s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)

Also including the supporting changes required to pass make test

A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).

Andrew Bartlett

7 files changed, 48 insertions, 175 deletions

diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index cabd806fbf..158126d99f 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
 
 RCSID("$Id$");
 
@@ -494,7 +494,7 @@ acceptor_complete(OM_uint32 * minor_status,
 	    *get_mic = 1;
 	}
 	
-	if (verify_mic || get_mic) {
+	if (verify_mic || *get_mic) {
 	    int eret;
 	    size_t buf_len;
 	
@@ -512,7 +512,7 @@ acceptor_complete(OM_uint32 * minor_status,
 	if (verify_mic) {
 	    ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
 	    if (ret) {
-		if (get_mic)
+		if (*get_mic)
 		    send_reject (minor_status, output_token);
 		if (buf.value)
 		    free(buf.value);
diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c
index 67d9b202a7..ee25b59435 100644
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -30,7 +30,7 @@
  * SUCH DAMAGE.
  */
 
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
 
 RCSID("$Id$");
 
diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
index 5bc1a48656..1998c44edf 100644
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -30,7 +30,7 @@
  * SUCH DAMAGE.
  */
 
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
 
 RCSID("$Id$");
 
@@ -62,6 +62,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
 	    return ret;
 	}
     }
+    gss_release_oid_set(&junk, &m);
     return ret;
 }
 
@@ -598,7 +599,7 @@ out:
 
     gss_release_oid_set(&junk, &mechs);
 
-    return GSS_S_COMPLETE;
+    return ret;
 }
 
 OM_uint32 _gss_spnego_inquire_mechs_for_name (
@@ -642,128 +643,6 @@ OM_uint32 _gss_spnego_duplicate_name (
     return gss_duplicate_name(minor_status, src_name, dest_name);
 }
 
-OM_uint32 _gss_spnego_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_sign(minor_status,
-		    ctx->negotiated_ctx_id,
-		    qop_req,
-		    message_buffer,
-		    message_token);
-}
-
-OM_uint32 _gss_spnego_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_verify(minor_status,
-		      ctx->negotiated_ctx_id,
-		      message_buffer,
-		      token_buffer,
-		      qop_state);
-}
-
-OM_uint32 _gss_spnego_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_seal(minor_status,
-		    ctx->negotiated_ctx_id,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unseal(minor_status,
-		      ctx->negotiated_ctx_id,
-		      input_message_buffer,
-		      output_message_buffer,
-		      conf_state,
-		      qop_state);
-}
-
 #if 0
 OM_uint32 _gss_spnego_unwrap_ex
            (OM_uint32 * minor_status,
diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
index f6b3fecaa0..a3a984e22c 100644
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -30,7 +30,7 @@
  * SUCH DAMAGE.
  */
 
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
 
 RCSID("$Id$");
 
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index 02404237a7..2dc809bbba 100644
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -30,7 +30,7 @@
  * SUCH DAMAGE.
  */
 
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
 #include <gssapi_mech.h>
 
 RCSID("$Id$");
@@ -71,7 +71,7 @@ static gssapi_mech_interface_desc spnego_mech = {
     _gss_spnego_inquire_cred_by_mech,
     _gss_spnego_export_sec_context,
     _gss_spnego_import_sec_context,
-    _gss_spnego_inquire_names_for_mech,
+    NULL /* _gss_spnego_inquire_names_for_mech */,
     _gss_spnego_inquire_mechs_for_name,
     _gss_spnego_canonicalize_name,
     _gss_spnego_duplicate_name,
diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
index 7a5814413b..ac32432d55 100644
--- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  */
 
-#include "spnego/spnego_locl.h"
+#include "spnego_locl.h"
 
 RCSID("$Id$");
 
@@ -392,8 +392,7 @@ spnego_reply
     )
 {
     OM_uint32 ret, minor;
-    NegTokenResp resp;
-    size_t len, taglen;
+    NegotiationToken resp;
     gss_OID_desc mech;
     int require_mic;
     size_t buf_len;
@@ -414,27 +413,23 @@ spnego_reply
     mech_buf.value = NULL;
     mech_buf.length = 0;
 
