summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi.h137
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h95
-rw-r--r--source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c75
-rw-r--r--source4/heimdal/lib/gssapi/krb5/delete_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/display_status.c4
-rw-r--r--source4/heimdal/lib/gssapi/krb5/external.c177
-rw-r--r--source4/heimdal/lib/gssapi/krb5/get_mic.c6
-rw-r--r--source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h11
-rw-r--r--source4/heimdal/lib/gssapi/krb5/import_sec_context.c8
-rw-r--r--source4/heimdal/lib/gssapi/krb5/init_sec_context.c272
-rw-r--r--source4/heimdal/lib/gssapi/krb5/set_cred_option.c2
-rw-r--r--source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c61
-rw-r--r--source4/heimdal/lib/gssapi/krb5/unwrap.c8
-rw-r--r--source4/heimdal/lib/gssapi/krb5/verify_mic.c6
-rw-r--r--source4/heimdal/lib/gssapi/krb5/wrap.c14
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_add_cred.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_buffer_set.c8
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_compare_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_context_time.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_display_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_display_status.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_export_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_get_mic.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_import_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_context.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_krb5.c91
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_mech_switch.c7
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_equal.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_process_context_token.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c69
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_release_buffer.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_release_cred.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_release_name.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_release_oid.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_seal.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_sign.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_unseal.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_unwrap.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_verify.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_verify_mic.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_wrap.c4
-rw-r--r--source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c4
-rw-r--r--source4/heimdal/lib/gssapi/spnego/accept_sec_context.c98
-rw-r--r--source4/heimdal/lib/gssapi/spnego/compat.c5
-rw-r--r--source4/heimdal/lib/gssapi/spnego/context_stubs.c32
-rw-r--r--source4/heimdal/lib/gssapi/spnego/cred_stubs.c22
-rw-r--r--source4/heimdal/lib/gssapi/spnego/external.c13
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego-private.h16
-rw-r--r--source4/heimdal/lib/gssapi/spnego/spnego_locl.h3
72 files changed, 962 insertions, 466 deletions
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
index fbc638c48f..63f66f7313 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */
+/* $Id: gssapi.h 23025 2008-04-17 10:01:57Z lha $ */
#ifndef GSSAPI_GSSAPI_H_
#define GSSAPI_GSSAPI_H_
@@ -43,6 +43,16 @@
#include <krb5-types.h>
+#ifndef BUILD_GSSAPI_LIB
+#if defined(_WIN32)
+#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
+#define GSSAPI_LIB_VARIABLE __declspec(dllimport)
+#else
+#define GSSAPI_LIB_FUNCTION
+#define GSSAPI_LIB_VARIABLE
+#endif
+#endif
+
/*
* Now define the three implementation-dependent types.
*/
@@ -210,7 +220,7 @@ extern "C" {
* GSS_C_NT_USER_NAME should be initialized to point
* to that gss_OID_desc.
*/
-extern gss_OID GSS_C_NT_USER_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_USER_NAME;
/*
* The implementation must reserve static storage for a
@@ -223,7 +233,7 @@ extern gss_OID GSS_C_NT_USER_NAME;
* The constant GSS_C_NT_MACHINE_UID_NAME should be
* initialized to point to that gss_OID_desc.
*/
-extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_MACHINE_UID_NAME;
/*
* The implementation must reserve static storage for a
@@ -236,7 +246,7 @@ extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
* The constant GSS_C_NT_STRING_UID_NAME should be
* initialized to point to that gss_OID_desc.
*/
-extern gss_OID GSS_C_NT_STRING_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_STRING_UID_NAME;
/*
* The implementation must reserve static storage for a
@@ -255,7 +265,7 @@ extern gss_OID GSS_C_NT_STRING_UID_NAME;
* parameter, but should not be emitted by GSS-API
* implementations
*/
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
/*
* The implementation must reserve static storage for a
@@ -268,7 +278,7 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
* to point to that gss_OID_desc.
*/
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE;
/*
* The implementation must reserve static storage for a
@@ -280,7 +290,7 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
* and GSS_C_NT_ANONYMOUS should be initialized to point
* to that gss_OID_desc.
*/
-extern gss_OID GSS_C_NT_ANONYMOUS;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_ANONYMOUS;
/*
* The implementation must reserve static storage for a
@@ -292,19 +302,19 @@ extern gss_OID GSS_C_NT_ANONYMOUS;
* GSS_C_NT_EXPORT_NAME should be initialized to point
* to that gss_OID_desc.
*/
-extern gss_OID GSS_C_NT_EXPORT_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_EXPORT_NAME;
/*
* Digest mechanism
*/
-extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
/*
* NTLM mechanism
*/
-extern gss_OID GSS_NTLM_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_NTLM_MECHANISM;
/* Major status codes */
@@ -387,7 +397,7 @@ extern gss_OID GSS_NTLM_MECHANISM;
* Finally, function prototypes for the GSS-API routines.
*/
-OM_uint32 gss_acquire_cred
+OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred
(OM_uint32 * /*minor_status*/,
const gss_name_t /*desired_name*/,
OM_uint32 /*time_req*/,
@@ -398,12 +408,12 @@ OM_uint32 gss_acquire_cred
OM_uint32 * /*time_rec*/
);
-OM_uint32 gss_release_cred
+OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred
(OM_uint32 * /*minor_status*/,
gss_cred_id_t * /*cred_handle*/
);
-OM_uint32 gss_init_sec_context
+OM_uint32 GSSAPI_LIB_FUNCTION gss_init_sec_context
(OM_uint32 * /*minor_status*/,
const gss_cred_id_t /*initiator_cred_handle*/,
gss_ctx_id_t * /*context_handle*/,
@@ -419,7 +429,7 @@ OM_uint32 gss_init_sec_context
OM_uint32 * /*time_rec*/
);
-OM_uint32 gss_accept_sec_context
+OM_uint32 GSSAPI_LIB_FUNCTION gss_accept_sec_context
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
const gss_cred_id_t /*acceptor_cred_handle*/,
@@ -433,25 +443,25 @@ OM_uint32 gss_accept_sec_context
gss_cred_id_t * /*delegated_cred_handle*/
);
-OM_uint32 gss_process_context_token
+OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
const gss_buffer_t /*token_buffer*/
);
-OM_uint32 gss_delete_sec_context
+OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
gss_buffer_t /*output_token*/
);
-OM_uint32 gss_context_time
+OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
OM_uint32 * /*time_rec*/
);
-OM_uint32 gss_get_mic
+OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
gss_qop_t /*qop_req*/,
@@ -459,7 +469,7 @@ OM_uint32 gss_get_mic
gss_buffer_t /*message_token*/
);
-OM_uint32 gss_verify_mic
+OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
const gss_buffer_t /*message_buffer*/,
@@ -467,7 +477,7 @@ OM_uint32 gss_verify_mic
gss_qop_t * /*qop_state*/
);
-OM_uint32 gss_wrap
+OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
@@ -477,7 +487,7 @@ OM_uint32 gss_wrap
gss_buffer_t /*output_message_buffer*/
);
-OM_uint32 gss_unwrap
+OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
const gss_buffer_t /*input_message_buffer*/,
@@ -486,7 +496,7 @@ OM_uint32 gss_unwrap
gss_qop_t * /*qop_state*/
);
-OM_uint32 gss_display_status
+OM_uint32 GSSAPI_LIB_FUNCTION gss_display_status
(OM_uint32 * /*minor_status*/,
OM_uint32 /*status_value*/,
int /*status_type*/,
@@ -495,54 +505,54 @@ OM_uint32 gss_display_status
gss_buffer_t /*status_string*/
);
-OM_uint32 gss_indicate_mechs
+OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs
(OM_uint32 * /*minor_status*/,
gss_OID_set * /*mech_set*/
);
-OM_uint32 gss_compare_name
+OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name
(OM_uint32 * /*minor_status*/,
const gss_name_t /*name1*/,
const gss_name_t /*name2*/,
int * /*name_equal*/
);
-OM_uint32 gss_display_name
+OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name
(OM_uint32 * /*minor_status*/,
const gss_name_t /*input_name*/,
gss_buffer_t /*output_name_buffer*/,
gss_OID * /*output_name_type*/
);
-OM_uint32 gss_import_name
+OM_uint32 GSSAPI_LIB_FUNCTION gss_import_name
(OM_uint32 * /*minor_status*/,
const gss_buffer_t /*input_name_buffer*/,
const gss_OID /*input_name_type*/,
gss_name_t * /*output_name*/
);
-OM_uint32 gss_export_name
+OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name
(OM_uint32 * /*minor_status*/,
const gss_name_t /*input_name*/,
gss_buffer_t /*exported_name*/
);
-OM_uint32 gss_release_name
+OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name
(OM_uint32 * /*minor_status*/,
gss_name_t * /*input_name*/
);
-OM_uint32 gss_release_buffer
+OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer
(OM_uint32 * /*minor_status*/,
gss_buffer_t /*buffer*/
);
-OM_uint32 gss_release_oid_set
+OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set
(OM_uint32 * /*minor_status*/,
gss_OID_set * /*set*/
);
-OM_uint32 gss_inquire_cred
+OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred
(OM_uint32 * /*minor_status*/,
const gss_cred_id_t /*cred_handle*/,
gss_name_t * /*name*/,
@@ -551,7 +561,7 @@ OM_uint32 gss_inquire_cred
gss_OID_set * /*mechanisms*/
);
-OM_uint32 gss_inquire_context (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context (
OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
gss_name_t * /*src_name*/,
@@ -563,7 +573,7 @@ OM_uint32 gss_inquire_context (
int * /*open_context*/
);
-OM_uint32 gss_wrap_size_limit (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit (
OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
@@ -572,7 +582,7 @@ OM_uint32 gss_wrap_size_limit (
OM_uint32 * /*max_input_size*/
);
-OM_uint32 gss_add_cred (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_add_cred (
OM_uint32 * /*minor_status*/,
const gss_cred_id_t /*input_cred_handle*/,
const gss_name_t /*desired_name*/,
@@ -586,7 +596,7 @@ OM_uint32 gss_add_cred (
OM_uint32 * /*acceptor_time_rec*/
);
-OM_uint32 gss_inquire_cred_by_mech (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech (
OM_uint32 * /*minor_status*/,
const gss_cred_id_t /*cred_handle*/,
const gss_OID /*mech_type*/,
@@ -596,80 +606,81 @@ OM_uint32 gss_inquire_cred_by_mech (
gss_cred_usage_t * /*cred_usage*/
);
-OM_uint32 gss_export_sec_context (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context (
OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
gss_buffer_t /*interprocess_token*/
);
-OM_uint32 gss_import_sec_context (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context (
OM_uint32 * /*minor_status*/,
const gss_buffer_t /*interprocess_token*/,
gss_ctx_id_t * /*context_handle*/
);
-OM_uint32 gss_create_empty_oid_set (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set (
OM_uint32 * /*minor_status*/,
gss_OID_set * /*oid_set*/
);
-OM_uint32 gss_add_oid_set_member (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member (
OM_uint32 * /*minor_status*/,
const gss_OID /*member_oid*/,
gss_OID_set * /*oid_set*/
);
