summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h49
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h7
-rw-r--r--source4/heimdal/lib/gssapi/gssapi_mech.h62
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c1
-rw-r--r--source4/heimdal/lib/gssapi/krb5/import_sec_context.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c18
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mo.c2
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid.c7
-rw-r--r--source4/heimdal/lib/gssapi/version-script.map6
9 files changed, 152 insertions, 2 deletions
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index c67b0a80d7..caa1af8b3a 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -989,6 +989,55 @@ gss_display_mech_attr(OM_uint32 * minor_status,
gss_buffer_t short_desc,
gss_buffer_t long_desc);
+/*
+ * Naming extensions
+ */
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_OID, /* display_as_name_type */
+ gss_buffer_t /* display_name */
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_name (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int *, /* name_is_MN */
+ gss_OID *, /* MN_mech */
+ gss_buffer_set_t * /* attrs */
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_name_attribute (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t, /* attr */
+ int *, /* authenticated */
+ int *, /* complete */
+ gss_buffer_t, /* value */
+ gss_buffer_t, /* display_value */
+ int * /* more */
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_name_attribute (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int, /* complete */
+ gss_buffer_t, /* attr */
+ gss_buffer_t /* value */
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_name_attribute (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* attr */
+ );
+
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* exp_composite_name */
+ );
/*
*
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
index af7a583344..e7b56dc7d4 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h
@@ -125,6 +125,13 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc;
#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc)
+/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_win2k_pac_x_oid_desc;
+#define GSS_C_INQ_WIN2K_PAC_X (&__gss_c_inq_win2k_pac_x_oid_desc)
+
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_sspi_session_key_oid_desc;
+#define GSS_C_INQ_SSPI_SESSION_KEY (&__gss_c_inq_sspi_session_key_oid_desc)
+
/*
* "Standard" mechs
*/
diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h
index b06e60a82f..1431dbcee6 100644
--- a/source4/heimdal/lib/gssapi/gssapi_mech.h
+++ b/source4/heimdal/lib/gssapi/gssapi_mech.h
@@ -393,8 +393,62 @@ _gss_cred_label_get_t(OM_uint32 * /* minor_status */,
const char * /* label */,
gss_buffer_t /* value */);
+typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_OID, /* display_as_name_type */
+ gss_buffer_t /* display_name */
+ );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_name_t (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int *, /* name_is_MN */
+ gss_OID *, /* MN_mech */
+ gss_buffer_set_t * /* attrs */
+ );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_get_name_attribute_t (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t, /* attr */
+ int *, /* authenticated */
+ int *, /* complete */
+ gss_buffer_t, /* value */
+ gss_buffer_t, /* display_value */
+ int * /* more */
+ );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_set_name_attribute_t (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int, /* complete */
+ gss_buffer_t, /* attr */
+ gss_buffer_t /* value */
+ );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_name_attribute_t (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* attr */
+ );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t (
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* exp_composite_name */
+ );
+
+/*
+ *
+ */
+
typedef struct gss_mo_desc_struct gss_mo_desc;
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *);
+
+
struct gss_mo_desc_struct {
gss_OID option;
OM_uint32 flags;
@@ -407,7 +461,7 @@ struct gss_mo_desc_struct {
};
-#define GMI_VERSION 4
+#define GMI_VERSION 5
/* gm_flags */
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
@@ -467,6 +521,12 @@ typedef struct gssapi_mech_interface_desc {
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
+ _gss_display_name_ext_t *gm_display_name_ext;
+ _gss_inquire_name_t *gm_inquire_name;
+ _gss_get_name_attribute_t *gm_get_name_attribute;
+ _gss_set_name_attribute_t *gm_set_name_attribute;
+ _gss_delete_name_attribute_t *gm_delete_name_attribute;
+ _gss_export_name_composite_t *gm_export_name_composite;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 0e8fbe8376..a5e9d054c4 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -99,6 +99,7 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor)
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
case ETYPE_DES3_CBC_MD5:
+ case ETYPE_OLD_DES3_CBC_SHA1:
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c
index c873da9ba9..3bab1802b3 100644
--- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c
@@ -202,6 +202,8 @@ _gsskrb5_import_sec_context (
krb5_storage_free (sp);
+ _gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0);
+
*context_handle = (gss_ctx_id_t)ctx;
return GSS_S_COMPLETE;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index a68d345e30..f7f75c13f9 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -242,6 +242,8 @@ _gss_load_mech(void)
rk_cloexec_file(fp);
while (fgets(buf, sizeof(buf), fp)) {
+ _gss_mo_init *mi;
+
if (*buf == '#')
continue;
p = buf;
@@ -341,6 +343,22 @@ _gss_load_mech(void)
OPTSYM(wrap_iov);
OPTSYM(unwrap_iov);
OPTSYM(wrap_iov_length);
+ OPTSYM(display_name_ext);
+ OPTSYM(inquire_name);
+ OPTSYM(get_name_attribute);
+ OPTSYM(set_name_attribute);
+ OPTSYM(delete_name_attribute);
+ OPTSYM(export_name_composite);
+
+ mi = dlsym(so, "gss_mo_init");
+ if (mi != NULL) {
+ major_status = mi(&minor_status,
+ &mech_oid,
+ &m->gm_mech.gm_mo,
+ &m->gm_mech.gm_mo_num);
+ if (GSS_ERROR(major_status))
+ goto bad;
+ }
HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
continue;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c
index 31235f54d5..cb24b764a5 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mo.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c
@@ -374,7 +374,7 @@ gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
return major;
add_all_mo(m, mech_attr, GSS_MO_MA);
- }
+ }
if (known_mech_attrs) {
struct _gss_mech_switch *m;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c
index 0bd016cd44..bac97cacd0 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c
@@ -118,6 +118,12 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc =
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
+/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" };
+
+/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" };
+
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
@@ -251,3 +257,4 @@ struct _gss_oid_name_table _gss_ont_mech[] = {
{ GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" },
{ NULL }
};
+
diff --git a/source4/heimdal/lib/gssapi/version-script.map b/source4/heimdal/lib/gssapi/version-script.map
index 087b29a500..7591121333 100644
--- a/source4/heimdal/lib/gssapi/version-script.map
+++ b/source4/heimdal/lib/gssapi/version-script.map
@@ -23,16 +23,20 @@ HEIMDAL_GSS_2.0 {
gss_create_empty_buffer_set;
gss_create_empty_oid_set;
gss_decapsulate_token;
+ gss_delete_name_attribute;
gss_delete_sec_context;
gss_display_name;
+ gss_display_name_ext;
gss_display_status;
gss_duplicate_name;
gss_duplicate_oid;
gss_encapsulate_token;
gss_export_cred;
gss_export_name;
+ gss_export_name_composite;
gss_export_sec_context;
gss_get_mic;
+ gss_get_name_attribute;
gss_import_cred;
gss_import_name;
gss_import_sec_context;
@@ -43,6 +47,7 @@ HEIMDAL_GSS_2.0 {
gss_inquire_cred_by_mech;
gss_inquire_cred_by_oid;
gss_inquire_mechs_for_name;
+ gss_inquire_name;
gss_inquire_names_for_mech;
gss_inquire_sec_context_by_oid;
gss_inquire_sec_context_by_oid;
@@ -67,6 +72,7 @@ HEIMDAL_GSS_2.0 {
gss_release_oid_set;
gss_seal;
gss_set_cred_option;
+ gss_set_name_attribute;
gss_set_sec_context_option;
gss_sign;
gss_test_oid_set_member;