-    ret = der_match_tag_and_length(input_token->value, input_token->length,
-				   ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
+    ret = decode_NegotiationToken(input_token->value, input_token->length,
+				  &resp, NULL);
     if (ret)
-	return ret;
+      return ret;
 
-    if (len > input_token->length - taglen)
-	return ASN1_OVERRUN;
-
-    ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
-			      len, &resp, NULL);
-    if (ret) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
+    if (resp.element != choice_NegotiationToken_negTokenResp) {
+	free_NegotiationToken(&resp);
+	*minor_status = 0;
+	return GSS_S_BAD_MECH;
     }
 
-    if (resp.negResult == NULL
-	|| *(resp.negResult) == reject
-	/* || resp.supportedMech == NULL */
+    if (resp.u.negTokenResp.negResult == NULL
+	|| *(resp.u.negTokenResp.negResult) == reject
+	/* || resp.u.negTokenResp.supportedMech == NULL */
 	)
     {
-	free_NegTokenResp(&resp);
+	free_NegotiationToken(&resp);
 	return GSS_S_BAD_MECH;
     }
 
@@ -445,16 +440,16 @@ spnego_reply
 
     HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
 
-    if (resp.supportedMech) {
+    if (resp.u.negTokenResp.supportedMech) {
 
 	if (ctx->oidlen) {
-	    free_NegTokenResp(&resp);
+	    free_NegotiationToken(&resp);
 	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 	    return GSS_S_BAD_MECH;
 	}
 	ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1,
 			  sizeof(ctx->oidbuf),
-			  resp.supportedMech,
+			  resp.u.negTokenResp.supportedMech,
 			  &ctx->oidlen);
 	/* Avoid recursively embedded SPNEGO */
 	if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length &&
@@ -462,7 +457,7 @@ spnego_reply
 			   GSS_SPNEGO_MECHANISM->elements,
 			   ctx->oidlen) == 0))
 	{
-	    free_NegTokenResp(&resp);
+	    free_NegotiationToken(&resp);
 	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 	    return GSS_S_BAD_MECH;
 	}
@@ -478,19 +473,19 @@ spnego_reply
 	    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
 	}
     } else if (ctx->oidlen == 0) {
-	free_NegTokenResp(&resp);
+	free_NegotiationToken(&resp);
 	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 	return GSS_S_BAD_MECH;
     }
 
     /* if a token (of non zero length), or no context, pass to underlaying mech */
-    if ((resp.responseToken != NULL && resp.responseToken->length) ||
+    if ((resp.u.negTokenResp.responseToken != NULL && resp.u.negTokenResp.responseToken->length) ||
 	ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
 	gss_buffer_desc mech_input_token;
 
-	if (resp.responseToken) {
-	    mech_input_token.length = resp.responseToken->length;
-	    mech_input_token.value  = resp.responseToken->data;
+	if (resp.u.negTokenResp.responseToken) {
+	    mech_input_token.length = resp.u.negTokenResp.responseToken->length;
+	    mech_input_token.value  = resp.u.negTokenResp.responseToken->data;
 	} else {
 	    mech_input_token.length = 0;
 	    mech_input_token.value = NULL;
@@ -518,7 +513,7 @@ spnego_reply
 				   &ctx->mech_time_rec);
 	if (GSS_ERROR(ret)) {
 	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegTokenResp(&resp);
+	    free_NegotiationToken(&resp);
 	    gss_mg_collect_error(&mech, ret, minor);
 	    *minor_status = minor;
 	    return ret;
@@ -526,12 +521,12 @@ spnego_reply
 	if (ret == GSS_S_COMPLETE) {
 	    ctx->open = 1;
 	}
-    } else if (*(resp.negResult) == accept_completed) {
+    } else if (*(resp.u.negTokenResp.negResult) == accept_completed) {
 	if (ctx->maybe_open)
 	    ctx->open = 1;
     }
 