-OM_uint32 gss_test_oid_set_member (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member (
OM_uint32 * /*minor_status*/,
const gss_OID /*member*/,
const gss_OID_set /*set*/,
int * /*present*/
);
-OM_uint32 gss_inquire_names_for_mech (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech (
OM_uint32 * /*minor_status*/,
const gss_OID /*mechanism*/,
gss_OID_set * /*name_types*/
);
-OM_uint32 gss_inquire_mechs_for_name (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name (
OM_uint32 * /*minor_status*/,
const gss_name_t /*input_name*/,
gss_OID_set * /*mech_types*/
);
-OM_uint32 gss_canonicalize_name (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name (
OM_uint32 * /*minor_status*/,
const gss_name_t /*input_name*/,
const gss_OID /*mech_type*/,
gss_name_t * /*output_name*/
);
-OM_uint32 gss_duplicate_name (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_name (
OM_uint32 * /*minor_status*/,
const gss_name_t /*src_name*/,
gss_name_t * /*dest_name*/
);
-OM_uint32 gss_duplicate_oid (
+OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_oid (
OM_uint32 * /* minor_status */,
gss_OID /* src_oid */,
gss_OID * /* dest_oid */
);
-OM_uint32
+
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_oid
(OM_uint32 * /*minor_status*/,
gss_OID * /* oid */
);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_oid_to_str(
OM_uint32 * /*minor_status*/,
gss_OID /* oid */,
gss_buffer_t /* str */
);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_sec_context_by_oid(
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
@@ -677,38 +688,38 @@ gss_inquire_sec_context_by_oid(
gss_buffer_set_t *data_set
);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_set_sec_context_option (OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
const gss_OID desired_object,
const gss_buffer_t value);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_set_cred_option (OM_uint32 *minor_status,
gss_cred_id_t *cred_handle,
const gss_OID object,
const gss_buffer_t value);
-int
+int GSSAPI_LIB_FUNCTION
gss_oid_equal(const gss_OID a, const gss_OID b);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_create_empty_buffer_set
(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_add_buffer_set_member
(OM_uint32 * minor_status,
const gss_buffer_t member_buffer,
gss_buffer_set_t *buffer_set);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_buffer_set
(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_cred_by_oid(OM_uint32 *minor_status,
const gss_cred_id_t cred_handle,
const gss_OID desired_object,
@@ -721,7 +732,7 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status,
#define GSS_C_PRF_KEY_FULL 0
#define GSS_C_PRF_KEY_PARTIAL 1
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_pseudo_random
(OM_uint32 *minor_status,
gss_ctx_id_t context,
@@ -742,7 +753,7 @@ gss_pseudo_random
* obsolete versions of these routines and their current forms.
*/
-OM_uint32 gss_sign
+OM_uint32 GSSAPI_LIB_FUNCTION gss_sign
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*qop_req*/,
@@ -750,7 +761,7 @@ OM_uint32 gss_sign
gss_buffer_t /*message_token*/
);
-OM_uint32 gss_verify
+OM_uint32 GSSAPI_LIB_FUNCTION gss_verify
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*message_buffer*/,
@@ -758,7 +769,7 @@ OM_uint32 gss_verify
int * /*qop_state*/
);
-OM_uint32 gss_seal
+OM_uint32 GSSAPI_LIB_FUNCTION gss_seal
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*conf_req_flag*/,
@@ -768,7 +779,7 @@ OM_uint32 gss_seal
gss_buffer_t /*output_message_buffer*/
);
-OM_uint32 gss_unseal
+OM_uint32 GSSAPI_LIB_FUNCTION gss_unseal
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
gss_buffer_t /*input_message_buffer*/,
@@ -781,18 +792,18 @@ OM_uint32 gss_unseal
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_encapsulate_token(gss_buffer_t /* input_token */,
gss_OID /* oid */,
gss_buffer_t /* output_token */);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_decapsulate_token(gss_buffer_t /* input_token */,
gss_OID /* oid */,
gss_buffer_t /* output_token */);
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
index 2223f4f22f..55f7886658 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi_krb5.h 22655 2008-02-26 12:40:35Z lha $ */
+/* $Id: gssapi_krb5.h 23420 2008-07-26 18:37:48Z lha $ */
#ifndef GSSAPI_KRB5_H_
#define GSSAPI_KRB5_H_
@@ -46,12 +46,12 @@ extern "C" {
* This is for kerberos5 names.
*/
-extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
-extern gss_OID GSS_KRB5_NT_USER_NAME;
-extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
-extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_USER_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_STRING_UID_NAME;
-extern gss_OID GSS_KRB5_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_MECHANISM;
/* for compatibility with MIT api */
@@ -59,28 +59,30 @@ extern gss_OID GSS_KRB5_MECHANISM;
#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
/* Extensions set contexts options */
-extern gss_OID GSS_KRB5_COPY_CCACHE_X;
-extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
-extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
-extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
-extern gss_OID GSS_KRB5_SEND_TO_KDC_X;
-extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
-extern gss_OID GSS_KRB5_CCACHE_NAME_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COPY_CCACHE_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SEND_TO_KDC_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CCACHE_NAME_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_TIME_OFFSET_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TIME_OFFSET_X;
/* Extensions inquire context */
-extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
-extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
-extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
-extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
-extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
-extern gss_OID GSS_KRB5_GET_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_AUTHTIME_X;
-extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SUBKEY_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_AUTHTIME_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
/* Extensions creds */
-extern gss_OID GSS_KRB5_IMPORT_CRED_X;
-extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
-extern gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_IMPORT_CRED_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
/*
* kerberos mechanism specific functions
@@ -90,39 +92,42 @@ struct krb5_keytab_data;
struct krb5_ccache_data;
struct Principal;
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
const char * /*name */,
const char ** /*out_name */);
-OM_uint32 gsskrb5_register_acceptor_identity
+OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
(const char */*identity*/);
-OM_uint32 gss_krb5_copy_ccache
+OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
+ (const char */*identity*/);
+
+OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
(OM_uint32 */*minor*/,
gss_cred_id_t /*cred*/,
struct krb5_ccache_data */*out*/);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_import_cred(OM_uint32 */*minor*/,
struct krb5_ccache_data * /*in*/,
struct Principal * /*keytab_principal*/,
struct krb5_keytab_data * /*keytab*/,
gss_cred_id_t */*out*/);
-OM_uint32 gss_krb5_get_tkt_flags
+OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
(OM_uint32 */*minor*/,
gss_ctx_id_t /*context_handle*/,
OM_uint32 */*tkt_flags*/);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*ad_type*/,
gss_buffer_t /*ad_data*/);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_set_dns_canonicalize(int);
struct gsskrb5_send_to_kdc {
@@ -130,30 +135,36 @@ struct gsskrb5_send_to_kdc {
void *ptr;
};
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_set_default_realm(const char *);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
struct EncryptionKey;
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
struct EncryptionKey **out);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
struct EncryptionKey **out);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_get_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
struct EncryptionKey **out);
+OM_uint32 GSSAPI_LIB_FUNCTION
+gsskrb5_set_time_offset(int);
+
+OM_uint32 GSSAPI_LIB_FUNCTION
+gsskrb5_get_time_offset(int *);
+
/*
* Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
* do GSS content token handling in-kernel.
@@ -196,19 +207,19 @@ typedef struct gss_krb5_lucid_context_version {
* Function declarations
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
OM_uint32 version,
void **kctx);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
void *kctx);
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_cred_id_t cred,
OM_uint32 num_enctypes,
diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
index fbb7906369..3358863a80 100644
--- a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
+++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */
+/* $Id: gssapi_spnego.h 23025 2008-04-17 10:01:57Z lha $ */
#ifndef GSSAPI_SPNEGO_H_
#define GSSAPI_SPNEGO_H_
@@ -48,7 +48,7 @@ extern "C" {
* negotiation token is identified by the Object Identifier
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
-extern gss_OID GSS_SPNEGO_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_SPNEGO_MECHANISM;
#define gss_mech_spnego GSS_SPNEGO_MECHANISM
#ifdef __cplusplus
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 73b93ceba4..8dbd087da6 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $");
+RCSID("$Id: accept_sec_context.c 23433 2008-07-26 18:44:26Z lha $");
HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
krb5_keytab _gsskrb5_keytab;
@@ -251,6 +251,62 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
}
static OM_uint32
+send_error_token(OM_uint32 *minor_status,
+ krb5_context context,
+ krb5_error_code kret,
+ krb5_principal server,
+ krb5_data *indata,
+ gss_buffer_t output_token)
+{
+ krb5_principal ap_req_server = NULL;
+ krb5_error_code ret;
+ krb5_data outbuf;
+
+ /* build server from request if the acceptor had not selected one */
+ if (server == NULL) {
+ AP_REQ ap_req;
+
+ ret = krb5_decode_ap_req(context, indata, &ap_req);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ ret = _krb5_principalname2krb5_principal(context,
+ &ap_req_server,
+ ap_req.ticket.sname,
+ ap_req.ticket.realm);
+ free_AP_REQ(&ap_req);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ server = ap_req_server;
+ }
+
+ ret = krb5_mk_error(context, kret, NULL, NULL, NULL,
+ server, NULL, NULL, &outbuf);
+ if (ap_req_server)
+ krb5_free_principal(context, ap_req_server);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = _gsskrb5_encapsulate(minor_status,
+ &outbuf,
+ output_token,
+ "\x03\x00",
+ GSS_KRB5_MECHANISM);
+ krb5_data_free (&outbuf);
+ if (ret)
+ return ret;
+
+ *minor_status = 0;
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+
+static OM_uint32
gsskrb5_acceptor_start(OM_uint32 * minor_status,
gsskrb5_ctx ctx,
krb5_context context,
@@ -304,6 +360,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
{
krb5_rd_req_in_ctx in = NULL;
krb5_rd_req_out_ctx out = NULL;
+ krb5_principal server = NULL;
+
+ if (acceptor_cred)
+ server = acceptor_cred->principal;
kret = krb5_rd_req_in_ctx_alloc(context, &in);
if (kret == 0)
@@ -319,17 +379,20 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
kret = krb5_rd_req_ctx(context,
&ctx->auth_context,
&indata,
- (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal,
+ server,
in, &out);
krb5_rd_req_in_ctx_free(context, in);
if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- return ret;
+ /*
+ * No reply in non-MUTUAL mode, but we don't know that its
+ * non-MUTUAL mode yet, thats inside the 8003 checksum.
