat.c
@@ -234,7 +234,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_name_t target_name,
OM_uint32 (*func)(gss_name_t, gss_OID),
int includeMSCompatOID,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
MechTypeList *mechtypelist,
gss_OID *preferred_mech)
{
diff --git a/lib/gssapi/spnego/context_stubs.c b/lib/gssapi/spnego/context_stubs.c
index 60b348ec4676..836ce5859e67 100644
--- a/lib/gssapi/spnego/context_stubs.c
+++ b/lib/gssapi/spnego/context_stubs.c
@@ -68,18 +68,18 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
OM_uint32 GSSAPI_CALLCONV _gss_spnego_process_context_token
(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t token_buffer
)
{
- gss_ctx_id_t context ;
+ gss_ctx_id_t context;
gssspnego_ctx ctx;
OM_uint32 ret;
if (context_handle == GSS_C_NO_CONTEXT)
return GSS_S_NO_CONTEXT;
- context = context_handle;
+ context = (gss_ctx_id_t)context_handle;
ctx = (gssspnego_ctx)context_handle;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
@@ -121,7 +121,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_delete_sec_context
OM_uint32 GSSAPI_CALLCONV _gss_spnego_context_time
(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 *time_rec
)
{
@@ -145,7 +145,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_context_time
OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic
(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token
@@ -171,7 +171,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic
OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state
@@ -200,7 +200,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic
OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
@@ -233,7 +233,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap
OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
@@ -264,8 +264,8 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap
OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name
(OM_uint32 *minor_status,
- const gss_name_t name1,
- const gss_name_t name2,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
int * name_equal
)
{
@@ -288,7 +288,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name
OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name
(OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t output_name_buffer,
gss_OID * output_name_type
)
@@ -342,7 +342,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_name
OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name
(OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_buffer_t exported_name
)
{
@@ -382,7 +382,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
@@ -449,7 +449,7 @@ enomem:
OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit (
OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
@@ -531,6 +531,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context (
gss_ctx_id_t context;
gssspnego_ctx ctx;
+ *context_handle = GSS_C_NO_CONTEXT;
ret = _gss_spnego_alloc_sec_context(minor_status, &context);
if (ret != GSS_S_COMPLETE) {
return ret;
@@ -543,7 +544,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context (
interprocess_token,
&ctx->negotiated_ctx_id);
if (ret != GSS_S_COMPLETE) {
- _gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return ret;
}
@@ -602,7 +603,7 @@ out:
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_mechs_for_name (
OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_OID_set * mech_types
)
{
@@ -623,7 +624,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_mechs_for_name (
OM_uint32 GSSAPI_CALLCONV _gss_spnego_canonicalize_name (
OM_uint32 * minor_status,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t * output_name
)
@@ -634,7 +635,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_canonicalize_name (
OM_uint32 GSSAPI_CALLCONV _gss_spnego_duplicate_name (
OM_uint32 * minor_status,
- const gss_name_t src_name,
+ gss_const_name_t src_name,
gss_name_t * dest_name
)
{
@@ -707,7 +708,7 @@ _gss_spnego_wrap_iov_length(OM_uint32 * minor_status,
#if 0
OM_uint32 GSSAPI_CALLCONV _gss_spnego_complete_auth_token
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
