summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-01-12 18:16:45 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-03-27 11:51:27 +1100
commit89eaef025376339ef25d07cdc4748920fceaa968 (patch)
treef514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/lib/gssapi
parentfac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
downloadsamba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz
samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2
samba-89eaef025376339ef25d07cdc4748920fceaa968.zip
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h7
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h16
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c18
-rw-r--r--source4/heimdal/lib/gssapi/krb5/acquire_cred.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/init_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c6
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_aeap.c3
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c39
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego_locl.h4
9 files changed, 61 insertions, 38 deletions
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index 6052ec8134..730737a46a 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -45,10 +45,12 @@
#ifndef BUILD_GSSAPI_LIB
#if defined(_WIN32)
-#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
+#define GSSAPI_LIB_FUNCTION __declspec(dllimport)
+#define GSSAPI_LIB_CALL __stdcall
#define GSSAPI_LIB_VARIABLE __declspec(dllimport)
#else
#define GSSAPI_LIB_FUNCTION
+#define GSSAPI_LIB_CALL
#define GSSAPI_LIB_VARIABLE
#endif
#endif
@@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES;
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 * /* minor_status */,
- gss_OID /* attribute */,
+ const gss_ctx_id_t /* context_handle */,
+ const gss_OID /* attribute */,
void * /*data*/,
size_t /* len */);
/*
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
index 4d004d90b5..1b91bbbb84 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
@@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
const char ** /*out_name */);
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
- (const char */*identity*/);
+ (const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
- (const char */*identity*/);
+ (const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
- (OM_uint32 */*minor*/,
+ (OM_uint32 * /*minor*/,
gss_cred_id_t /*cred*/,
- struct krb5_ccache_data */*out*/);
+ struct krb5_ccache_data * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION
-gss_krb5_import_cred(OM_uint32 */*minor*/,
+gss_krb5_import_cred(OM_uint32 * /*minor*/,
struct krb5_ccache_data * /*in*/,
struct Principal * /*keytab_principal*/,
struct krb5_keytab_data * /*keytab*/,
- gss_cred_id_t */*out*/);
+ gss_cred_id_t * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
- (OM_uint32 */*minor*/,
+ (OM_uint32 * /*minor*/,
gss_ctx_id_t /*context_handle*/,
- OM_uint32 */*tkt_flags*/);
+ OM_uint32 * /*tkt_flags*/);
OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 355d1c4332..e3ba189b36 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
int32_t seq_number;
int is_cfx = 0;
- krb5_auth_getremoteseqnumber (context,
- ctx->auth_context,
- &seq_number);
+ krb5_auth_con_getremoteseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
_gsskrb5i_is_cfx(context, ctx, 1);
is_cfx = (ctx->more_flags & IS_CFX);
@@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
- kret = krb5_auth_getremoteseqnumber(context,
- ctx->auth_context,
- &r_seq_number);
+ kret = krb5_auth_con_getremoteseqnumber(context,
+ ctx->auth_context,
+ &r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
@@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{
int32_t tmp_r_seq_number, tmp_l_seq_number;
- kret = krb5_auth_getremoteseqnumber(context,
- ctx->auth_context,
- &tmp_r_seq_number);
+ kret = krb5_auth_con_getremoteseqnumber(context,
+ ctx->auth_context,
+ &tmp_r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
index 696171dcfa..7e448dcfb2 100644
--- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c
@@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
if (desired_name != GSS_C_NO_NAME) {
- ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
+ ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
desired_name, &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 7f84efe354..fd9934a9e4 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
krb5_cc_close(context, ctx->ccache);
ctx->ccache = NULL;
- krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
+ krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
_gsskrb5i_is_cfx(context, ctx, 0);
is_cfx = (ctx->more_flags & IS_CFX);
@@ -782,7 +782,7 @@ repl_mutual
* for the gss_wrap calls.
*/
- krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
+ krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
index ce01e666fa..e0b5553928 100644
--- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
if (ret) goto out;
- krb5_auth_getremoteseqnumber (context,
- context_handle->auth_context,
- &number);
+ krb5_auth_con_getremoteseqnumber (context,
+ context_handle->auth_context,
+ &number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
diff --git a/source4/heimdal/lib/gssapi/mech/gss_aeap.c b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
index 9a1835a039..ee0113d6d3 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_aeap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_aeap.c
@@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES =
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 *minor_status,
- gss_OID attribute,
+ const gss_ctx_id_t context_handle,
+ const gss_OID attribute,
void *data,
size_t len)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index d060badfe1..5fc41d9954 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
if (mech == NULL)
return 0;
- m = malloc(sizeof(*m));
+ m = calloc(1, sizeof(*m));
if (m == NULL)
- return 1;
+ return ENOMEM;
m->gm_so = NULL;
m->gm_mech = *mech;
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
@@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
/* pick up the oid sets of names */
- if (m->gm_mech.gm_inquire_names_for_mech) {
+ if (m->gm_mech.gm_inquire_names_for_mech)
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
&m->gm_mech.gm_mech_oid, &m->gm_name_types);
- } else {
+
+ if (m->gm_name_types == NULL)
gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
- }
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
return 0;
@@ -211,6 +211,8 @@ _gss_load_mech(void)
char *name, *oid, *lib, *kobj;
struct _gss_mech_switch *m;
void *so;
+ gss_OID_desc mech_oid;
+ int found;
HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
@@ -253,6 +255,23 @@ _gss_load_mech(void)
if (!name || !oid || !lib || !kobj)
continue;
+ if (_gss_string_to_oid(oid, &mech_oid))
+ continue;
+
+ /*
+ * Check for duplicates, already loaded mechs.
+ */
+ found = 0;
+ SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+ if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
+ found = 1;
+ free(mech_oid.elements);
+ break;
+ }
+ }
+ if (found)
+ continue;
+
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif
@@ -260,17 +279,17 @@ _gss_load_mech(void)
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
if (!so) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
+ free(mech_oid.elements);
continue;
}
m = malloc(sizeof(*m));
- if (!m)
+ if (!m) {
+ free(mech_oid.elements);
break;
- m->gm_so = so;
- if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
- free(m);
- continue;
}
+ m->gm_so = so;
+ m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0;
major_status = gss_add_oid_set_member(&minor_status,
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index e8cad14881..dacaa3310e 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -44,6 +44,8 @@
#include <sys/param.h>
#endif
+#include <roken.h>
+
#ifdef HAVE_PTHREAD_H
#include <pthread.h>
#endif
@@ -69,8 +71,6 @@
#include "utils.h"
#include <der.h>
-#include <roken.h>
-
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
typedef struct {