diff options
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r-- | source4/heimdal/lib/gssapi/gssapi/gssapi.h | 49 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h | 7 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/gssapi_mech.h | 62 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 1 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/import_sec_context.c | 2 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 18 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_mo.c | 2 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/mech/gss_oid.c | 7 | ||||
-rw-r--r-- | source4/heimdal/lib/gssapi/version-script.map | 6 |
9 files changed, 152 insertions, 2 deletions
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index c67b0a80d7..caa1af8b3a 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -989,6 +989,55 @@ gss_display_mech_attr(OM_uint32 * minor_status, gss_buffer_t short_desc, gss_buffer_t long_desc); +/* + * Naming extensions + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_OID, /* display_as_name_type */ + gss_buffer_t /* display_name */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_name ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int *, /* name_is_MN */ + gss_OID *, /* MN_mech */ + gss_buffer_set_t * /* attrs */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t, /* attr */ + int *, /* authenticated */ + int *, /* complete */ + gss_buffer_t, /* value */ + gss_buffer_t, /* display_value */ + int * /* more */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int, /* complete */ + gss_buffer_t, /* attr */ + gss_buffer_t /* value */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* attr */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* exp_composite_name */ + ); /* * diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h index af7a583344..e7b56dc7d4 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h @@ -125,6 +125,13 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc; #define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc) +/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_win2k_pac_x_oid_desc; +#define GSS_C_INQ_WIN2K_PAC_X (&__gss_c_inq_win2k_pac_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_sspi_session_key_oid_desc; +#define GSS_C_INQ_SSPI_SESSION_KEY (&__gss_c_inq_sspi_session_key_oid_desc) + /* * "Standard" mechs */ diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h index b06e60a82f..1431dbcee6 100644 --- a/source4/heimdal/lib/gssapi/gssapi_mech.h +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -393,8 +393,62 @@ _gss_cred_label_get_t(OM_uint32 * /* minor_status */, const char * /* label */, gss_buffer_t /* value */); +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_OID, /* display_as_name_type */ + gss_buffer_t /* display_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_name_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int *, /* name_is_MN */ + gss_OID *, /* MN_mech */ + gss_buffer_set_t * /* attrs */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_get_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t, /* attr */ + int *, /* authenticated */ + int *, /* complete */ + gss_buffer_t, /* value */ + gss_buffer_t, /* display_value */ + int * /* more */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int, /* complete */ + gss_buffer_t, /* attr */ + gss_buffer_t /* value */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* attr */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* exp_composite_name */ + ); + +/* + * + */ + typedef struct gss_mo_desc_struct gss_mo_desc; +typedef OM_uint32 GSSAPI_CALLCONV +_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *); + + struct gss_mo_desc_struct { gss_OID option; OM_uint32 flags; @@ -407,7 +461,7 @@ struct gss_mo_desc_struct { }; -#define GMI_VERSION 4 +#define GMI_VERSION 5 /* gm_flags */ #define GM_USE_MG_CRED 1 /* uses mech glue credentials */ @@ -467,6 +521,12 @@ typedef struct gssapi_mech_interface_desc { _gss_cred_label_set_t *gm_cred_label_set; gss_mo_desc *gm_mo; size_t gm_mo_num; + _gss_display_name_ext_t *gm_display_name_ext; + _gss_inquire_name_t *gm_inquire_name; + _gss_get_name_attribute_t *gm_get_name_attribute; + _gss_set_name_attribute_t *gm_set_name_attribute; + _gss_delete_name_attribute_t *gm_delete_name_attribute; + _gss_export_name_composite_t *gm_export_name_composite; } gssapi_mech_interface_desc, *gssapi_mech_interface; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 0e8fbe8376..a5e9d054c4 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -99,6 +99,7 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor) case ETYPE_DES_CBC_MD4: case ETYPE_DES_CBC_MD5: case ETYPE_DES3_CBC_MD5: + case ETYPE_OLD_DES3_CBC_SHA1: case ETYPE_DES3_CBC_SHA1: case ETYPE_ARCFOUR_HMAC_MD5: case ETYPE_ARCFOUR_HMAC_MD5_56: diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c index c873da9ba9..3bab1802b3 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -202,6 +202,8 @@ _gsskrb5_import_sec_context ( krb5_storage_free (sp); + _gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0); + *context_handle = (gss_ctx_id_t)ctx; return GSS_S_COMPLETE; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index a68d345e30..f7f75c13f9 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -242,6 +242,8 @@ _gss_load_mech(void) rk_cloexec_file(fp); while (fgets(buf, sizeof(buf), fp)) { + _gss_mo_init *mi; + if (*buf == '#') continue; p = buf; @@ -341,6 +343,22 @@ _gss_load_mech(void) OPTSYM(wrap_iov); OPTSYM(unwrap_iov); OPTSYM(wrap_iov_length); + OPTSYM(display_name_ext); + OPTSYM(inquire_name); + OPTSYM(get_name_attribute); + OPTSYM(set_name_attribute); + OPTSYM(delete_name_attribute); + OPTSYM(export_name_composite); + + mi = dlsym(so, "gss_mo_init"); + if (mi != NULL) { + major_status = mi(&minor_status, + &mech_oid, + &m->gm_mech.gm_mo, + &m->gm_mech.gm_mo_num); + if (GSS_ERROR(major_status)) + goto bad; + } HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); continue; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c index 31235f54d5..cb24b764a5 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mo.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c @@ -374,7 +374,7 @@ gss_inquire_attrs_for_mech(OM_uint32 * minor_status, return major; add_all_mo(m, mech_attr, GSS_MO_MA); - } + } if (known_mech_attrs) { struct _gss_mech_switch *m; diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c index 0bd016cd44..bac97cacd0 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c @@ -118,6 +118,12 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = /* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" }; +/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" }; + +/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" }; + /* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; @@ -251,3 +257,4 @@ struct _gss_oid_name_table _gss_ont_mech[] = { { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" }, { NULL } }; + diff --git a/source4/heimdal/lib/gssapi/version-script.map b/source4/heimdal/lib/gssapi/version-script.map index 087b29a500..7591121333 100644 --- a/source4/heimdal/lib/gssapi/version-script.map +++ b/source4/heimdal/lib/gssapi/version-script.map @@ -23,16 +23,20 @@ HEIMDAL_GSS_2.0 { gss_create_empty_buffer_set; gss_create_empty_oid_set; gss_decapsulate_token; + gss_delete_name_attribute; gss_delete_sec_context; gss_display_name; + gss_display_name_ext; gss_display_status; gss_duplicate_name; gss_duplicate_oid; gss_encapsulate_token; gss_export_cred; gss_export_name; + gss_export_name_composite; gss_export_sec_context; gss_get_mic; + gss_get_name_attribute; gss_import_cred; gss_import_name; gss_import_sec_context; @@ -43,6 +47,7 @@ HEIMDAL_GSS_2.0 { gss_inquire_cred_by_mech; gss_inquire_cred_by_oid; gss_inquire_mechs_for_name; + gss_inquire_name; gss_inquire_names_for_mech; gss_inquire_sec_context_by_oid; gss_inquire_sec_context_by_oid; @@ -67,6 +72,7 @@ HEIMDAL_GSS_2.0 { gss_release_oid_set; gss_seal; gss_set_cred_option; + gss_set_name_attribute; gss_set_sec_context_option; gss_sign; gss_test_oid_set_member; |