+ */
+ return send_error_token(minor_status, context, kret,
+ server, &indata, output_token);
}
/*
- * We need to remember some data on the context_handle.
+ * we need to remember some data on the context_handle.
*/
kret = krb5_rd_req_out_get_ap_req_options(context, out,
&ap_options);
diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c
index abad986550..9c618ac6a6 100644
--- a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id: delete_sec_context.c 23420 2008-07-26 18:37:48Z lha $");
OM_uint32
_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
@@ -61,6 +61,8 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status,
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
krb5_auth_con_free (context, ctx->auth_context);
+ if (ctx->kcred)
+ krb5_free_creds(context, ctx->kcred);
if(ctx->source)
krb5_free_principal (context, ctx->source);
if(ctx->target)
diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c
index c0192522a7..f932261ffa 100644
--- a/source4/heimdal/lib/gssapi/krb5/display_status.c
+++ b/source4/heimdal/lib/gssapi/krb5/display_status.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id: display_status.c 23316 2008-06-23 04:32:32Z lha $");
static const char *
calling_error(OM_uint32 v)
@@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...)
vasprintf(&str, fmt, args);
va_end(args);
if (str) {
- krb5_set_error_string(context, str);
+ krb5_set_error_message(context, 0, str);
free(str);
}
}
diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c
index 03fe61dc57..2ee018708a 100644
--- a/source4/heimdal/lib/gssapi/krb5/external.c
+++ b/source4/heimdal/lib/gssapi/krb5/external.c
@@ -34,7 +34,7 @@
#include "krb5/gsskrb5_locl.h"
#include <gssapi_mech.h>
-RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $");
+RCSID("$Id: external.c 23420 2008-07-26 18:37:48Z lha $");
/*
* The implementation must reserve static storage for a
@@ -49,9 +49,10 @@ RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $");
*/
static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
+ {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME =
+ &gss_c_nt_user_name_oid_desc;
/*
* The implementation must reserve static storage for a
@@ -66,9 +67,10 @@ gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
*/
static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
+ {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME =
+ &gss_c_nt_machine_uid_name_oid_desc;
/*
* The implementation must reserve static storage for a
@@ -83,9 +85,10 @@ gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
*/
static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
+ {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME =
+ &gss_c_nt_string_uid_name_oid_desc;
/*
* The implementation must reserve static storage for a
@@ -106,9 +109,10 @@ gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
*/
static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
+ {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X =
+ &gss_c_nt_hostbased_service_x_oid_desc;
/*
* The implementation must reserve static storage for a
@@ -122,9 +126,10 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
* to point to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
+ {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE =
+ &gss_c_nt_hostbased_service_oid_desc;
/*
* The implementation must reserve static storage for a
@@ -138,9 +143,10 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
*/
static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
+ {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS =
+ &gss_c_nt_anonymous_oid_desc;
/*
* The implementation must reserve static storage for a
@@ -154,9 +160,10 @@ gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
*/
static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
+ {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME =
+ &gss_c_nt_export_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
@@ -166,9 +173,10 @@ gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
*/
static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
+ {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_PRINCIPAL_NAME =
+ &gss_krb5_nt_principal_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
@@ -177,7 +185,8 @@ gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
* type is "GSS_KRB5_NT_USER_NAME".
*/
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_USER_NAME =
+ &gss_c_nt_user_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
@@ -186,7 +195,8 @@ gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
*/
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_MACHINE_UID_NAME =
+ &gss_c_nt_machine_uid_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
@@ -195,7 +205,8 @@ gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
*/
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_STRING_UID_NAME =
+ &gss_c_nt_string_uid_name_oid_desc;
/*
* To support ongoing experimentation, testing, and evolution of the
@@ -217,14 +228,15 @@ gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
#if 0 /* This is the old OID */
static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
+ {5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
#endif
static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
+ {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM =
+ &gss_krb5_mechanism_oid_desc;
/*
* draft-ietf-cat-iakerb-09, IAKERB:
@@ -240,23 +252,26 @@ gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
*/
static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
-{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
+ {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
-gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_PROXY_MECHANISM =
+ &gss_iakerb_proxy_mechanism_oid_desc;
static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
-{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
+ {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
-gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_MIN_MSG_MECHANISM =
+ &gss_iakerb_min_msg_mechanism_oid_desc;
/*
*
*/
static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
-{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
+ {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
-gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_PEER_HAS_UPDATED_SPNEGO =
+ &gss_c_peer_has_updated_spnego_oid_desc;
/*
* 1.2.752.43.13 Heimdal GSS-API Extentions
@@ -264,111 +279,143 @@ gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
/* 1.2.752.43.13.1 */
static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
-gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COPY_CCACHE_X =
+ &gss_krb5_copy_ccache_x_oid_desc;
/* 1.2.752.43.13.2 */
static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
-gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TKT_FLAGS_X =
+ &gss_krb5_get_tkt_flags_x_oid_desc;
/* 1.2.752.43.13.3 */
static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
-gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X =
+ &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
/* 1.2.752.43.13.4 */
static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
-gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COMPAT_DES3_MIC_X =
+ &gss_krb5_compat_des3_mic_x_oid_desc;
/* 1.2.752.43.13.5 */
static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
-gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X =
+ &gss_krb5_register_acceptor_identity_x_desc;
/* 1.2.752.43.13.6 */
static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
-gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_X =
+ &gss_krb5_export_lucid_context_x_desc;
/* 1.2.752.43.13.6.1 */
static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
-{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
+ {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
-gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X =
+ &gss_krb5_export_lucid_context_v1_x_desc;
/* 1.2.752.43.13.7 */
static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
-gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DNS_CANONICALIZE_X =
+ &gss_krb5_set_dns_canonicalize_x_desc;
/* 1.2.752.43.13.8 */
static gss_OID_desc gss_krb5_get_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
-gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SUBKEY_X =
+ &gss_krb5_get_subkey_x_desc;
/* 1.2.752.43.13.9 */
static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
-gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_INITIATOR_SUBKEY_X =
+ &gss_krb5_get_initiator_subkey_x_desc;
/* 1.2.752.43.13.10 */
static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
-gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_ACCEPTOR_SUBKEY_X =
+ &gss_krb5_get_acceptor_subkey_x_desc;
/* 1.2.752.43.13.11 */
static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
-gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SEND_TO_KDC_X =
+ &gss_krb5_send_to_kdc_x_desc;
/* 1.2.752.43.13.12 */
static gss_OID_desc gss_krb5_get_authtime_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
-gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_AUTHTIME_X =
+ &gss_krb5_get_authtime_x_desc;
/* 1.2.752.43.13.13 */
static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
-gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SERVICE_KEYBLOCK_X =
+ &gss_krb5_get_service_keyblock_x_desc;
/* 1.2.752.43.13.14 */
static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
-gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X =
+ &gss_krb5_set_allowable_enctypes_x_desc;
/* 1.2.752.43.13.15 */
static gss_OID_desc gss_krb5_set_default_realm_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
-gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DEFAULT_REALM_X =
+ &gss_krb5_set_default_realm_x_desc;
/* 1.2.752.43.13.16 */
static gss_OID_desc gss_krb5_ccache_name_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
-gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_CCACHE_NAME_X =
+ &gss_krb5_ccache_name_x_desc;
+
+/* 1.2.752.43.13.17 */
+static gss_OID_desc gss_krb5_set_time_offset_x_desc =
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
+
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_TIME_OFFSET_X =
+ &gss_krb5_set_time_offset_x_desc;
+
+/* 1.2.752.43.13.18 */
+static gss_OID_desc gss_krb5_get_time_offset_x_desc =
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
+
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X =
+ &gss_krb5_get_time_offset_x_desc;
/* 1.2.752.43.14.1 */
static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
-gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc;
+gss_OID GSSAPI_LIB_VARIABLE GSS_SASL_DIGEST_MD5_MECHANISM =
+ &gss_sasl_digest_md5_mechanism_desc;
/*
* Context for krb5 calls.
diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c
index 133481ffe1..f689e624a8 100644
--- a/source4/heimdal/lib/gssapi/krb5/get_mic.c
+++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id: get_mic.c 23112 2008-04-27 18:51:26Z lha $");
static OM_uint32
mic_des
@@ -88,7 +88,7 @@ mic_des
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
&schedule, &zero);
memcpy (p - 8, hash, 8); /* SGN_CKSUM */
@@ -108,7 +108,7 @@ mic_des
(ctx->more_flags & LOCAL) ? 0 : 0xFF,
4);
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_encrypt ((void *)p, (void *)p, 8,
&schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
index 3e8c1b8fa6..d9af44f960 100644
--- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
+++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gsskrb5_locl.h 22655 2008-02-26 12:40:35Z lha $ */
+/* $Id: gsskrb5_locl.h 23435 2008-07-26 20:49:35Z lha $ */
#ifndef GSSKRB5_LOCL_H
#define GSSKRB5_LOCL_H
@@ -62,11 +62,14 @@ typedef struct {
enum { LOCAL = 1, OPEN = 2,
COMPAT_OLD_DES3 = 4,
COMPAT_OLD_DES3_SELECTED = 8,
- ACCEPTOR_SUBKEY = 16
+ ACCEPTOR_SUBKEY = 16,
+ RETRIED = 32,
+ CLOSE_CCACHE = 64
} more_flags;
enum gss_ctx_id_t_state {
/* initiator states */
INITIATOR_START,
+ INITIATOR_RESTART,
INITIATOR_WAIT_FOR_MUTAL,
INITIATOR_READY,
/* acceptor states */
@@ -74,6 +77,8 @@ typedef struct {
ACCEPTOR_WAIT_FOR_DCESTYLE,
ACCEPTOR_READY
} state;
+ krb5_creds *kcred;
+ krb5_ccache ccache;
struct krb5_ticket *ticket;
OM_uint32 lifetime;
HEIMDAL_MUTEX ctx_id_mutex;
diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c
index 3300036a81..5fd8c94104 100644
--- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id: import_sec_context.c 22997 2008-04-15 19:36:25Z lha $");
OM_uint32
_gsskrb5_import_sec_context (
@@ -52,8 +52,7 @@ _gsskrb5_import_sec_context (
krb5_data data;
gss_buffer_desc buffer;
krb5_keyblock keyblock;
- int32_t tmp;
- int32_t flags;
+ int32_t flags, tmp;
gsskrb5_ctx ctx;
gss_name_t name;
@@ -96,8 +95,9 @@ _gsskrb5_import_sec_context (
/* retrieve the auth context */
ac = ctx->auth_context;
- if (krb5_ret_uint32 (sp, &ac->flags) != 0)
+ if (krb5_ret_int32 (sp, &tmp) != 0)
goto failure;
+ ac->flags = tmp;
if (flags & SC_LOCAL_ADDRESS) {
if (krb5_ret_address (sp, localp = &local) != 0)
goto failure;
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index c455a5dc8b..c9b9e15588 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: init_sec_context.c 22671 2008-03-09 23:57:54Z lha $");
+RCSID("$Id: init_sec_context.c 23422 2008-07-26 18:38:29Z lha $");
/*
* copy the addresses from `input_chan_bindings' (if any) to
@@ -121,6 +121,8 @@ _gsskrb5_create_ctx(
ctx->auth_context = NULL;
ctx->source = NULL;
ctx->target = NULL;
+ ctx->kcred = NULL;
+ ctx->ccache = NULL;
ctx->state = state;
ctx->flags = 0;
ctx->more_flags = 0;
@@ -134,9 +136,7 @@ _gsskrb5_create_ctx(
kret = krb5_auth_con_init (context, &ctx->auth_context);
if (kret) {
*minor_status = kret;
-
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
return GSS_S_FAILURE;
}
@@ -232,27 +232,32 @@ gsskrb5_initiator_ready(
gsskrb5_ctx ctx,
krb5_context context)
{
- OM_uint32 ret;
- int32_t seq_number;
- int is_cfx = 0;
- OM_uint32 flags = ctx->flags;
-
- krb5_auth_getremoteseqnumber (context,
- ctx->auth_context,
- &seq_number);
-
- _gsskrb5i_is_cfx(ctx, &is_cfx);
-
- ret = _gssapi_msg_order_create(minor_status,
- &ctx->order,
- _gssapi_msg_order_f(flags),
- seq_number, 0, is_cfx);
- if (ret) return ret;
+ OM_uint32 ret;
+ int32_t seq_number;
+ int is_cfx = 0;
+ OM_uint32 flags = ctx->flags;
+
+ krb5_free_creds(context, ctx->kcred);
+ ctx->kcred = NULL;
- ctx->state = INITIATOR_READY;
- ctx->more_flags |= OPEN;
+ if (ctx->more_flags & CLOSE_CCACHE)
+ krb5_cc_close(context, ctx->ccache);
+ ctx->ccache = NULL;
- return GSS_S_COMPLETE;
+ krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
+
+ _gsskrb5i_is_cfx(ctx, &is_cfx);
+
+ ret = _gssapi_msg_order_create(minor_status,
+ &ctx->order,
+ _gssapi_msg_order_f(flags),
+ seq_number, 0, is_cfx);
+ if (ret) return ret;
+
+ ctx->state = INITIATOR_READY;
+ ctx->more_flags |= OPEN;
+
+ return GSS_S_COMPLETE;
}
/*
@@ -333,7 +338,6 @@ init_auth
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
@@ -343,14 +347,7 @@ init_auth
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
- krb5_flags ap_options;
- krb5_creds *kcred = NULL;
krb5_data outbuf;
- krb5_ccache ccache = NULL;
- uint32_t flags;
- krb5_data authenticator;
- Checksum cksum;
- krb5_enctype enctype;
krb5_data fwd_data;
OM_uint32 lifetime_rec;
@@ -363,16 +360,17 @@ init_auth
*actual_mech_type = GSS_KRB5_MECHANISM;
if (cred == NULL) {
- kret = krb5_cc_default (context, &ccache);
+ kret = krb5_cc_default (context, &ctx->ccache);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
+ ctx->more_flags |= CLOSE_CCACHE;
} else
- ccache = cred->ccache;
+ ctx->ccache = cred->ccache;
- kret = krb5_cc_get_principal (context, ccache, &ctx->source);
+ kret = krb5_cc_get_principal (context, ctx->ccache, &ctx->source);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
@@ -407,16 +405,16 @@ init_auth
ret = gsskrb5_get_creds(minor_status,
context,
- ccache,
+ ctx->ccache,
ctx,
ctx->target,
time_req,
time_rec,
- &kcred);
+ &ctx->kcred);
if (ret)
goto failure;
- ctx->lifetime = kcred->times.endtime;
+ ctx->lifetime = ctx->kcred->times.endtime;
ret = _gsskrb5_lifetime_left(minor_status,
context,
@@ -434,17 +432,59 @@ init_auth
krb5_auth_con_setkey(context,
ctx->auth_context,
- &kcred->session);
+ &ctx->kcred->session);
kret = krb5_auth_con_generatelocalsubkey(context,
ctx->auth_context,
- &kcred->session);
+ &ctx->kcred->session);
if(kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
-
+
+ return GSS_S_COMPLETE;
+
+failure:
+ if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE))
+ krb5_cc_close(context, ctx->ccache);
+ ctx->ccache = NULL;
+
+ return ret;
+
+}
+
+static OM_uint32
+init_auth_restart
+(OM_uint32 * minor_status,
+ gsskrb5_cred cred,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ OM_uint32 req_flags,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ OM_uint32 ret = GSS_S_FAILURE;
+ krb5_error_code kret;
+ krb5_flags ap_options;
+ krb5_data outbuf;
+ uint32_t flags;
+ krb5_data authenticator;
+ Checksum cksum;
+ krb5_enctype enctype;
+ krb5_data fwd_data, timedata;
+ int32_t offset = 0, oldoffset;
+
+ krb5_data_zero(&outbuf);
+ krb5_data_zero(&fwd_data);
+
+ *minor_status = 0;
+
/*
* If the credential doesn't have ok-as-delegate, check what local
* policy say about ok-as-delegate, default is FALSE that makes
@@ -452,12 +492,24 @@ init_auth
* requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
* KDC doesn't set ok-as-delegate.
*/
- if (!kcred->flags.b.ok_as_delegate) {
- krb5_boolean delegate;
+ if (!ctx->kcred->flags.b.ok_as_delegate) {
+ krb5_boolean delegate, realm_setting;
+ krb5_data data;
- krb5_appdefault_boolean(context,
- "gssapi", name->realm,
- "ok-as-delegate", FALSE, &delegate);
+ realm_setting = FALSE;
+
+ ret = krb5_cc_get_config(context, ctx->ccache, NULL,
+ "realm-config", &data);
+ if (ret == 0) {
+ /* XXX 1 is use ok-as-delegate */
+ if (data.length > 0 && (((unsigned char *)data.data)[0]) & 1)
+ realm_setting = TRUE;
+ krb5_data_free(&data);
+ }
+
+ krb5_appdefault_boolean(context, "gssapi", ctx->target->realm,
+ "ok-as-delegate", realm_setting,
+ &delegate);
if (delegate)
req_flags &= ~GSS_C_DELEG_FLAG;
}
@@ -467,7 +519,8 @@ init_auth
if (req_flags & GSS_C_DELEG_FLAG)
do_delegation (context,
ctx->auth_context,
- ccache, kcred, name, &fwd_data, &flags);
+ ctx->ccache, ctx->kcred, ctx->target,
+ &fwd_data, &flags);
if (req_flags & GSS_C_MUTUAL_FLAG) {
flags |= GSS_C_MUTUAL_FLAG;
@@ -518,16 +571,33 @@ init_auth
enctype = ctx->auth_context->keyblock->keytype;
+ ret = krb5_cc_get_config(context, ctx->ccache, ctx->target,
+ "time-offset", &timedata);
+ if (ret == 0) {
+ if (timedata.length == 4) {
+ const u_char *p = timedata.data;
+ offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
+ }
+ krb5_data_free(&timedata);
+ }
+
+ if (offset) {
+ krb5_get_kdc_sec_offset (context, &oldoffset, NULL);
+ krb5_set_kdc_sec_offset (context, offset, -1);
+ }
+
kret = krb5_build_authenticator (context,
ctx->auth_context,
enctype,
- kcred,
+ ctx->kcred,
&cksum,
NULL,
&authenticator,
KRB5_KU_AP_REQ_AUTH);
if (kret) {
+ if (offset)
+ krb5_set_kdc_sec_offset (context, oldoffset, -1);
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
@@ -535,11 +605,12 @@ init_auth
kret = krb5_build_ap_req (context,
enctype,
- kcred,
+ ctx->kcred,
ap_options,
authenticator,
&outbuf);
-
+ if (offset)
+ krb5_set_kdc_sec_offset (context, oldoffset, -1);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
@@ -552,16 +623,12 @@ init_auth
} else {
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
(u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
+ krb5_data_free (&outbuf);
if (ret)
goto failure;
-
- krb5_data_free (&outbuf);
}
- krb5_free_creds(context, kcred);
free_Checksum(&cksum);
- if (cred == NULL)
- krb5_cc_close(context, ccache);
if (flags & GSS_C_MUTUAL_FLAG) {
ctx->state = INITIATOR_WAIT_FOR_MUTAL;
@@ -570,15 +637,14 @@ init_auth
return gsskrb5_initiator_ready(minor_status, ctx, context);
failure:
- if(kcred)
- krb5_free_creds(context, kcred);
- if (ccache && cred == NULL)
- krb5_cc_close(context, ccache);
+ if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE))
+ krb5_cc_close(context, ctx->ccache);
+ ctx->ccache = NULL;
return ret;
-
}
+
static OM_uint32
repl_mutual
(OM_uint32 * minor_status,
@@ -617,8 +683,46 @@ repl_mutual
&indata,
"\x02\x00",
GSS_KRB5_MECHANISM);
- if (ret) {
- /* XXX - Handle AP_ERROR */
+ if (ret == GSS_S_DEFECTIVE_TOKEN) {
+ /* check if there is an error token sent instead */
+ ret = _gsskrb5_decapsulate (minor_status,
+ input_token,
+ &indata,
+ "\x03\x00",
+ GSS_KRB5_MECHANISM);
+ if (ret == GSS_S_COMPLETE) {
+ KRB_ERROR error;
+
+ kret = krb5_rd_error(context, &indata, &error);
+ if (kret == 0) {
+ kret = krb5_error_from_rd_error(context, &error, NULL);
+
+ /* save the time skrew for this host */
+ if (kret == KRB5KRB_AP_ERR_SKEW) {
+ krb5_data timedata;
+ unsigned char p[4];
+ int32_t t = error.stime - time(NULL);
+
+ p[0] = (t >> 24) & 0xFF;
+ p[1] = (t >> 16) & 0xFF;
+ p[2] = (t >> 8) & 0xFF;
+ p[3] = (t >> 0) & 0xFF;
+
+ timedata.data = p;
+ timedata.length = sizeof(p);
+
+ krb5_cc_set_config(context, ctx->ccache, ctx->target,
+ "time-offset", &timedata);
+
+ if ((ctx->more_flags & RETRIED) == 0)
+ ctx->state = INITIATOR_RESTART;
+ ctx->more_flags |= RETRIED;
+ }
+ free_KRB_ERROR (&error);
+ }
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
return ret;
}
}
@@ -661,30 +765,31 @@ repl_mutual
*ret_flags = ctx->flags;
if (req_flags & GSS_C_DCE_STYLE) {
- int32_t con_flags;
+ int32_t local_seq, remote_seq;
krb5_data outbuf;
- /* Do don't do sequence number for the mk-rep */
- krb5_auth_con_removeflags(context,
- ctx->auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE,
- &con_flags);
+ /*
+ * So DCE_STYLE is strange. The client echos the seq number
+ * that the server used in the server's mk_rep in its own
+ * mk_rep(). After when done, it resets to it's own seq number
+ * for the gss_wrap calls.
