r19644: Merge up to current lorikeet-heimdal, incling adding

gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
author: Andrew Bartlett <abartlet@samba.org> 2006-11-09 00:33:43 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 14:25:24 -0500
commit: ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4 (patch)
tree: 5511351e20b0ac0c7489a2ac1f5f2b9973a6baec /source4/heimdal/lib/gssapi
parent: a779d288a84bc64393f64798006a06432f3a6197 (diff)
download: samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.tar.gz
samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.tar.bz2
samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.zip
5 files changed, 100 insertions, 22 deletions
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
index 67a9a12bfe..f06a994008 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE. 
  */
 
-/* $Id: gssapi_krb5.h,v 1.12 2006/11/05 00:06:09 lha Exp $ */
+/* $Id: gssapi_krb5.h,v 1.14 2006/11/08 23:01:01 lha Exp $ */
 
 #ifndef GSSAPI_KRB5_H_
 #define GSSAPI_KRB5_H_
@@ -64,6 +64,7 @@ extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
 extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
 extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
 extern gss_OID GSS_KRB5_SEND_TO_KDC_X;
+extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
 /* Extensions inquire context */
 extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
 extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
@@ -130,6 +131,9 @@ OM_uint32
 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
 
 OM_uint32
+gsskrb5_set_default_realm(const char *);
+
+OM_uint32
 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
 
 struct EncryptionKey;
diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
index 99aa2ccb43..91d21a1aec 100644
--- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
+++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska HÃ¶gskolan
+ * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include "krb5/gsskrb5_locl.h"
 
-RCSID("$Id: copy_ccache.c,v 1.15 2006/10/07 22:14:22 lha Exp $");
+RCSID("$Id: copy_ccache.c,v 1.16 2006/11/08 02:42:50 lha Exp $");
 
 #if 0
 OM_uint32
@@ -188,4 +188,3 @@ out:
     *minor_status = kret;
     return GSS_S_FAILURE;
 }
-
diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c
index ece03ddf57..0681bd4038 100644
--- a/source4/heimdal/lib/gssapi/krb5/external.c
+++ b/source4/heimdal/lib/gssapi/krb5/external.c
@@ -34,7 +34,7 @@
 #include "krb5/gsskrb5_locl.h"
 #include <gssapi_mech.h>
 
-RCSID("$Id: external.c,v 1.21 2006/11/07 21:05:03 lha Exp $");
+RCSID("$Id: external.c,v 1.22 2006/11/08 23:00:20 lha Exp $");
 
 /*
  * The implementation must reserve static storage for a
@@ -352,6 +352,13 @@ static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
 
 gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
 
+/* 1.2.752.43.13.15 */
+static gss_OID_desc gss_krb5_set_default_realm_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
+
+gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc;
+
+
 /* 1.2.752.43.14.1 */
 static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
index fb098679b2..dc1495efc1 100644
--- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
@@ -36,7 +36,7 @@
 
 #include "krb5/gsskrb5_locl.h"
 
-RCSID("$Id: set_sec_context_option.c,v 1.7 2006/11/04 03:01:14 lha Exp $");
+RCSID("$Id: set_sec_context_option.c,v 1.8 2006/11/08 23:06:42 lha Exp $");
 
 static OM_uint32
 get_bool(OM_uint32 *minor_status,
@@ -120,6 +120,27 @@ _gsskrb5_set_sec_context_option
 	*minor_status = 0;
 	return GSS_S_COMPLETE;
 
+    } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
+	char *str;
+
+	if (value == NULL || value->length == 0) {
+	    *minor_status = 0;
+	    return GSS_S_CALL_INACCESSIBLE_READ;
+	}
+	str = malloc(value->length + 1);
+	if (str) {
+	    *minor_status = 0;
+	    return GSS_S_UNAVAILABLE;
+	}
+	memcpy(str, value->value, value->length);
+	str[value->length] = '\0';
+
+	krb5_set_default_realm(_gsskrb5_context, str);
+	free(str);
+
+	*minor_status = 0;
+	return GSS_S_COMPLETE;
+
     } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) {
 
 	if (value == NULL || value->length == 0) {
diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
index fd66fb04f5..34cdbeb3c1 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
@@ -27,11 +27,11 @@
  */
 