gss_buffer_t input_message_buffer)
{
gssspnego_ctx ctx;
@@ -732,7 +733,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_complete_auth_token
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_sec_context_by_oid
(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/spnego/cred_stubs.c b/lib/gssapi/spnego/cred_stubs.c
index fc43d6a4a666..f82c4d1e80cf 100644
--- a/lib/gssapi/spnego/cred_stubs.c
+++ b/lib/gssapi/spnego/cred_stubs.c
@@ -56,7 +56,7 @@ _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
*/
OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
(OM_uint32 *minor_status,
- const gss_name_t desired_name,
+ gss_const_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
@@ -129,7 +129,7 @@ out:
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
@@ -171,7 +171,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
@@ -216,7 +216,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
+ gss_const_cred_id_t cred_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
diff --git a/lib/gssapi/spnego/external.c b/lib/gssapi/spnego/external.c
index ca06d46e8211..03678f9989b3 100644
--- a/lib/gssapi/spnego/external.c
+++ b/lib/gssapi/spnego/external.c
@@ -66,11 +66,19 @@ static gss_mo_desc spnego_mo[] = {
},
{
GSS_C_MA_MECH_NEGO,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
},
{
GSS_C_MA_MECH_PSEUDO,
- GSS_MO_MA
+ GSS_MO_MA,
+ NULL,
+ NULL,
+ NULL,
+ NULL
}
};
@@ -84,7 +92,7 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_init_sec_context,
_gss_spnego_accept_sec_context,
_gss_spnego_process_context_token,
- _gss_spnego_internal_delete_sec_context,
+ _gss_spnego_delete_sec_context,
_gss_spnego_context_time,
_gss_spnego_get_mic,
_gss_spnego_verify_mic,
@@ -134,6 +142,9 @@ static gssapi_mech_interface_desc spnego_mech = {
NULL,
NULL,
NULL,
+ NULL,
+ NULL,
+ NULL,
};
gssapi_mech_interface
diff --git a/lib/gssapi/spnego/init_sec_context.c b/lib/gssapi/spnego/init_sec_context.c
index b4b1bcefc5e5..a12ce3847573 100644
--- a/lib/gssapi/spnego/init_sec_context.c
+++ b/lib/gssapi/spnego/init_sec_context.c
@@ -177,9 +177,9 @@ spnego_reply_internal(OM_uint32 *minor_status,
static OM_uint32
spnego_initial
(OM_uint32 * minor_status,
- gss_cred_id_t cred,
+ gss_const_cred_id_t cred,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
+ gss_const_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -374,9 +374,9 @@ spnego_initial
static OM_uint32
spnego_reply
(OM_uint32 * minor_status,
- const gss_cred_id_t cred,
+ gss_const_cred_id_t cred,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
+ gss_const_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -614,9 +614,9 @@ spnego_reply
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_init_sec_context
(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
+ gss_const_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
+ gss_const_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
diff --git a/lib/gssapi/spnego/spnego-private.h b/lib/gssapi/spnego/spnego-private.h
index f50574d7ed37..7486b68fc48b 100644
--- a/lib/gssapi/spnego/spnego-private.h
+++ b/lib/gssapi/spnego/spnego-private.h
@@ -11,7 +11,7 @@ OM_uint32 GSSAPI_CALLCONV
_gss_spnego_accept_sec_context (
OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_cred_id_t /*acceptor_cred_handle*/,
+ gss_const_cred_id_t /*acceptor_cred_handle*/,
const gss_buffer_t /*input_token_buffer*/,
const gss_channel_bindings_t /*input_chan_bindings*/,
gss_name_t * /*src_name*/,
@@ -24,7 +24,7 @@ _gss_spnego_accept_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_acquire_cred (
OM_uint32 */*minor_status*/,
- const gss_name_t /*desired_name*/,
+ gss_const_name_t /*desired_name*/,
OM_uint32 /*time_req*/,
const gss_OID_set /*desired_mechs*/,
gss_cred_usage_t /*cred_usage*/,
@@ -40,21 +40,21 @@ _gss_spnego_alloc_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_canonicalize_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
const gss_OID /*mech_type*/,
gss_name_t * output_name );
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_compare_name (