+ */
- kret = krb5_mk_rep(context,
- ctx->auth_context,
- &outbuf);
+ krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
+ krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
+ krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
+
+ kret = krb5_mk_rep(context, ctx->auth_context, &outbuf);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
}
+ /* reset local seq number */
+ krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq);
+
output_token->length = outbuf.length;
output_token->value = outbuf.data;
-
- krb5_auth_con_removeflags(context,
- ctx->auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE,
- NULL);
}
return gsskrb5_initiator_ready(minor_status, ctx, context);
@@ -768,6 +873,7 @@ OM_uint32 _gsskrb5_init_sec_context
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ again:
switch (ctx->state) {
case INITIATOR_START:
ret = init_auth(minor_status,
@@ -778,12 +884,26 @@ OM_uint32 _gsskrb5_init_sec_context
mech_type,
req_flags,
time_req,
- input_chan_bindings,
input_token,
actual_mech_type,
output_token,
ret_flags,
time_rec);
+ if (ret != GSS_S_COMPLETE)
+ break;
+ /* FALL THOUGH */
+ case INITIATOR_RESTART:
+ ret = init_auth_restart(minor_status,
+ cred,
+ ctx,
+ context,
+ req_flags,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
break;
case INITIATOR_WAIT_FOR_MUTAL:
ret = repl_mutual(minor_status,
@@ -798,6 +918,8 @@ OM_uint32 _gsskrb5_init_sec_context
output_token,
ret_flags,
time_rec);
+ if (ctx->state == INITIATOR_RESTART)
+ goto again;
break;
case INITIATOR_READY:
/*
diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
index 85b50d0322..8c554fb8e0 100644
--- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c
@@ -32,7 +32,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: set_cred_option.c 22655 2008-02-26 12:40:35Z lha $");
+RCSID("$Id: set_cred_option.c 23331 2008-06-27 12:01:48Z lha $");
/* 1.2.752.43.13.17 */
static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc =
diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
index 50441a11ad..fd76838af5 100644
--- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
+++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c
@@ -36,7 +36,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $");
+RCSID("$Id: set_sec_context_option.c 23420 2008-07-26 18:37:48Z lha $");
static OM_uint32
get_bool(OM_uint32 *minor_status,
@@ -70,6 +70,36 @@ get_string(OM_uint32 *minor_status,
return GSS_S_COMPLETE;
}
+static OM_uint32
+get_int32(OM_uint32 *minor_status,
+ const gss_buffer_t value,
+ OM_uint32 *ret)
+{
+ *minor_status = 0;
+ if (value == NULL || value->length == 0)
+ *ret = 0;
+ else if (value->length == sizeof(*ret))
+ memcpy(ret, value->value, sizeof(*ret));
+ else
+ return GSS_S_UNAVAILABLE;
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+set_int32(OM_uint32 *minor_status,
+ const gss_buffer_t value,
+ OM_uint32 set)
+{
+ *minor_status = 0;
+ if (value->length == sizeof(set))
+ memcpy(value->value, &set, sizeof(set));
+ else
+ return GSS_S_UNAVAILABLE;
+
+ return GSS_S_COMPLETE;
+}
+
OM_uint32
_gsskrb5_set_sec_context_option
(OM_uint32 *minor_status,
@@ -185,6 +215,35 @@ _gsskrb5_set_sec_context_option
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_TIME_OFFSET_X)) {
+ OM_uint32 offset;
+ time_t t;
+
+ maj_stat = get_int32(minor_status, value, &offset);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ t = time(NULL) + offset;
+
+ krb5_set_real_time(context, t, 0);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_TIME_OFFSET_X)) {
+ krb5_timestamp sec;
+ int32_t usec;
+ time_t t;
+
+ t = time(NULL);
+
+ krb5_us_timeofday (context, &sec, &usec);
+
+ maj_stat = set_int32(minor_status, value, sec - t);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
}
*minor_status = EINVAL;
diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c
index d0a33d86fb..eec4078a70 100644
--- a/source4/heimdal/lib/gssapi/krb5/unwrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id: unwrap.c 23112 2008-04-27 18:51:26Z lha $");
static OM_uint32
unwrap_des
@@ -93,7 +93,7 @@ unwrap_des
for (i = 0; i < sizeof(deskey); ++i)
deskey[i] ^= 0xf0;
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
memset (&zero, 0, sizeof(zero));
DES_cbc_encrypt ((void *)p,
(void *)p,
@@ -119,7 +119,7 @@ unwrap_des
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
&schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0)
@@ -130,7 +130,7 @@ unwrap_des
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
p -= 16;
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_encrypt ((void *)p, (void *)p, 8,
&schedule, (DES_cblock *)hash, DES_DECRYPT);
diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
index 52381afcc2..560c14bc89 100644
--- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c
+++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id: verify_mic.c 23112 2008-04-27 18:51:26Z lha $");
static OM_uint32
verify_mic_des
@@ -83,7 +83,7 @@ verify_mic_des
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
&schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0) {
@@ -97,7 +97,7 @@ verify_mic_des
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
p -= 16;
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_encrypt ((void *)p, (void *)p, 8,
&schedule, (DES_cblock *)hash, DES_DECRYPT);
diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c
index d41379870a..6d00f2adcf 100644
--- a/source4/heimdal/lib/gssapi/krb5/wrap.c
+++ b/source4/heimdal/lib/gssapi/krb5/wrap.c
@@ -33,7 +33,7 @@
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $");
+RCSID("$Id: wrap.c 23316 2008-06-23 04:32:32Z lha $");
/*
* Return initiator subkey, or if that doesn't exists, the subkey.