-    if (*(resp.negResult) == request_mic) {
+    if (*(resp.u.negTokenResp.negResult) == request_mic) {
 	ctx->require_mic = 1;
     }
 
@@ -540,14 +535,14 @@ spnego_reply
 	 * Verify the mechListMIC if one was provided or CFX was
 	 * used and a non-preferred mechanism was selected
 	 */
-	if (resp.mechListMIC != NULL) {
+	if (resp.u.negTokenResp.mechListMIC != NULL) {
 	    require_mic = 1;
 	} else {
 	    ret = _gss_spnego_require_mechlist_mic(minor_status, ctx,
 						   &require_mic);
 	    if (ret) {
 		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		free_NegTokenResp(&resp);
+		free_NegotiationToken(&resp);
 		gss_release_buffer(&minor, &mech_output_token);
 		return ret;
 	    }
@@ -561,7 +556,7 @@ spnego_reply
 			   &ctx->initiator_mech_types, &buf_len, ret);
 	if (ret) {
 	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegTokenResp(&resp);
+	    free_NegotiationToken(&resp);
 	    gss_release_buffer(&minor, &mech_output_token);
 	    *minor_status = ret;
 	    return GSS_S_FAILURE;
@@ -569,15 +564,15 @@ spnego_reply
 	if (mech_buf.length != buf_len)
 	    abort();
 
-	if (resp.mechListMIC == NULL) {
+	if (resp.u.negTokenResp.mechListMIC == NULL) {
 	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 	    free(mech_buf.value);
-	    free_NegTokenResp(&resp);
+	    free_NegotiationToken(&resp);
 	    *minor_status = 0;
 	    return GSS_S_DEFECTIVE_TOKEN;
 	}
-	mic_buf.length = resp.mechListMIC->length;
-	mic_buf.value  = resp.mechListMIC->data;
+	mic_buf.length = resp.u.negTokenResp.mechListMIC->length;
+	mic_buf.value  = resp.u.negTokenResp.mechListMIC->data;
 
 	if (mech_output_token.length == 0) {
 	    ret = gss_verify_mic(minor_status,
@@ -589,7 +584,7 @@ spnego_reply
 		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 		free(mech_buf.value);
 		gss_release_buffer(&minor, &mech_output_token);
-		free_NegTokenResp(&resp);
+		free_NegotiationToken(&resp);
 		return GSS_S_DEFECTIVE_TOKEN;
 	    }
 	    ctx->verified_mic = 1;
@@ -604,7 +599,7 @@ spnego_reply
     if (mech_buf.value != NULL)
 	free(mech_buf.value);
 
-    free_NegTokenResp(&resp);
+    free_NegotiationToken(&resp);
     gss_release_buffer(&minor, &mech_output_token);
 
     if (actual_mech_type)
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index 8344e750ae..44fa8b117d 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -35,9 +35,7 @@
 #ifndef SPNEGO_LOCL_H
 #define SPNEGO_LOCL_H
 
-#ifdef HAVE_CONFIG_H
 #include <config.h>
-#endif
 
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -50,8 +48,9 @@
 #include <pthread.h>
 #endif
 
-#include <gssapi/gssapi_spnego.h>
 #include <gssapi.h>
+#include <gssapi_krb5.h>
+#include <gssapi_spnego.h>
 #include <assert.h>
 #include <stdlib.h>
 #include <string.h>
@@ -67,7 +66,7 @@
 #include <gssapi_mech.h>
 
 #include "spnego_asn1.h"
-#include "mech/utils.h"
+#include "utils.h"
 #include <der.h>
 
 #include <roken.h>
@@ -109,6 +108,6 @@ typedef struct {
 extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
 extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;
 
-#include <spnego/spnego-private.h>
+#include <spnego-private.h>
 
 #endif /* SPNEGO_LOCL_H */