OM_uint32 */*minor_status*/,
- const gss_name_t /*name1*/,
- const gss_name_t /*name2*/,
+ gss_const_name_t /*name1*/,
+ gss_const_name_t /*name2*/,
int * name_equal );
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_context_time (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
OM_uint32 *time_rec );
OM_uint32 GSSAPI_CALLCONV
@@ -66,14 +66,14 @@ _gss_spnego_delete_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_display_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t /*output_name_buffer*/,
gss_OID * output_name_type );
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_duplicate_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*src_name*/,
+ gss_const_name_t /*src_name*/,
gss_name_t * dest_name );
OM_uint32 GSSAPI_CALLCONV
@@ -85,7 +85,7 @@ _gss_spnego_export_cred (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_export_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_buffer_t exported_name );
OM_uint32 GSSAPI_CALLCONV
@@ -97,7 +97,7 @@ _gss_spnego_export_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_get_mic (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*message_buffer*/,
gss_buffer_t message_token );
@@ -127,16 +127,16 @@ _gss_spnego_indicate_mechtypelist (
gss_name_t /*target_name*/,
OM_uint32 (*/*func*/)(gss_name_t, gss_OID),
int /*includeMSCompatOID*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
MechTypeList */*mechtypelist*/,
gss_OID */*preferred_mech*/);
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_init_sec_context (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_const_cred_id_t /*initiator_cred_handle*/,
gss_ctx_id_t * /*context_handle*/,
- const gss_name_t /*target_name*/,
+ gss_const_name_t /*target_name*/,
const gss_OID /*mech_type*/,
OM_uint32 /*req_flags*/,
OM_uint32 /*time_req*/,
@@ -150,7 +150,7 @@ _gss_spnego_init_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_inquire_context (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
gss_name_t * /*src_name*/,
gss_name_t * /*targ_name*/,
OM_uint32 * /*lifetime_rec*/,
@@ -162,7 +162,7 @@ _gss_spnego_inquire_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_inquire_cred (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
gss_name_t * /*name*/,
OM_uint32 * /*lifetime*/,
gss_cred_usage_t * /*cred_usage*/,
@@ -171,7 +171,7 @@ _gss_spnego_inquire_cred (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_inquire_cred_by_mech (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
const gss_OID /*mech_type*/,
gss_name_t * /*name*/,
OM_uint32 * /*initiator_lifetime*/,
@@ -181,14 +181,14 @@ _gss_spnego_inquire_cred_by_mech (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_inquire_cred_by_oid (
OM_uint32 * /*minor_status*/,
- const gss_cred_id_t /*cred_handle*/,
+ gss_const_cred_id_t /*cred_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t */*data_set*/);
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_inquire_mechs_for_name (
OM_uint32 * /*minor_status*/,
- const gss_name_t /*input_name*/,
+ gss_const_name_t /*input_name*/,
gss_OID_set * mech_types );
OM_uint32 GSSAPI_CALLCONV
@@ -200,7 +200,7 @@ _gss_spnego_inquire_names_for_mech (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_inquire_sec_context_by_oid (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_OID /*desired_object*/,
gss_buffer_set_t */*data_set*/);
@@ -213,7 +213,7 @@ _gss_spnego_internal_delete_sec_context (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_process_context_token (
OM_uint32 */*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t token_buffer );
OM_uint32 GSSAPI_CALLCONV
@@ -258,7 +258,7 @@ _gss_spnego_set_sec_context_option (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_unwrap (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*input_message_buffer*/,
gss_buffer_t /*output_message_buffer*/,
int * /*conf_state*/,
@@ -276,7 +276,7 @@ _gss_spnego_unwrap_iov (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_verify_mic (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
const gss_buffer_t /*message_buffer*/,