@@ -61,7 +61,7 @@ _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
ctx->auth_context,
key);
if (ret == 0 && *key == NULL) {
- krb5_set_error_string(context, "No initiator subkey available");
+ krb5_set_error_message(context, 0, "No initiator subkey available");
return GSS_KRB5_S_KG_NO_SUBKEY;
}
return ret;
@@ -85,7 +85,7 @@ _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
key);
}
if (ret == 0 && *key == NULL) {
- krb5_set_error_string(context, "No acceptor subkey available");
+ krb5_set_error_message(context, 0, "No acceptor subkey available");
return GSS_KRB5_S_KG_NO_SUBKEY;
}
return ret;
@@ -106,7 +106,7 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
_gsskrb5i_get_initiator_subkey(ctx, context, key);
}
if (*key == NULL) {
- krb5_set_error_string(context, "No token key available");
+ krb5_set_error_message(context, 0, "No token key available");
return GSS_KRB5_S_KG_NO_SUBKEY;
}
return 0;
@@ -259,7 +259,7 @@ wrap_des
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
&schedule, &zero);
memcpy (p - 8, hash, 8);
@@ -279,7 +279,7 @@ wrap_des
(ctx->more_flags & LOCAL) ? 0 : 0xFF,
4);
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_encrypt ((void *)p, (void *)p, 8,
&schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
@@ -296,7 +296,7 @@ wrap_des
for (i = 0; i < sizeof(deskey); ++i)
deskey[i] ^= 0xf0;
- DES_set_key (&deskey, &schedule);
+ DES_set_key_unchecked (&deskey, &schedule);
memset (&zero, 0, sizeof(zero));
DES_cbc_encrypt ((void *)p,
(void *)p,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
index cb1b62308c..a2757140ae 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $");
+RCSID("$Id: gss_acquire_cred.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_acquire_cred(OM_uint32 *minor_status,
const gss_name_t desired_name,
OM_uint32 time_req,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
index 09b592b5da..49efa20c8b 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $");
+RCSID("$Id: gss_add_cred.c 23025 2008-04-17 10:01:57Z lha $");
static struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc)
@@ -71,7 +71,7 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc)
return (new_mc);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_add_cred(OM_uint32 *minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
index 87d1ab3725..d89adbf63a 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c
@@ -32,9 +32,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_add_oid_set_member.c 18817 2006-10-22 09:36:13Z lha $");
+RCSID("$Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_add_oid_set_member (OM_uint32 * minor_status,
const gss_OID member_oid,
gss_OID_set * oid_set)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
index 56e0039379..091e219367 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c
@@ -31,9 +31,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_buffer_set.c 18885 2006-10-24 21:53:02Z lha $");
+RCSID("$Id: gss_buffer_set.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_create_empty_buffer_set
(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set)
@@ -55,7 +55,7 @@ gss_create_empty_buffer_set
return GSS_S_COMPLETE;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_add_buffer_set_member
(OM_uint32 * minor_status,
const gss_buffer_t member_buffer,
@@ -97,7 +97,7 @@ gss_add_buffer_set_member
return GSS_S_COMPLETE;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_buffer_set(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
index c950c03166..d242c56a90 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $");
+RCSID("$Id: gss_canonicalize_name.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_canonicalize_name(OM_uint32 *minor_status,
const gss_name_t input_name,
const gss_OID mech_type,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
index 617ff13d98..1eb7625ee2 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $");
+RCSID("$Id: gss_compare_name.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_compare_name(OM_uint32 *minor_status,
const gss_name_t name1_arg,
const gss_name_t name2_arg,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_context_time.c b/source4/heimdal/lib/gssapi/mech/gss_context_time.c
index 47999f35cf..8dce822a9f 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_context_time.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_context_time.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_context_time.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_context_time.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_time(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
OM_uint32 *time_rec)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c
index 841271b1fd..8dd3527349 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_create_empty_oid_set.c 19951 2007-01-17 10:14:58Z lha $");
+RCSID("$Id: gss_create_empty_oid_set.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_create_empty_oid_set(OM_uint32 *minor_status,
gss_OID_set *oid_set)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
index e8b86e4d22..8f93925585 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c
@@ -32,9 +32,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_decapsulate_token.c 19951 2007-01-17 10:14:58Z lha $");
+RCSID("$Id: gss_decapsulate_token.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_decapsulate_token(gss_buffer_t input_token,
gss_OID oid,
gss_buffer_t output_token)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c
index 8c40994739..91273bcf56 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_delete_sec_context.c 19951 2007-01-17 10:14:58Z lha $");
+RCSID("$Id: gss_delete_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_delete_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t output_token)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c
index fc10933692..0d82400246 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_display_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_display_name.c 21246 2007-06-20 15:25:19Z lha $");
+RCSID("$Id: gss_display_name.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_display_name(OM_uint32 *minor_status,
const gss_name_t input_name,
gss_buffer_t output_name_buffer,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c
index 37ded26db6..5bbc89b1ec 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c
@@ -59,7 +59,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_display_status.c 21247 2007-06-21 00:37:27Z lha $");
+RCSID("$Id: gss_display_status.c 23025 2008-04-17 10:01:57Z lha $");
static const char *
calling_error(OM_uint32 v)
@@ -136,7 +136,7 @@ supplementary_error(OM_uint32 v)
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_display_status(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
index 476d451375..32ecbbacb2 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c
@@ -32,9 +32,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_encapsulate_token.c 19954 2007-01-17 11:50:23Z lha $");
+RCSID("$Id: gss_encapsulate_token.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_encapsulate_token(gss_buffer_t input_token,
gss_OID oid,
gss_buffer_t output_token)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_name.c b/source4/heimdal/lib/gssapi/mech/gss_export_name.c
index 11c9dd2db5..22053202aa 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_export_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_export_name.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_export_name.c 19954 2007-01-17 11:50:23Z lha $");
+RCSID("$Id: gss_export_name.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_export_name(OM_uint32 *minor_status,
const gss_name_t input_name,
gss_buffer_t exported_name)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
index cf13bc0cd3..053d203ba1 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_export_sec_context.c 19954 2007-01-17 11:50:23Z lha $");
+RCSID("$Id: gss_export_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_export_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t interprocess_token)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c
index 496dd2065c..7b33ac0ed9 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_get_mic.c 19954 2007-01-17 11:50:23Z lha $");
+RCSID("$Id: gss_get_mic.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_get_mic(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c
index 6f55a1d61c..104452f5b9 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_import_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_import_name.c 19954 2007-01-17 11:50:23Z lha $");
+RCSID("$Id: gss_import_name.c 23025 2008-04-17 10:01:57Z lha $");
static OM_uint32
_gss_import_export_name(OM_uint32 *minor_status,
@@ -139,7 +139,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
return (GSS_S_COMPLETE);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_import_name(OM_uint32 *minor_status,
const gss_buffer_t input_name_buffer,
const gss_OID input_name_type,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
index 44ca1b2677..c68849ce00 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_import_sec_context.c 19956 2007-01-17 12:04:16Z lha $");
+RCSID("$Id: gss_import_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_import_sec_context(OM_uint32 *minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t *context_handle)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
index 00c6ed28ee..cafb660991 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_indicate_mechs.c 17803 2006-07-05 22:36:49Z lha $");
+RCSID("$Id: gss_indicate_mechs.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_indicate_mechs(OM_uint32 *minor_status,
gss_OID_set *mech_set)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
index b9a1680dcb..d0e92f41ce 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $");
+RCSID("$Id: gss_init_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
@@ -45,7 +45,7 @@ _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
return GSS_C_NO_CREDENTIAL;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_init_sec_context(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
index d45baac602..26f4038071 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_context.c 21125 2007-06-18 20:11:07Z lha $");
+RCSID("$Id: gss_inquire_context.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_context(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
gss_name_t *src_name,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c
index 97c3628225..1610be5538 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c
@@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_cred.c 20626 2007-05-08 13:56:49Z lha $");
+RCSID("$Id: gss_inquire_cred.c 23025 2008-04-17 10:01:57Z lha $");
#define AUSAGE 1
#define IUSAGE 2
@@ -43,7 +43,7 @@ updateusage(gss_cred_usage_t usage, int *usagemask)
*usagemask |= IUSAGE;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_cred(OM_uint32 *minor_status,
const gss_cred_id_t cred_handle,
gss_name_t *name_ret,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c
index aa83efb0c2..fedd963ffa 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_cred_by_mech.c 21124 2007-06-18 20:08:24Z lha $");
+RCSID("$Id: gss_inquire_cred_by_mech.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_cred_by_mech(OM_uint32 *minor_status,
const gss_cred_id_t cred_handle,
const gss_OID mech_type,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
index 7b53a2ff4a..c1bbf3a724 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c
@@ -31,9 +31,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_cred_by_oid.c 19960 2007-01-17 15:09:24Z lha $");
+RCSID("$Id: gss_inquire_cred_by_oid.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_cred_by_oid (OM_uint32 *minor_status,
const gss_cred_id_t cred_handle,
const gss_OID desired_object,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c
index 5330a747a6..6b06a33053 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_mechs_for_name.c 17844 2006-07-20 02:04:00Z lha $");
+RCSID("$Id: gss_inquire_mechs_for_name.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_mechs_for_name(OM_uint32 *minor_status,
const gss_name_t input_name,
gss_OID_set *mech_types)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c
index 65b52cbbc3..1ba1ee0563 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_names_for_mech.c 19960 2007-01-17 15:09:24Z lha $");
+RCSID("$Id: gss_inquire_names_for_mech.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_names_for_mech(OM_uint32 *minor_status,
const gss_OID mechanism,
gss_OID_set *name_types)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
index fd8219ce02..b06a3e10f0 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c
@@ -31,9 +31,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_sec_context_by_oid.c 19961 2007-01-17 15:57:51Z lha $");
+RCSID("$Id: gss_inquire_sec_context_by_oid.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_OID desired_object,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
index 03081cb70f..d6b89e3e23 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c
@@ -27,13 +27,13 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $");
+RCSID("$Id: gss_krb5.c 23420 2008-07-26 18:37:48Z lha $");
#include <krb5.h>
#include <roken.h>
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_copy_ccache(OM_uint32 *minor_status,
gss_cred_id_t cred,
krb5_ccache out)
@@ -91,7 +91,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status,
return ret;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_import_cred(OM_uint32 *minor_status,
krb5_ccache id,
krb5_principal keytab_principal,
@@ -186,7 +186,7 @@ out:
return major_status;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_register_acceptor_identity(const char *identity)
{
struct _gss_mech_switch *m;
@@ -208,7 +208,14 @@ gsskrb5_register_acceptor_identity(const char *identity)
return (GSS_S_COMPLETE);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
+krb5_gss_register_acceptor_identity(const char *identity)
+{
+ return gsskrb5_register_acceptor_identity(identity);
+}
+
+
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_set_dns_canonicalize(int flag)
{
struct _gss_mech_switch *m;
@@ -253,7 +260,7 @@ free_key(gss_krb5_lucid_key_t *key)
memset(key, 0, sizeof(*key));
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
OM_uint32 version,
@@ -396,7 +403,7 @@ out:
return GSS_S_COMPLETE;
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
{
gss_krb5_lucid_context_v1_t *ctx = c;
@@ -424,7 +431,7 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_cred_id_t cred,
OM_uint32 num_enctypes,
@@ -478,7 +485,7 @@ out:
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
{
struct _gss_mech_switch *m;
@@ -509,7 +516,7 @@ gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_ccache_name(OM_uint32 *minor_status,
const char *name,
const char **out_name)
@@ -541,7 +548,7 @@ gss_krb5_ccache_name(OM_uint32 *minor_status,
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
time_t *authtime)
@@ -596,7 +603,7 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int ad_type,
@@ -769,7 +776,7 @@ out:
*
*/
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_keyblock **keyblock)
@@ -780,7 +787,7 @@ gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
keyblock);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_keyblock **keyblock)
@@ -791,7 +798,7 @@ gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
keyblock);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_get_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_keyblock **keyblock)
@@ -802,7 +809,7 @@ gsskrb5_get_subkey(OM_uint32 *minor_status,
keyblock);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_set_default_realm(const char *realm)
{
struct _gss_mech_switch *m;
@@ -824,7 +831,7 @@ gsskrb5_set_default_realm(const char *realm)
return (GSS_S_COMPLETE);
}
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
OM_uint32 *tkt_flags)
@@ -863,3 +870,53 @@ gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
return GSS_S_COMPLETE;
}
+OM_uint32 GSSAPI_LIB_FUNCTION
+gsskrb5_set_time_offset(int offset)
+{
+ struct _gss_mech_switch *m;
+ gss_buffer_desc buffer;
+ OM_uint32 junk;
+ int32_t o = offset;
+
+ _gss_load_mech();
+
+ buffer.value = &o;
+ buffer.length = sizeof(o);
+
+ SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+ if (m->gm_mech.gm_set_sec_context_option == NULL)
+ continue;
+ m->gm_mech.gm_set_sec_context_option(&junk, NULL,
+ GSS_KRB5_SET_TIME_OFFSET_X, &buffer);
+ }
+
+ return (GSS_S_COMPLETE);
+}
+
+OM_uint32 GSSAPI_LIB_FUNCTION
+gsskrb5_get_time_offset(int *offset)
+{
+ struct _gss_mech_switch *m;
+ gss_buffer_desc buffer;
+ OM_uint32 maj_stat, junk;
+ int32_t o;
+
+ _gss_load_mech();
+
+ buffer.value = &o;
+ buffer.length = sizeof(o);
+
+ SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+ if (m->gm_mech.gm_set_sec_context_option == NULL)
+ continue;
+ maj_stat = m->gm_mech.gm_set_sec_context_option(&junk, NULL,
+ GSS_KRB5_GET_TIME_OFFSET_X, &buffer);
+
+ if (maj_stat == GSS_S_COMPLETE) {
+ *offset = o;
+ return maj_stat;
+ }
+ }
+
+ return (GSS_S_UNAVAILABLE);
+}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
index fe65ad1ae1..8abbb7d0cc 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
@@ -28,7 +28,7 @@
#include "mech_locl.h"
#include <heim_threads.h>
-RCSID("$Id: gss_mech_switch.c 21698 2007-07-26 19:07:11Z lha $");
+RCSID("$Id: gss_mech_switch.c 23471 2008-07-27 12:17:49Z lha $");
#ifndef _PATH_GSS_MECH
#define _PATH_GSS_MECH "/etc/gss/mech"
@@ -46,7 +46,7 @@ static int
_gss_string_to_oid(const char* s, gss_OID oid)
{
int number_count, i, j;
- int byte_count;
+ size_t byte_count;
const char *p, *q;
char *res;
@@ -118,7 +118,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
* The number is encoded in seven bit chunks.