 #include "mech_locl.h"
-RCSID("$Id: gss_krb5.c,v 1.16 2006/11/07 14:41:35 lha Exp $");
+RCSID("$Id: gss_krb5.c,v 1.20 2006/11/08 23:11:03 lha Exp $");
 
 #include <krb5.h>
 #include <roken.h>
-#include "krb5/gsskrb5_locl.h"
+
 
 OM_uint32
 gss_krb5_copy_ccache(OM_uint32 *minor_status,
@@ -416,6 +416,24 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
     return GSS_S_COMPLETE;
 }
 
+/*
+ *
+ */
+
+OM_uint32
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 
+				gss_cred_id_t cred,
+				OM_uint32 num_enctypes,
+				krb5_enctype *enctypes)
+{
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
 OM_uint32
 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
 {
@@ -443,6 +461,10 @@ gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
     return (GSS_S_COMPLETE);
 }
 
+/*
+ *
+ */
+
 OM_uint32
 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 					  gss_ctx_id_t context_handle,
@@ -450,11 +472,8 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 {
     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
     OM_uint32 maj_stat;
-    krb5_error_code ret;
-    OM_uint32 time32;
 
     if (context_handle == GSS_C_NO_CONTEXT) {
-	_gsskrb5_set_status("no context handle");
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
     }
@@ -468,14 +487,12 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 	return maj_stat;
     
     if (data_set == GSS_C_NO_BUFFER_SET) {
-	_gsskrb5_set_status("no buffers returned");
 	gss_release_buffer_set(minor_status, &data_set);
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
     }
 
     if (data_set->count != 1) {
-	_gsskrb5_set_status("%d != 1 buffers returned", data_set->count);
 	gss_release_buffer_set(minor_status, &data_set);
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
@@ -483,26 +500,26 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 
     if (data_set->elements[0].length != 4) {
 	gss_release_buffer_set(minor_status, &data_set);
-	_gsskrb5_set_status("Error extracting authtime from security context: only got %d < 4 bytes",
-			    data_set->elements[0].length);
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
     }
 
-    ret = _gsskrb5_decode_om_uint32(data_set->elements[0].value, &time32);
-    if (ret) {
-	gss_release_buffer_set(minor_status, &data_set);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
+    {
+	unsigned char *buf = data_set->elements[0].value;
+	*authtime = (buf[3] <<24) | (buf[2] << 16) | 
+	    (buf[1] << 8) | (buf[0] << 0);
     }
-    *authtime = time32;
 
     gss_release_buffer_set(minor_status, &data_set);
-    
+
     *minor_status = 0;
     return GSS_S_COMPLETE;
 }
 
+/*
+ *
+ */
+
 OM_uint32
 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
 					    gss_ctx_id_t context_handle,
@@ -598,6 +615,10 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
     return GSS_S_COMPLETE;
 }
 
+/*
+ *
+ */
+
 static OM_uint32
 gsskrb5_extract_key(OM_uint32 *minor_status,
 		    gss_ctx_id_t context_handle,
@@ -668,6 +689,10 @@ out:
     return GSS_S_COMPLETE;
 }
 
+/*
+ *
+ */
+
 OM_uint32
 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
 				 gss_ctx_id_t context_handle,
@@ -700,3 +725,25 @@ gsskrb5_get_subkey(OM_uint32 *minor_status,
 			       GSS_KRB5_GET_SUBKEY_X,
 			       keyblock);
 }
+
+OM_uint32
+gsskrb5_set_default_realm(const char *realm)
+{
+        struct _gss_mech_switch	*m;
+	gss_buffer_desc buffer;
+	OM_uint32 junk;
+
+	_gss_load_mech();
+
+	buffer.value = rk_UNCONST(realm);
+	buffer.length = strlen(realm);
+
+	SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+		if (m->gm_mech.gm_set_sec_context_option == NULL)
+			continue;
+		m->gm_mech.gm_set_sec_context_option(&junk, NULL,
+		    GSS_KRB5_SET_DEFAULT_REALM_X, &buffer);
+	}
+
+	return (GSS_S_COMPLETE);
+}
author	Andrew Bartlett <abartlet@samba.org>	2006-11-09 00:33:43 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 14:25:24 -0500
commit	ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4 (patch)
tree	5511351e20b0ac0c7489a2ac1f5f2b9973a6baec /source4/heimdal/lib/gssapi
parent	a779d288a84bc64393f64798006a06432f3a6197 (diff)
download	samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.tar.gz samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.tar.bz2 samba-ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4.zip