const gss_buffer_t /*token_buffer*/,
gss_qop_t * qop_state );
@@ -284,7 +284,7 @@ _gss_spnego_verify_mic (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_wrap (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
const gss_buffer_t /*input_message_buffer*/,
@@ -314,7 +314,7 @@ _gss_spnego_wrap_iov_length (
OM_uint32 GSSAPI_CALLCONV
_gss_spnego_wrap_size_limit (
OM_uint32 * /*minor_status*/,
- const gss_ctx_id_t /*context_handle*/,
+ gss_const_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
gss_qop_t /*qop_req*/,
OM_uint32 /*req_output_size*/,
diff --git a/lib/gssapi/test_add_store_cred.c b/lib/gssapi/test_add_store_cred.c
new file mode 100644
index 000000000000..981e8fc6e4a8
--- /dev/null
+++ b/lib/gssapi/test_add_store_cred.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 2015 Cryptonector LLC.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. The name Cryptonector LLC may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <roken.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <gssapi.h>
+#include <err.h>
+#include <getarg.h>
+
+static void
+print_gss_err(OM_uint32 stat, int status_type, gss_OID mech)
+{
+ gss_buffer_desc str;
+ OM_uint32 maj;
+ OM_uint32 min;
+ OM_uint32 msg_ctx = 0;
+ int first = 1;
+
+ do {
+ maj = gss_display_status(&min, stat, status_type, mech, &msg_ctx,
+ &str);
+ if (maj != GSS_S_COMPLETE) {
+ fprintf(stderr, "Error displaying GSS %s error (%lu): %lu, %lu",
+ status_type == GSS_C_GSS_CODE ? "major" : "minor",
+ (unsigned long)stat, (unsigned long)maj,
+ (unsigned long)min);
+ return;
+ }
+ if (first) {
+ fprintf(stderr, "GSS %s error: %.*s\n",
+ status_type == GSS_C_GSS_CODE ? "major" : "minor",
+ (int)str.length, (char *)str.value);
+ first = 0;
+ } else {
+ fprintf(stderr, "\t%.*s\n", (int)str.length, (char *)str.value);
+ }
+ gss_release_buffer(&min, &str);
+ } while (msg_ctx != 0);
+}
+
+static void
+print_gss_errs(OM_uint32 major, OM_uint32 minor, gss_OID mech)
+{
+ print_gss_err(major, GSS_C_GSS_CODE, GSS_C_NO_OID);
+ print_gss_err(major, GSS_C_MECH_CODE, mech);
+}
+
+static void
+gss_err(int exitval, OM_uint32 major, OM_uint32 minor, gss_OID mech,
+ const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vwarnx(fmt, args);
+ va_end(args);
+ print_gss_errs(major, minor, mech);
+ exit(exitval);
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage(args, sizeof(args)/sizeof(*args),
+ NULL, "from_ccache to_ccache");
+ exit(ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ OM_uint32 major, minor;
+ gss_cred_id_t from_cred = GSS_C_NO_CREDENTIAL;
+ gss_cred_id_t to_cred = GSS_C_NO_CREDENTIAL;
+ gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+ char *from_env;
+ char *to_env;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc < 2)
+ errx(1, "required arguments missing");
+ if (argc > 2)
+ errx(1, "too many arguments");
+
+ if (asprintf(&from_env, "KRB5CCNAME=%s", argv[0]) == -1 || from_env == NULL)
+ err(1, "out of memory");
+ if (asprintf(&to_env, "KRB5CCNAME=%s", argv[1]) == -1 || to_env == NULL)
+ err(1, "out of memory");
+
+ putenv(from_env);
+ major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE,
+ GSS_C_INDEFINITE, &from_cred, NULL, NULL, NULL);
+ if (major != GSS_S_COMPLETE)
+ gss_err(1, major, minor, GSS_KRB5_MECHANISM,
+ "failed to acquire creds from %s", argv[0]);
+
+ putenv(to_env);
+ major = gss_store_cred(&minor, from_cred, GSS_C_INITIATE,
+ GSS_KRB5_MECHANISM, 1, 1, NULL, NULL);
+ if (major != GSS_S_COMPLETE)
+ gss_err(1, major, minor, GSS_KRB5_MECHANISM,
+ "failed to store creds into %s", argv[1]);
+
+ (void) gss_release_cred(&minor, &from_cred);
+ (void) gss_release_cred(&minor, &to_cred);
+
+ major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM, GSS_C_INITIATE, GSS_C_INDEFINITE,
+ GSS_C_INDEFINITE, &cred, NULL, NULL, NULL);
+ if (major != GSS_S_COMPLETE)
+ gss_err(1, major, minor, GSS_KRB5_MECHANISM,
+ "failed to acquire creds from %s", argv[1]);
+ (void) gss_release_cred(&minor, &cred);
+ putenv("KRB5CCNAME");
+ free(from_env);
+ free(to_env);
+
+ return 0;
+}
