diff options
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r-- | source4/heimdal/lib/gssapi/gssapi/gssapi.h | 7 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 16 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 18 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 2 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 4 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c | 6 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_aeap.c | 3 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 39 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 4 |
9 files changed, 61 insertions, 38 deletions
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index 6052ec8134..730737a46a 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -45,10 +45,12 @@ #ifndef BUILD_GSSAPI_LIB #if defined(_WIN32) -#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport) +#define GSSAPI_LIB_FUNCTION __declspec(dllimport) +#define GSSAPI_LIB_CALL __stdcall #define GSSAPI_LIB_VARIABLE __declspec(dllimport) #else #define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_CALL #define GSSAPI_LIB_VARIABLE #endif #endif @@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES; OM_uint32 GSSAPI_LIB_FUNCTION gss_context_query_attributes(OM_uint32 * /* minor_status */, - gss_OID /* attribute */, + const gss_ctx_id_t /* context_handle */, + const gss_OID /* attribute */, void * /*data*/, size_t /* len */); /* diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 4d004d90b5..1b91bbbb84 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, const char ** /*out_name */); OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity - (const char */*identity*/); + (const char * /*identity*/); OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity - (const char */*identity*/); + (const char * /*identity*/); OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache - (OM_uint32 */*minor*/, + (OM_uint32 * /*minor*/, gss_cred_id_t /*cred*/, - struct krb5_ccache_data */*out*/); + struct krb5_ccache_data * /*out*/); OM_uint32 GSSAPI_LIB_FUNCTION -gss_krb5_import_cred(OM_uint32 */*minor*/, +gss_krb5_import_cred(OM_uint32 * /*minor*/, struct krb5_ccache_data * /*in*/, struct Principal * /*keytab_principal*/, struct krb5_keytab_data * /*keytab*/, - gss_cred_id_t */*out*/); + gss_cred_id_t * /*out*/); OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags - (OM_uint32 */*minor*/, + (OM_uint32 * /*minor*/, gss_ctx_id_t /*context_handle*/, - OM_uint32 */*tkt_flags*/); + OM_uint32 * /*tkt_flags*/); OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_authz_data_from_sec_context diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 355d1c4332..e3ba189b36 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, int32_t seq_number; int is_cfx = 0; - krb5_auth_getremoteseqnumber (context, - ctx->auth_context, - &seq_number); + krb5_auth_con_getremoteseqnumber (context, + ctx->auth_context, + &seq_number); _gsskrb5i_is_cfx(context, ctx, 1); is_cfx = (ctx->more_flags & IS_CFX); @@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, return GSS_S_FAILURE; } - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; @@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { int32_t tmp_r_seq_number, tmp_l_seq_number; - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &tmp_r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &tmp_r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index 696171dcfa..7e448dcfb2 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_name != GSS_C_NO_NAME) { - ret = _gsskrb5_canon_name(minor_status, context, 0, NULL, + ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, desired_name, &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 7f84efe354..fd9934a9e4 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -255,7 +255,7 @@ gsskrb5_initiator_ready( krb5_cc_close(context, ctx->ccache); ctx->ccache = NULL; - krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); + krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number); _gsskrb5i_is_cfx(context, ctx, 0); is_cfx = (ctx->more_flags & IS_CFX); @@ -782,7 +782,7 @@ repl_mutual * for the gss_wrap calls. */ - krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq); + krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq); krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index ce01e666fa..e0b5553928 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); if (ret) goto out; - krb5_auth_getremoteseqnumber (context, - context_handle->auth_context, - &number); + krb5_auth_con_getremoteseqnumber (context, + context_handle->auth_context, + &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); diff --git a/source4/heimdal/lib/gssapi/mech/gss_aeap.c b/source4/heimdal/lib/gssapi/mech/gss_aeap.c index 9a1835a039..ee0113d6d3 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_aeap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_aeap.c @@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES = OM_uint32 GSSAPI_LIB_FUNCTION gss_context_query_attributes(OM_uint32 *minor_status, - gss_OID attribute, + const gss_ctx_id_t context_handle, + const gss_OID attribute, void *data, size_t len) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index d060badfe1..5fc41d9954 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech) if (mech == NULL) return 0; - m = malloc(sizeof(*m)); + m = calloc(1, sizeof(*m)); if (m == NULL) - return 1; + return ENOMEM; m->gm_so = NULL; m->gm_mech = *mech; m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ @@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech) /* pick up the oid sets of names */ - if (m->gm_mech.gm_inquire_names_for_mech) { + if (m->gm_mech.gm_inquire_names_for_mech) (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, &m->gm_mech.gm_mech_oid, &m->gm_name_types); - } else { + + if (m->gm_name_types == NULL) gss_create_empty_oid_set(&minor_status, &m->gm_name_types); - } SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); return 0; @@ -211,6 +211,8 @@ _gss_load_mech(void) char *name, *oid, *lib, *kobj; struct _gss_mech_switch *m; void *so; + gss_OID_desc mech_oid; + int found; HEIMDAL_MUTEX_lock(&_gss_mech_mutex); @@ -253,6 +255,23 @@ _gss_load_mech(void) if (!name || !oid || !lib || !kobj) continue; + if (_gss_string_to_oid(oid, &mech_oid)) + continue; + + /* + * Check for duplicates, already loaded mechs. + */ + found = 0; + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) { + found = 1; + free(mech_oid.elements); + break; + } + } + if (found) + continue; + #ifndef RTLD_LOCAL #define RTLD_LOCAL 0 #endif @@ -260,17 +279,17 @@ _gss_load_mech(void) so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); if (!so) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ + free(mech_oid.elements); continue; } m = malloc(sizeof(*m)); - if (!m) + if (!m) { + free(mech_oid.elements); break; - m->gm_so = so; - if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) { - free(m); - continue; } + m->gm_so = so; + m->gm_mech.gm_mech_oid = mech_oid; m->gm_mech.gm_flags = 0; major_status = gss_add_oid_set_member(&minor_status, diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index e8cad14881..dacaa3310e 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -44,6 +44,8 @@ #include <sys/param.h> #endif +#include <roken.h> + #ifdef HAVE_PTHREAD_H #include <pthread.h> #endif @@ -69,8 +71,6 @@ #include "utils.h" #include <der.h> -#include <roken.h> - #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) typedef struct { |