*/
unsigned int t;
- int bytes;
+ unsigned int bytes;
bytes = 0;
for (t = number; t; t >>= 7)
@@ -229,6 +229,7 @@ _gss_load_mech(void)
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
return;
}
+ rk_cloexec_file(fp);
while (fgets(buf, sizeof(buf), fp)) {
if (*buf == '#')
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
index 8c75410cc1..b272316115 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
@@ -32,9 +32,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_oid_equal.c 17702 2006-06-28 09:07:08Z lha $");
+RCSID("$Id: gss_oid_equal.c 23025 2008-04-17 10:01:57Z lha $");
-int
+int GSSAPI_LIB_FUNCTION
gss_oid_equal(const gss_OID a, const gss_OID b)
{
if (a == b)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
index e2cecaf6b4..4678a3e710 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
@@ -32,9 +32,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $");
+RCSID("$Id: gss_oid_to_str.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
{
int ret;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c
index dff6b04f14..db55bc24be 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_process_context_token.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_process_context_token.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_process_context_token(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t token_buffer)
diff --git a/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c b/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c
new file mode 100644
index 0000000000..ba027cb95a
--- /dev/null
+++ b/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $ */
+
+#include "mech_locl.h"
+RCSID("$Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $");
+
+OM_uint32 GSSAPI_LIB_FUNCTION
+gss_pseudo_random(OM_uint32 *minor_status,
+ gss_ctx_id_t context,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out)
+{
+ struct _gss_context *ctx = (struct _gss_context *) context;
+ gssapi_mech_interface m = ctx->gc_mech;
+ OM_uint32 major_status;
+
+ _mg_buffer_zero(prf_out);
+ *minor_status = 0;
+
+ if (ctx == NULL) {
+ *minor_status = 0;
+ return GSS_S_NO_CONTEXT;
+ }
+
+ if (m->gm_pseudo_random == NULL)
+ return GSS_S_UNAVAILABLE;
+
+ major_status = (*m->gm_pseudo_random)(minor_status, ctx->gc_ctx,
+ prf_key, prf_in, desired_output_len,
+ prf_out);
+ if (major_status != GSS_S_COMPLETE)
+ _gss_mg_error(m, major_status, *minor_status);
+
+ return major_status;
+}
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c
index fc55cae030..eb1bf34985 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_buffer.c 19962 2007-01-17 15:59:04Z lha $");
+RCSID("$Id: gss_release_buffer.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_buffer(OM_uint32 *minor_status,
gss_buffer_t buffer)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c
index b26dbd7865..9648929c91 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_cred.c 19963 2007-01-17 16:01:22Z lha $");
+RCSID("$Id: gss_release_cred.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
{
struct _gss_cred *cred = (struct _gss_cred *) *cred_handle;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c
index 313eab8245..d8c36c10a7 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_release_name.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_name.c 18812 2006-10-22 07:59:06Z lha $");
+RCSID("$Id: gss_release_name.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_name(OM_uint32 *minor_status,
gss_name_t *input_name)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c
index 7754787fa8..ccc59638fb 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c
@@ -33,9 +33,9 @@
#include "mech_locl.h"
-RCSID("$Id: gss_release_oid.c 17747 2006-06-30 09:34:54Z lha $");
+RCSID("$Id: gss_release_oid.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
{
gss_OID o = *oid;
diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c
index 388cfdbf4c..00b1f4656d 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_oid_set.c 22144 2007-12-04 17:31:55Z lha $");
+RCSID("$Id: gss_release_oid_set.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_oid_set(OM_uint32 *minor_status,
gss_OID_set *set)
{
diff --git a/source4/heimdal/lib/gssapi/mech/gss_seal.c b/source4/heimdal/lib/gssapi/mech/gss_seal.c
index 71c5e70dc7..7979455430 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_seal.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_seal.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_seal.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_seal.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_seal(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
index c32291396f..bbd75c9849 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c
@@ -31,9 +31,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_set_cred_option.c 21126 2007-06-18 20:19:59Z lha $");
+RCSID("$Id: gss_set_cred_option.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_set_cred_option (OM_uint32 *minor_status,
gss_cred_id_t *cred_handle,
const gss_OID object,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c
index d312251f53..48377fd6bc 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c
@@ -31,9 +31,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_set_sec_context_option.c 19928 2007-01-16 10:37:54Z lha $");
+RCSID("$Id: gss_set_sec_context_option.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_set_sec_context_option (OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
const gss_OID object,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_sign.c b/source4/heimdal/lib/gssapi/mech/gss_sign.c
index 5268197c61..c91b6490d2 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_sign.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_sign.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_sign.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_sign.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_sign(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int qop_req,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
index fc3c5ddeef..ee42cc5d1a 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_test_oid_set_member.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_test_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_test_oid_set_member(OM_uint32 *minor_status,
const gss_OID member,
const gss_OID_set set,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_unseal.c b/source4/heimdal/lib/gssapi/mech/gss_unseal.c
index 205cc6e326..d6f73c5522 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_unseal.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_unseal.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_unseal.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_unseal.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_unseal(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c
index 69c125356b..4866bacbe5 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_unwrap.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_unwrap.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_unwrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify.c b/source4/heimdal/lib/gssapi/mech/gss_verify.c
index f11cac7d2e..d82ceee984 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_verify.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_verify.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_verify.c 17700 2006-06-28 09:00:26Z lha $");
+RCSID("$Id: gss_verify.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_verify(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t message_buffer,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c
index 118f50735f..c58c63ac0f 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_verify_mic.c 19965 2007-01-17 16:23:47Z lha $");
+RCSID("$Id: gss_verify_mic.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_verify_mic(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c
index 0eb9dfbc6d..f6b5077d0e 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_wrap.c 19965 2007-01-17 16:23:47Z lha $");
+RCSID("$Id: gss_wrap.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_wrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
index 35b3ad723d..14f373dada 100644
--- a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
+++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c
@@ -27,9 +27,9 @@
*/
#include "mech_locl.h"
-RCSID("$Id: gss_wrap_size_limit.c 19965 2007-01-17 16:23:47Z lha $");
+RCSID("$Id: gss_wrap_size_limit.c 23025 2008-04-17 10:01:57Z lha $");
-OM_uint32
+OM_uint32 GSSAPI_LIB_FUNCTION
gss_wrap_size_limit(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
index df25b0f4bf..6b618092fe 100644
--- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -33,7 +33,7 @@
#include "spnego/spnego_locl.h"
-RCSID("$Id: accept_sec_context.c 22600 2008-02-21 12:46:24Z lha $");
+RCSID("$Id: accept_sec_context.c 23158 2008-05-02 09:45:28Z lha $");
static OM_uint32
send_reject (OM_uint32 *minor_status,
@@ -376,6 +376,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
char mechbuf[64];
size_t mech_len;
gss_OID_desc oid;
+ gss_OID oidp;
+ gss_OID_set mechs;
+ int i;
OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -396,27 +399,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
*minor_status = 0;
/* Translate broken MS Kebreros OID */
- if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
- gssapi_mech_interface mech;
+ if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
+ oidp = &_gss_spnego_krb5_mechanism_oid_desc;
+ else
+ oidp = &oid;
- mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
- if (mech == NULL)