diff --git a/lib/gssapi/test_common.c b/lib/gssapi/test_common.c
index 8251aef867c5..ebdcd7116580 100644
--- a/lib/gssapi/test_common.c
+++ b/lib/gssapi/test_common.c
@@ -38,7 +38,7 @@
char *
gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech)
{
- OM_uint32 disp_min_stat, disp_maj_stat;
+ OM_uint32 disp_min_stat;
gss_buffer_desc maj_error_message;
gss_buffer_desc min_error_message;
OM_uint32 msg_ctx = 0;
@@ -50,12 +50,10 @@ gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech)
min_error_message.length = 0;
min_error_message.value = NULL;
- disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat,
- GSS_C_GSS_CODE,
- mech, &msg_ctx, &maj_error_message);
- disp_maj_stat = gss_display_status(&disp_min_stat, min_stat,
- GSS_C_MECH_CODE,
- mech, &msg_ctx, &min_error_message);
+ (void) gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE,
+ mech, &msg_ctx, &maj_error_message);
+ (void) gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE,
+ mech, &msg_ctx, &min_error_message);
if (asprintf(&ret, "gss-code: %lu %.*s -- mech-code: %lu %.*s",
(unsigned long)maj_stat,
(int)maj_error_message.length,
diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c
index 5bdf474d9b93..36a7389aba2f 100644
--- a/lib/gssapi/test_context.c
+++ b/lib/gssapi/test_context.c
@@ -42,6 +42,7 @@
static char *type_string;
static char *mech_string;
+static char *mechs_string;
static char *ret_mech_string;
static char *client_name;
static char *client_password;
@@ -50,6 +51,7 @@ static int mutual_auth_flag = 0;
static int dce_style_flag = 0;
static int wrapunwrap_flag = 0;
static int iov_flag = 0;
+static int aead_flag = 0;
static int getverifymic_flag = 0;
static int deleg_flag = 0;
static int policy_deleg_flag = 0;
@@ -90,17 +92,49 @@ init_o2n(void)
static gss_OID
string_to_oid(const char *name)
{
- int i;
+ size_t i;
for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
if (strcasecmp(name, o2n[i].name) == 0)
return o2n[i].oid;
errx(1, "name '%s' not unknown", name);
}
+static void
+string_to_oids(gss_OID_set *oidsetp, gss_OID_set oidset,
+ gss_OID_desc *oidarray, size_t oidarray_len,
+ char *names)
+{
+ char *name;
+ char *s;
+
+ if (names[0] == '\0') {
+ *oidsetp = GSS_C_NO_OID_SET;
+ return;
+ }
+
+ oidset->elements = &oidarray[0];
+ if (strcasecmp(names, "all") == 0) {
+ if (sizeof(o2n)/sizeof(o2n[0]) > oidarray_len)
+ errx(1, "internal error: oidarray must be enlarged");
+ for (oidset->count = 0; oidset->count < oidarray_len; oidset->count++)
+ oidset->elements[oidset->count] = *o2n[oidset->count].oid;
+ } else {
+ for (oidset->count = 0, name = strtok_r(names, ", ", &s);
+ name != NULL;
+ oidset->count++, name = strtok_r(NULL, ", ", &s)) {
+ if (oidset->count >= oidarray_len)
+ errx(1, "too many mech names given");
+ oidset->elements[oidset->count] = *string_to_oid(name);
+ }
+ oidset->count = oidset->count;
+ }
+ *oidsetp = oidset;
+}
+
static const char *
oid_to_string(const gss_OID oid)
{
- int i;
+ size_t i;
for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
if (gss_oid_equal(oid, o2n[i].oid))
return o2n[i].name;
@@ -411,11 +445,66 @@ wrapunwrap_iov(gss_ctx_id_t cctx, gss_ctx_id_t sctx, int flags, gss_OID mechoid)
if (conf_state2 != conf_state)
errx(1, "conf state wrong for iov: %x", flags);
+ gss_release_iov_buffer(&min_stat, iov, iov_len);
free(token.data);
}
static void
+wrapunwrap_aead(gss_ctx_id_t cctx, gss_ctx_id_t sctx, int flags, gss_OID mechoid)
+{
+ gss_buffer_desc token, assoc, message = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc output;
+ OM_uint32 min_stat, maj_stat;
+ gss_qop_t qop_state;
+ int conf_state, conf_state2;
+ char assoc_data[9] = "ABCheader";
+ char token_data[16] = "0123456789abcdef";
+
+ if (flags & USE_SIGN_ONLY) {
+ assoc.value = assoc_data;
+ assoc.length = 9;
+ } else {
+ assoc.value = NULL;
+ assoc.length = 0;
+ }
+
+ token.value = token_data;
+ token.length = 16;
+
+ maj_stat = gss_wrap_aead(&min_stat, cctx, dce_style_flag || flags & USE_CONF,
+ GSS_C_QOP_DEFAULT, &assoc, &token,
+ &conf_state, &message);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_wrap_aead failed");
+
+ if ((flags & (USE_SIGN_ONLY|FORCE_IOV)) == 0) {
+ maj_stat = gss_unwrap(&min_stat, sctx, &message,
+ &output, &conf_state2, &qop_state);
+
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_unwrap from gss_wrap_aead failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+ } else {
+ maj_stat = gss_unwrap_aead(&min_stat, sctx, &message, &assoc,
+ &output, &conf_state2, &qop_state);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_unwrap_aead failed: %x %s", flags,
+ gssapi_err(maj_stat, min_stat, mechoid));
+ }
+
+ if (output.length != token.length)
+ errx(1, "plaintext length wrong for aead");
+ else if (memcmp(output.value, token.value, token.length) != 0)
+ errx(1, "plaintext wrong for aead");
+ if (conf_state2 != conf_state)
+ errx(1, "conf state wrong for aead: %x", flags);
+
+ gss_release_buffer(&min_stat, &message);
+ gss_release_buffer(&min_stat, &output);
+}
+
+static void
getverifymic(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
{
gss_buffer_desc input_token, output_token;
@@ -461,7 +550,8 @@ empty_release(void)
static struct getargs args[] = {
{"name-type",0, arg_string, &type_string, "type of name", NULL },
- {"mech-type",0, arg_string, &mech_string, "type of mech", NULL },
+ {"mech-type",0, arg_string, &mech_string, "mech type (name)", NULL },
+ {"mech-types",0, arg_string, &mechs_string, "mech types (names)", NULL },
{"ret-mech-type",0, arg_string, &ret_mech_string,
"type of return mech", NULL },
{"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag,
@@ -473,6 +563,7 @@ static struct getargs args[] = {
{"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL },
{"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL },
{"iov", 0, arg_flag, &iov_flag, "wrap/unwrap iov", NULL },
+ {"aead", 0, arg_flag, &aead_flag, "wrap/unwrap aead", NULL },
{"getverifymic",0, arg_flag, &getverifymic_flag,
"get and verify mic", NULL },
{"delegate",0, arg_flag, &deleg_flag, "delegate credential", NULL },
@@ -501,7 +592,7 @@ usage (int ret)
int
main(int argc, char **argv)
{
- int optind = 0;
+ int optidx = 0;
OM_uint32 min_stat, maj_stat;
gss_ctx_id_t cctx, sctx;
void *ctx;
@@ -509,6 +600,9 @@ main(int argc, char **argv)
gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL;
gss_name_t cname = GSS_C_NO_NAME;
gss_buffer_desc credential_data = GSS_C_EMPTY_BUFFER;
+ gss_OID_desc oids[4];
+ gss_OID_set_desc mechoid_descs;
+ gss_OID_set mechoids = GSS_C_NO_OID_SET;
setprogname(argv[0]);
@@ -519,7 +613,7 @@ main(int argc, char **argv)
cctx = sctx = GSS_C_NO_CONTEXT;
- if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
@@ -530,8 +624,8 @@ main(int argc, char **argv)
exit(0);
}
- argc -= optind;
- argv += optind;
+ argc -= optidx;
+ argv += optidx;
if (argc != 1)
usage(1);
@@ -546,13 +640,44 @@ main(int argc, char **argv)
else if (strcmp(type_string, "krb5-principal-name") == 0)
nameoid = GSS_KRB5_NT_PRINCIPAL_NAME;
else
- errx(1, "%s not suppported", type_string);
+ errx(1, "%s not supported", type_string);
if (mech_string == NULL)
mechoid = GSS_KRB5_MECHANISM;
else
mechoid = string_to_oid(mech_string);
+ if (mechs_string == NULL) {
+ /*
+ * We ought to be able to use the OID set of the one mechanism
+ * OID given. But there's some breakage that conspires to make
+ * that fail though it should succeed:
+ *
+ * - the NTLM gss_acquire_cred() refuses to work with
+ * desired_name == GSS_C_NO_NAME
+ * - gss_acquire_cred() with desired_mechs == GSS_C_NO_OID_SET
+ * does work here because we happen to have Kerberos
+ * credentials in check-ntlm, and the subsequent
+ * gss_init_sec_context() call finds no cred element for NTLM
+ * but plows on anyways, surprisingly enough, and then the
+ * NTLM gss_init_sec_context() just works.
+ *
+ * In summary, there's some breakage in gss_init_sec_context()
+ * and some breakage in NTLM that conspires against us here.
+ *
+ * We work around this in check-ntlm and check-spnego by adding
+ * --client-name=user1@${R} to the invocations of this test
+ * program that require it.