- return GSS_S_BAD_MECH;
- ret = gss_duplicate_oid(minor_status,
- &_gss_spnego_mskrb_mechanism_oid_desc,
- mech_p);
- } else {
- gssapi_mech_interface mech;
+ ret = gss_indicate_mechs(&junk, &mechs);
+ if (ret)
+ return (ret);
- mech = __gss_get_mechanism(&oid);
- if (mech == NULL)
- return GSS_S_BAD_MECH;
+ for (i = 0; i < mechs->count; i++)
+ if (gss_oid_equal(&mechs->elements[i], oidp))
+ break;
- ret = gss_duplicate_oid(minor_status,
- &mech->gm_mech_oid,
- mech_p);
+ if (i == mechs->count) {
+ gss_release_oid_set(&junk, &mechs);
+ return GSS_S_BAD_MECH;
}
+ gss_release_oid_set(&junk, &mechs);
+
+ ret = gss_duplicate_oid(minor_status,
+ &oid, /* possibly this should be oidp */
+ mech_p);
if (verify_p) {
gss_name_t name = GSS_C_NO_NAME;
@@ -635,9 +640,6 @@ acceptor_start
if (ctx->mech_src_name != GSS_C_NO_NAME)
gss_release_name(&junk, &ctx->mech_src_name);
- if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
- _gss_spnego_release_cred(&junk, &ctx->delegated_cred_id);
-
ret = gss_accept_sec_context(minor_status,
&ctx->negotiated_ctx_id,
mech_cred,
@@ -649,19 +651,20 @@ acceptor_start
&ctx->mech_flags,
&ctx->mech_time_rec,
&mech_delegated_cred);
+
+ if (mech_delegated_cred && delegated_cred_handle) {
+ _gss_spnego_alloc_cred(&junk,
+ mech_delegated_cred,
+ delegated_cred_handle);
+ } else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
+ gss_release_cred(&junk, &mech_delegated_cred);
+
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
ctx->preferred_mech_type = preferred_mech_type;
ctx->negotiated_mech_type = preferred_mech_type;
if (ret == GSS_S_COMPLETE)
ctx->open = 1;
- if (mech_delegated_cred && delegated_cred_handle)
- ret = _gss_spnego_alloc_cred(&junk,
- mech_delegated_cred,
- delegated_cred_handle);
- else
- gss_release_cred(&junk, &mech_delegated_cred);
-
ret = acceptor_complete(minor_status,
ctx,
&get_mic,
@@ -740,10 +743,6 @@ out:
*src_name = (gss_name_t)name;
}
}
- if (delegated_cred_handle != NULL) {
- *delegated_cred_handle = ctx->delegated_cred_id;
- ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
- }
}
if (mech_type != NULL)
@@ -780,7 +779,7 @@ acceptor_continue
gss_cred_id_t *delegated_cred_handle
)
{
- OM_uint32 ret, ret2, minor;
+ OM_uint32 ret, ret2, minor, junk;
NegotiationToken nt;
size_t nt_len;
NegTokenResp *na;
@@ -836,27 +835,16 @@ acceptor_continue
if (mech_input_token != GSS_C_NO_BUFFER) {
gss_cred_id_t mech_cred;
- gss_cred_id_t mech_delegated_cred;
- gss_cred_id_t *mech_delegated_cred_p;
+ gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
if (acceptor_cred != NULL)
mech_cred = acceptor_cred->negotiated_cred_id;
else
mech_cred = GSS_C_NO_CREDENTIAL;
- if (delegated_cred_handle != NULL) {
- mech_delegated_cred = GSS_C_NO_CREDENTIAL;
- mech_delegated_cred_p = &mech_delegated_cred;
- } else {
- mech_delegated_cred_p = NULL;
- }
-
if (ctx->mech_src_name != GSS_C_NO_NAME)
gss_release_name(&minor, &ctx->mech_src_name);
- if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
- _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-
ret = gss_accept_sec_context(&minor,
&ctx->negotiated_ctx_id,
mech_cred,
@@ -867,16 +855,16 @@ acceptor_continue
&obuf,
&ctx->mech_flags,
&ctx->mech_time_rec,
- mech_delegated_cred_p);
+ &mech_delegated_cred);
+
+ if (mech_delegated_cred && delegated_cred_handle) {
+ _gss_spnego_alloc_cred(&junk,
+ mech_delegated_cred,
+ delegated_cred_handle);
+ } else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
+ gss_release_cred(&junk, &mech_delegated_cred);
+
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
- if (mech_delegated_cred_p != NULL &&
- mech_delegated_cred != GSS_C_NO_CREDENTIAL) {
- ret2 = _gss_spnego_alloc_cred(minor_status,
- mech_delegated_cred,
- &ctx->delegated_cred_id);
- if (ret2 != GSS_S_COMPLETE)
- ret = ret2;
- }
mech_output_token = &obuf;
}
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
@@ -958,10 +946,6 @@ acceptor_continue
*src_name = (gss_name_t)name;
}
}
- if (delegated_cred_handle != NULL) {
- *delegated_cred_handle = ctx->delegated_cred_id;
- ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
- }
}
if (mech_type != NULL)
diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c
index 287f4f760e..36de854784 100644
--- a/source4/heimdal/lib/gssapi/spnego/compat.c
+++ b/source4/heimdal/lib/gssapi/spnego/compat.c
@@ -32,7 +32,7 @@
#include "spnego/spnego_locl.h"
-RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $");
+RCSID("$Id: compat.c 22688 2008-03-16 11:33:58Z lha $");
/*
* Apparently Microsoft got the OID wrong, and used
@@ -76,7 +76,6 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
ctx->mech_flags = 0;
ctx->mech_time_rec = 0;
ctx->mech_src_name = GSS_C_NO_NAME;
- ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
ctx->open = 0;
ctx->local = 0;
@@ -124,8 +123,6 @@ OM_uint32 _gss_spnego_internal_delete_sec_context
if (ctx->initiator_mech_types.val != NULL)
free_MechTypeList(&ctx->initiator_mech_types);
- _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-
gss_release_oid(&minor, &ctx->preferred_mech_type);
ctx->negotiated_mech_type = GSS_C_NO_OID;
diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
index 0169017ee5..6f1c3eb4b6 100644
--- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c
@@ -32,7 +32,7 @@
#include "spnego/spnego_locl.h"
-RCSID("$Id: context_stubs.c 22604 2008-02-21 21:12:48Z lha $");
+RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $");
static OM_uint32
spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
@@ -907,7 +907,7 @@ OM_uint32 _gss_spnego_set_sec_context_option
return GSS_S_NO_CONTEXT;
}
- ctx = (gssspnego_ctx)context_handle;
+ ctx = (gssspnego_ctx)*context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
@@ -919,3 +919,31 @@ OM_uint32 _gss_spnego_set_sec_context_option
value);
}
+
+OM_uint32
+_gss_spnego_pseudo_random(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out)
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return gss_pseudo_random(minor_status,
+ ctx->negotiated_ctx_id,
+ prf_key,
+ prf_in,
+ desired_output_len,
+ prf_out);
+}
diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
index 2362e99019..d87d7d618e 100644
--- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c
@@ -32,7 +32,7 @@
#include "spnego/spnego_locl.h"
-RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $");
+RCSID("$Id: cred_stubs.c 22688 2008-03-16 11:33:58Z lha $");
OM_uint32
_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
@@ -334,3 +334,23 @@ OM_uint32 _gss_spnego_inquire_cred_by_oid
return ret;
}
+OM_uint32
+_gss_spnego_set_cred_option (OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID object,
+ const gss_buffer_t value)
+{
+ gssspnego_cred cred;
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+
+ cred = (gssspnego_cred)*cred_handle;
+ return gss_set_cred_option(minor_status,
+ &cred->negotiated_cred_id,
+ object,
+ value);
+}
+
diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c
index 6c9a03a3b0..317d358707 100644
--- a/source4/heimdal/lib/gssapi/spnego/external.c
+++ b/source4/heimdal/lib/gssapi/spnego/external.c
@@ -33,7 +33,7 @@
#include "spnego/spnego_locl.h"
#include <gssapi_mech.h>
-RCSID("$Id: external.c 22600 2008-02-21 12:46:24Z lha $");
+RCSID("$Id: external.c 22688 2008-03-16 11:33:58Z lha $");
/*
* RFC2478, SPNEGO:
@@ -57,8 +57,8 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_verify_mic,
_gss_spnego_wrap,
_gss_spnego_unwrap,
- NULL,
- NULL,
+ NULL, /* gm_display_status */
+ NULL, /* gm_indicate_mechs */
_gss_spnego_compare_name,
_gss_spnego_display_name,
_gss_spnego_import_name,
@@ -74,7 +74,12 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_inquire_names_for_mech,
_gss_spnego_inquire_mechs_for_name,
_gss_spnego_canonicalize_name,
- _gss_spnego_duplicate_name
+ _gss_spnego_duplicate_name,
+ _gss_spnego_inquire_sec_context_by_oid,
+ _gss_spnego_inquire_cred_by_oid,
+ _gss_spnego_set_sec_context_option,
+ _gss_spnego_set_cred_option,
+ _gss_spnego_pseudo_random
};
gssapi_mech_interface
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego-private.h b/source4/heimdal/lib/gssapi/spnego/spnego-private.h
index 69f4d8423d..3b20d737b7 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego-private.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego-private.h
@@ -225,6 +225,15 @@ _gss_spnego_process_context_token (
const gss_buffer_t token_buffer );
OM_uint32
+_gss_spnego_pseudo_random (
+ OM_uint32 */*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*prf_key*/,
+ const gss_buffer_t /*prf_in*/,
+ ssize_t /*desired_output_len*/,
+ gss_buffer_t /*prf_out*/);
+
+OM_uint32
_gss_spnego_release_cred (
OM_uint32 */*minor_status*/,
gss_cred_id_t */*cred_handle*/);
@@ -251,6 +260,13 @@ _gss_spnego_seal (
gss_buffer_t output_message_buffer );
OM_uint32
+_gss_spnego_set_cred_option (
+ OM_uint32 */*minor_status*/,
+ gss_cred_id_t */*cred_handle*/,
+ const gss_OID /*object*/,
+ const gss_buffer_t /*value*/);
+
+OM_uint32
_gss_spnego_set_sec_context_option (
OM_uint32 * /*minor_status*/,
gss_ctx_id_t * /*context_handle*/,
diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
index 44b24688e1..6eb808efbc 100644
--- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -30,7 +30,7 @@
* SUCH DAMAGE.
*/
-/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
+/* $Id: spnego_locl.h 23161 2008-05-05 09:56:20Z lha $ */
#ifndef SPNEGO_LOCL_H
#define SPNEGO_LOCL_H
@@ -86,7 +86,6 @@ typedef struct {
OM_uint32 mech_flags;
OM_uint32 mech_time_rec;
gss_name_t mech_src_name;
- gss_cred_id_t delegated_cred_id;
unsigned int open : 1;
unsigned int local : 1;
unsigned int require_mic : 1;