+ */
+ oids[0] = *mechoid;
+ mechoid_descs.elements = &oids[0];
+ mechoid_descs.count = 1;
+ mechoids = &mechoid_descs;
+ } else {
+ string_to_oids(&mechoids, &mechoid_descs,
+ oids, sizeof(oids)/sizeof(oids[0]), mechs_string);
+ }
+
if (gsskrb5_acceptor_identity) {
maj_stat = gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity);
if (maj_stat)
@@ -582,19 +707,24 @@ main(int argc, char **argv)
cname,
&credential_data,
GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET,
+ mechoids,
GSS_C_INITIATE,
&client_cred,
NULL,
NULL);
- if (GSS_ERROR(maj_stat))
+ if (GSS_ERROR(maj_stat)) {
+ if (mechoids != GSS_C_NO_OID_SET && mechoids->count == 1)
+ mechoid = &mechoids->elements[0];
+ else
+ mechoid = GSS_C_NO_OID;
errx(1, "gss_acquire_cred_with_password: %s",
- gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
+ gssapi_err(maj_stat, min_stat, mechoid));
+ }
} else {
maj_stat = gss_acquire_cred(&min_stat,
cname,
GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET,
+ mechoids,
GSS_C_INITIATE,
&client_cred,
NULL,
@@ -644,7 +774,7 @@ main(int argc, char **argv)
/* XXX should be actual_mech */
if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
- time_t time;
+ time_t sc_time;
gss_buffer_desc authz_data;
gss_buffer_desc in, out1, out2;
krb5_keyblock *keyblock, *keyblock2;
@@ -685,15 +815,15 @@ main(int argc, char **argv)
maj_stat = gsskrb5_extract_authtime_from_sec_context(&min_stat,
sctx,
- &time);
+ &sc_time);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gsskrb5_extract_authtime_from_sec_context failed: %s",
gssapi_err(maj_stat, min_stat, actual_mech));
- if (time > now)
+ if (sc_time > now)
errx(1, "gsskrb5_extract_authtime_from_sec_context failed: "
"time authtime is before now: %ld %ld",
- (long)time, (long)now);
+ (long)sc_time, (long)now);
maj_stat = gsskrb5_extract_service_keyblock(&min_stat,
sctx,
@@ -880,6 +1010,29 @@ main(int argc, char **argv)
wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech);
}
+ if (aead_flag) {
+ wrapunwrap_aead(cctx, sctx, 0, actual_mech);
+ wrapunwrap_aead(cctx, sctx, USE_CONF, actual_mech);
+
+ wrapunwrap_aead(cctx, sctx, FORCE_IOV, actual_mech);
+ wrapunwrap_aead(cctx, sctx, USE_CONF|FORCE_IOV, actual_mech);
+
+ wrapunwrap_aead(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech);
+ wrapunwrap_aead(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech);
+
+ wrapunwrap_aead(cctx, sctx, 0, actual_mech);
+ wrapunwrap_aead(cctx, sctx, FORCE_IOV, actual_mech);
+
+ wrapunwrap_aead(cctx, sctx, USE_CONF, actual_mech);
+ wrapunwrap_aead(cctx, sctx, USE_CONF|FORCE_IOV, actual_mech);
+
+ wrapunwrap_aead(cctx, sctx, USE_SIGN_ONLY, actual_mech);
+ wrapunwrap_aead(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech);
+
+ wrapunwrap_aead(cctx, sctx, USE_CONF|USE_SIGN_ONLY, actual_mech);
+ wrapunwrap_aead(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech);
+ }
+
if (getverifymic_flag) {
getverifymic(cctx, sctx, actual_mech);
getverifymic(cctx, sctx, actual_mech);
@@ -905,6 +1058,13 @@ main(int argc, char **argv)
gss_release_cred(&min_stat, &cred2);
+#if 0
+ /*
+ * XXX We can't do this. Delegated credentials only work with
+ * the actual_mech. We could gss_store_cred the delegated
+ * credentials *then* gss_add/acquire_cred() with SPNEGO, then
+ * we could try loop() with those credentials.
+ */
/* try again using SPNEGO */
if (verbose_flag)
printf("checking spnego on delegated cred\n");
@@ -915,6 +1075,7 @@ main(int argc, char **argv)
gss_delete_sec_context(&min_stat, &sctx, NULL);
gss_release_cred(&min_stat, &cred2);
+#endif
/* check export/import */
if (ei_flag) {
@@ -943,6 +1104,8 @@ main(int argc, char **argv)
gss_delete_sec_context(&min_stat, &cctx, NULL);
gss_delete_sec_context(&min_stat, &sctx, NULL);
+#if 0
+ /* XXX See above */
/* try again using SPNEGO */
if (verbose_flag)
printf("checking SPNEGO on export/imported cred\n");
@@ -953,6 +1116,7 @@ main(int argc, char **argv)
gss_delete_sec_context(&min_stat, &cctx, NULL);
gss_delete_sec_context(&min_stat, &sctx, NULL);
+#endif
gss_release_cred(&min_stat, &cred2);
diff --git a/lib/gssapi/test_cred.c b/lib/gssapi/test_cred.c
index 23428050d1e8..7ebab9a24978 100644
--- a/lib/gssapi/test_cred.c
+++ b/lib/gssapi/test_cred.c
@@ -154,6 +154,8 @@ acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
NULL,
NULL,
NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "add_cred 2 %d != GSS_S_COMPLETE", (int)maj_stat);
maj_stat = gss_release_cred(&min_stat, &cred2);
if (maj_stat != GSS_S_COMPLETE)
@@ -161,7 +163,7 @@ acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
maj_stat = gss_release_cred(&min_stat, &cred3);
if (maj_stat != GSS_S_COMPLETE)
- gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
+ gss_err(1, min_stat, "release 3 %d != GSS_S_COMPLETE", (int)maj_stat);
}
static int version_flag = 0;
diff --git a/lib/gssapi/test_ntlm.c b/lib/gssapi/test_ntlm.c
index 9b289c27bd37..de3a8dd88422 100644
--- a/lib/gssapi/test_ntlm.c
+++ b/lib/gssapi/test_ntlm.c
@@ -131,7 +131,7 @@ test_libntlm_v1(int flags)
free(key.data);
}
- ret = heim_ntlm_encode_type3(&type3, &data);
+ ret = heim_ntlm_encode_type3(&type3, &data, NULL);
if (ret)
errx(1, "heim_ntlm_encode_type3");
@@ -260,7 +260,7 @@ test_libntlm_v2(int flags)
}
}
- ret = heim_ntlm_encode_type3(&type3, &data);
+ ret = heim_ntlm_encode_type3(&type3, &data, NULL);
if (ret)
errx(1, "heim_ntlm_encode_type3");
@@ -309,11 +309,11 @@ usage (int ret)
int
main(int argc, char **argv)
{
- int ret = 0, optind = 0;
+ int ret = 0, optidx = 0;
setprogname(argv[0]);
- if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
@@ -324,8 +324,8 @@ main(int argc, char **argv)
exit(0);
}
- argc -= optind;
- argv += optind;
+ argc -= optidx;
+ argv += optidx;
ret += test_libntlm_v1(0);
ret += test_libntlm_v1(NTLM_NEG_KEYEX);
@@ -333,5 +333,5 @@ main(int argc, char **argv)
ret += test_libntlm_v2(0);
ret += test_libntlm_v2(NTLM_NEG_KEYEX);
- return 0;
+ return ret;
}
diff --git a/lib/gssapi/version-script.map b/lib/gssapi/version-script.map
index bcb79bf8f76e..daff44e6568f 100644
--- a/lib/gssapi/version-script.map
+++ b/lib/gssapi/version-script.map
@@ -65,6 +65,7 @@ HEIMDAL_GSS_2.0 {
gss_krb5_get_tkt_flags;
gss_krb5_import_cred;
gss_krb5_set_allowable_enctypes;
+ gss_localname;
gss_mg_collect_error;
gss_oid_equal;
gss_oid_to_str;
@@ -87,11 +88,13 @@ HEIMDAL_GSS_2.0 {
gss_test_oid_set_member;
gss_unseal;
gss_unwrap;
+ gss_unwrap_aead;
gss_unwrap_iov;
gss_userok;
gss_verify;
gss_verify_mic;
gss_wrap;
+ gss_wrap_aead;
gss_wrap_iov;
gss_wrap_iov_length;
gss_wrap_size_limit;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-01 02:07:19 +0000