diff options
author | Tom Yu <tlyu@mit.edu> | 2006-06-14 22:27:54 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2006-06-14 22:27:54 +0000 |
commit | 4c2bc7a022bff031e101a88363ff7756871e8721 (patch) | |
tree | e2fcdfdbf65e10c6546068e54d832b4a4c237c70 /src/lib/gssapi/krb5 | |
parent | c162f7fadad60a02fc35ba14d1b7e52f225460a4 (diff) | |
download | krb5-4c2bc7a022bff031e101a88363ff7756871e8721.tar.gz krb5-4c2bc7a022bff031e101a88363ff7756871e8721.tar.xz krb5-4c2bc7a022bff031e101a88363ff7756871e8721.zip |
Merge from branches/mechglue. Initial integration of Sun-donated
mechglue and SPNEGO implementations. Additional changes outside of
src/lib/gssapi:
* src/configure.in: Add lib/gssapi/mechglue and lib/gssapi/spnego
to list of directories to output Makefile in.
* src/lib/rpc/unit-test/rpc_test.0/expire.exp (expired): Update
regexp for mechglue.
* src/tests/dejagnu/krb-standalone/v4gssftp.exp (v4ftp_test):
Update "Miscellaneous failure" regexp for mechglue.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18131 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5')
-rw-r--r-- | src/lib/gssapi/krb5/Makefile.in | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 6 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/copy_ccache.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/get_tkt_flags.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 40 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.c | 17 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.hin | 1 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/indicate_mechs.c | 3 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 3 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/krb5_gss_glue.c | 693 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/lucid_context.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/rel_oid.c | 9 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/set_allowable_enctypes.c | 8 |
13 files changed, 686 insertions, 102 deletions
diff --git a/src/lib/gssapi/krb5/Makefile.in b/src/lib/gssapi/krb5/Makefile.in index 7d9e8826ff..7cd9848e77 100644 --- a/src/lib/gssapi/krb5/Makefile.in +++ b/src/lib/gssapi/krb5/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=../../.. myfulldir=lib/gssapi/krb5 mydir=lib/gssapi/krb5 BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic +LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue DEFS= ##DOS##BUILDTOP = ..\..\.. diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index ecda750f59..f461e8d501 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -347,6 +347,12 @@ krb5_gss_accept_sec_context(minor_status, context_handle, &ptr, KG_TOK_CTX_AP_REQ, input_token->length, 1))) { mech_used = gss_mech_krb5; + } else if ((code == G_WRONG_MECH) + &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong, + &(ap_req.length), + &ptr, KG_TOK_CTX_AP_REQ, + input_token->length, 1))) { + mech_used = gss_mech_krb5_wrong; } else if ((code == G_WRONG_MECH) && !(code = g_verify_token_header(gss_mech_krb5_old, &(ap_req.length), diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c index b0cc96fd8f..195be0f842 100644 --- a/src/lib/gssapi/krb5/copy_ccache.c +++ b/src/lib/gssapi/krb5/copy_ccache.c @@ -1,7 +1,7 @@ #include "gssapiP_krb5.h" OM_uint32 KRB5_CALLCONV -gss_krb5_copy_ccache(minor_status, cred_handle, out_ccache) +gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache) OM_uint32 *minor_status; gss_cred_id_t cred_handle; krb5_ccache out_ccache; diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c index 74f1532ae3..19841a086d 100644 --- a/src/lib/gssapi/krb5/get_tkt_flags.c +++ b/src/lib/gssapi/krb5/get_tkt_flags.c @@ -27,7 +27,7 @@ */ OM_uint32 KRB5_CALLCONV -gss_krb5_get_tkt_flags(minor_status, context_handle, ticket_flags) +gss_krb5int_get_tkt_flags(minor_status, context_handle, ticket_flags) OM_uint32 *minor_status; gss_ctx_id_t context_handle; krb5_flags *ticket_flags; diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 3539ac7a91..b23bda4069 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -74,6 +74,17 @@ /** constants **/ +#define GSS_MECH_KRB5_OID_LENGTH 9 +#define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002" + +#define GSS_MECH_KRB5_OLD_OID_LENGTH 5 +#define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002" + +/* Incorrect krb5 mech OID emitted by MS. */ +#define GSS_MECH_KRB5_WRONG_OID_LENGTH 9 +#define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" + + #define CKSUMTYPE_KG_CB 0x8003 #define KG_TOK_CTX_AP_REQ 0x0100 @@ -575,7 +586,7 @@ OM_uint32 krb5_gss_import_sec_context krb5_error_code krb5_gss_ser_init(krb5_context); -OM_uint32 krb5_gss_release_oid +OM_uint32 krb5_gss_internal_release_oid (OM_uint32 *, /* minor_status */ gss_OID * /* oid */ ); @@ -631,6 +642,33 @@ OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, int *conf_state, int *qop_state, int toktype); +/* + * These take unglued krb5-mech-specific contexts. + */ + +OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags + (OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_flags *ticket_flags); + +OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache + (OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + krb5_ccache out_ccache); + +OM_uint32 KRB5_CALLCONV +gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_ktypes, + krb5_enctype *ktypes); + +OM_uint32 KRB5_CALLCONV +gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **kctx); + + extern k5_mutex_t kg_kdc_flag_mutex; krb5_error_code krb5_gss_init_context (krb5_context *ctxp); diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 94f11ef032..f1c27e487e 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -87,9 +87,11 @@ const gss_OID_desc krb5_gss_oid_array[] = { /* this is the official, rfc-specified OID */ - {9, "\052\206\110\206\367\022\001\002\002"}, - /* this is the unofficial, wrong OID */ - {5, "\053\005\001\005\002"}, + {GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID}, + /* this pre-RFC mech OID */ + {GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID}, + /* this is the unofficial, incorrect mech OID emitted by MS */ + {GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID}, /* this is the v2 assigned OID */ {9, "\052\206\110\206\367\022\001\002\003"}, /* these two are name type OID's */ @@ -108,14 +110,15 @@ const gss_OID_desc krb5_gss_oid_array[] = { const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+0; const gss_OID_desc * const gss_mech_krb5_old = krb5_gss_oid_array+1; -const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+3; -const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+4; -const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME = krb5_gss_oid_array+3; +const gss_OID_desc * const gss_mech_krb5_wrong = krb5_gss_oid_array+2; +const gss_OID_desc * const gss_nt_krb5_name = krb5_gss_oid_array+4; +const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+5; +const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME = krb5_gss_oid_array+4; static const gss_OID_set_desc oidsets[] = { {1, (gss_OID) krb5_gss_oid_array+0}, {1, (gss_OID) krb5_gss_oid_array+1}, - {2, (gss_OID) krb5_gss_oid_array+0}, + {3, (gss_OID) krb5_gss_oid_array+0}, {1, (gss_OID) krb5_gss_oid_array+2}, {3, (gss_OID) krb5_gss_oid_array+0}, }; diff --git a/src/lib/gssapi/krb5/gssapi_krb5.hin b/src/lib/gssapi/krb5/gssapi_krb5.hin index 20002478ec..647d14e395 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.hin +++ b/src/lib/gssapi/krb5/gssapi_krb5.hin @@ -72,6 +72,7 @@ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME; GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5; GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_old; +GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_wrong; GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5; GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5_old; GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5_both; diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c index 48baf1a0e5..9f2a2a1aa0 100644 --- a/src/lib/gssapi/krb5/indicate_mechs.c +++ b/src/lib/gssapi/krb5/indicate_mechs.c @@ -25,6 +25,7 @@ */ #include "gssapiP_krb5.h" +#include "mglueP.h" OM_uint32 krb5_gss_indicate_mechs(minor_status, mech_set) @@ -33,7 +34,7 @@ krb5_gss_indicate_mechs(minor_status, mech_set) { *minor_status = 0; - if (! g_copy_OID_set(gss_mech_set_krb5_both, mech_set)) { + if (! gssint_copy_oid_set(minor_status, gss_mech_set_krb5_both, mech_set)) { *mech_set = GSS_C_NO_OID_SET; *minor_status = ENOMEM; return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 2ce795bb83..6d27fd33cb 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -918,6 +918,9 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { if (!cred->prerfc_mech) err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) { + if (!cred->rfc_mech) + err = 1; } else { err = 1; } diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 583881d8e4..758cfbcb0f 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -25,11 +25,402 @@ */ #include "gssapiP_krb5.h" +#include "mglueP.h" -OM_uint32 KRB5_CALLCONV -gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, +/** mechglue wrappers **/ + +static OM_uint32 k5glue_acquire_cred +(void *, OM_uint32*, /* minor_status */ + gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t*, /* output_cred_handle */ + gss_OID_set*, /* actual_mechs */ + OM_uint32* /* time_rec */ + ); + +static OM_uint32 k5glue_release_cred +(void *, OM_uint32*, /* minor_status */ + gss_cred_id_t* /* cred_handle */ + ); + +static OM_uint32 k5glue_init_sec_context +(void *, OM_uint32*, /* minor_status */ + gss_cred_id_t, /* claimant_cred_handle */ + gss_ctx_id_t*, /* context_handle */ + gss_name_t, /* target_name */ + gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + gss_channel_bindings_t, + /* input_chan_bindings */ + gss_buffer_t, /* input_token */ + gss_OID*, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32*, /* ret_flags */ + OM_uint32* /* time_rec */ + ); + +static OM_uint32 k5glue_accept_sec_context +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t*, /* context_handle */ + gss_cred_id_t, /* verifier_cred_handle */ + gss_buffer_t, /* input_token_buffer */ + gss_channel_bindings_t, + /* input_chan_bindings */ + gss_name_t*, /* src_name */ + gss_OID*, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32*, /* ret_flags */ + OM_uint32*, /* time_rec */ + gss_cred_id_t* /* delegated_cred_handle */ + ); + +static OM_uint32 k5glue_process_context_token +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* token_buffer */ + ); + +static OM_uint32 k5glue_delete_sec_context +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t*, /* context_handle */ + gss_buffer_t /* output_token */ + ); + +static OM_uint32 k5glue_context_time +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + OM_uint32* /* time_rec */ + ); + +static OM_uint32 k5glue_sign +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ + ); + +static OM_uint32 k5glue_verify +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* token_buffer */ + int* /* qop_state */ + ); + +static OM_uint32 k5glue_seal +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + int, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int*, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + ); + +static OM_uint32 k5glue_unseal +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int*, /* conf_state */ + int* /* qop_state */ + ); + +static OM_uint32 k5glue_display_status +(void *, OM_uint32*, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + gss_OID, /* mech_type */ + OM_uint32*, /* message_context */ + gss_buffer_t /* status_string */ + ); + +static OM_uint32 k5glue_indicate_mechs +(void *, OM_uint32*, /* minor_status */ + gss_OID_set* /* mech_set */ + ); + +static OM_uint32 k5glue_compare_name +(void *, OM_uint32*, /* minor_status */ + gss_name_t, /* name1 */ + gss_name_t, /* name2 */ + int* /* name_equal */ + ); + +static OM_uint32 k5glue_display_name +(void *, OM_uint32*, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID* /* output_name_type */ + ); + +static OM_uint32 k5glue_import_name +(void *, OM_uint32*, /* minor_status */ + gss_buffer_t, /* input_name_buffer */ + gss_OID, /* input_name_type */ + gss_name_t* /* output_name */ + ); + +static OM_uint32 k5glue_release_name +(void *, OM_uint32*, /* minor_status */ + gss_name_t* /* input_name */ + ); + +static OM_uint32 k5glue_inquire_cred +(void *, OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + gss_cred_usage_t*,/* cred_usage */ + gss_OID_set * /* mechanisms */ + ); + +static OM_uint32 k5glue_inquire_context +(void *, OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_name_t*, /* initiator_name */ + gss_name_t*, /* acceptor_name */ + OM_uint32*, /* lifetime_rec */ + gss_OID*, /* mech_type */ + OM_uint32*, /* ret_flags */ + int*, /* locally_initiated */ + int* /* open */ + ); + +#if 0 +/* New V2 entry points */ +static OM_uint32 k5glue_get_mic +(void *, OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ + ); + +static OM_uint32 k5glue_verify_mic +(void *, OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* message_token */ + gss_qop_t * /* qop_state */ + ); + +static OM_uint32 k5glue_wrap +(void *, OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + ); + +static OM_uint32 k5glue_unwrap +(void *, OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ + ); +#endif + +static OM_uint32 k5glue_wrap_size_limit +(void *, OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ + ); + +#if 0 +static OM_uint32 k5glue_import_name_object +(void *, OM_uint32 *, /* minor_status */ + void *, /* input_name */ + gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ + ); + +static OM_uint32 k5glue_export_name_object +(void *, OM_uint32 *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* desired_name_type */ + void * * /* output_name */ + ); +#endif + +static OM_uint32 k5glue_add_cred +(void *, OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* input_cred_handle */ + gss_name_t, /* desired_name */ + gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + +static OM_uint32 k5glue_inquire_cred_by_mech +(void *, OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t * /* cred_usage */ + ); + +static OM_uint32 k5glue_export_sec_context +(void *, OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* interprocess_token */ + ); + +static OM_uint32 k5glue_import_sec_context +(void *, OM_uint32 *, /* minor_status */ + gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t * /* context_handle */ + ); + +krb5_error_code k5glue_ser_init(krb5_context); + +static OM_uint32 k5glue_internal_release_oid +(void *, OM_uint32 *, /* minor_status */ + gss_OID * /* oid */ + ); + +static OM_uint32 k5glue_inquire_names_for_mech +(void *, OM_uint32 *, /* minor_status */ + gss_OID, /* mechanism */ + gss_OID_set * /* name_types */ + ); + +#if 0 +static OM_uint32 k5glue_canonicalize_name +(void *, OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + const gss_OID, /* mech_type */ + gss_name_t * /* output_name */ + ); +#endif + +static OM_uint32 k5glue_export_name +(void *, OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t /* exported_name */ + ); + +#if 0 +static OM_uint32 k5glue_duplicate_name +(void *, OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_name_t * /* dest_name */ + ); +#endif + +#if 0 +static OM_uint32 k5glue_validate_cred +(void *, OM_uint32 *, /* minor_status */ + gss_cred_id_t /* cred */ + ); +#endif + +/* + * The krb5 mechanism provides two mech OIDs; use this initializer to + * ensure that both dispatch tables contain identical function + * pointers. + */ +#define KRB5_GSS_CONFIG_INIT \ + NULL, \ + k5glue_acquire_cred, \ + k5glue_release_cred, \ + k5glue_init_sec_context, \ + k5glue_accept_sec_context, \ + k5glue_process_context_token, \ + k5glue_delete_sec_context, \ + k5glue_context_time, \ + k5glue_sign, \ + k5glue_verify, \ + k5glue_seal, \ + k5glue_unseal, \ + k5glue_display_status, \ + k5glue_indicate_mechs, \ + k5glue_compare_name, \ + k5glue_display_name, \ + k5glue_import_name, \ + k5glue_release_name, \ + k5glue_inquire_cred, \ + k5glue_add_cred, \ + k5glue_export_sec_context, \ + k5glue_import_sec_context, \ + k5glue_inquire_cred_by_mech, \ + k5glue_inquire_names_for_mech, \ + k5glue_inquire_context, \ + k5glue_internal_release_oid, \ + k5glue_wrap_size_limit, \ + NULL, /* pname_to_uid */ \ + NULL, /* userok */ \ + k5glue_export_name, \ + NULL /* store_cred */ + +static struct gss_config krb5_mechanism = { + 100, "kerberos_v5", + { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, + KRB5_GSS_CONFIG_INIT +}; + +static struct gss_config krb5_mechanism_old = { + 200, "kerberos_v5 (pre-RFC OID)", + { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, + KRB5_GSS_CONFIG_INIT +}; + +static struct gss_config krb5_mechanism_wrong = { + 300, "kerberos_v5 (wrong OID)", + { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, + KRB5_GSS_CONFIG_INIT +}; + +static gss_mechanism krb5_mech_configs[] = { + &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL +}; + +#ifdef MS_BUG_TEST +static gss_mechanism krb5_mech_configs_hack[] = { + &krb5_mechanism, &krb5_mechanism_old, NULL +} +#endif + +#if 1 +#define gssint_get_mech_configs krb5_gss_get_mech_configs +#endif + +gss_mechanism * +gssint_get_mech_configs(void) +{ +#ifdef MS_BUG_TEST + char *envstr = getenv("MS_FORCE_NO_MSOID"); + + if (envstr != NULL && strcmp(envstr, "1") == 0) { + return krb5_mech_configs_hack; + } +#endif + return krb5_mech_configs; +} + +static OM_uint32 +k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, input_token, input_chan_bindings, src_name, mech_type, output_token, ret_flags, time_rec, delegated_cred_handle) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_cred_id_t verifier_cred_handle; @@ -55,9 +446,10 @@ gss_accept_sec_context(minor_status, context_handle, verifier_cred_handle, delegated_cred_handle)); } -OM_uint32 KRB5_CALLCONV -gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs, +static OM_uint32 +k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, cred_usage, output_cred_handle, actual_mechs, time_rec) + void *ctx; OM_uint32 *minor_status; gss_name_t desired_name; OM_uint32 time_req; @@ -78,11 +470,12 @@ gss_acquire_cred(minor_status, desired_name, time_req, desired_mechs, } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech, +static OM_uint32 +k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, cred_usage, initiator_time_req, acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec, acceptor_time_rec) + void *ctx; OM_uint32 *minor_status; gss_cred_id_t input_cred_handle; gss_name_t desired_name; @@ -102,18 +495,22 @@ gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech, acceptor_time_rec)); } +#if 0 /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_add_oid_set_member(minor_status, member_oid, oid_set) +static OM_uint32 +k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) + void *ctx; OM_uint32 *minor_status; gss_OID member_oid; gss_OID_set *oid_set; { return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); } +#endif -OM_uint32 KRB5_CALLCONV -gss_compare_name(minor_status, name1, name2, name_equal) +static OM_uint32 +k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) + void *ctx; OM_uint32 *minor_status; gss_name_t name1; gss_name_t name2; @@ -123,8 +520,9 @@ gss_compare_name(minor_status, name1, name2, name_equal) name2, name_equal)); } -OM_uint32 KRB5_CALLCONV -gss_context_time(minor_status, context_handle, time_rec) +static OM_uint32 +k5glue_context_time(ctx, minor_status, context_handle, time_rec) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; OM_uint32 *time_rec; @@ -133,17 +531,21 @@ gss_context_time(minor_status, context_handle, time_rec) time_rec)); } +#if 0 /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_create_empty_oid_set(minor_status, oid_set) +static OM_uint32 +k5glue_create_empty_oid_set(ctx, minor_status, oid_set) + void *ctx; OM_uint32 *minor_status; gss_OID_set *oid_set; { return(generic_gss_create_empty_oid_set(minor_status, oid_set)); } +#endif -OM_uint32 KRB5_CALLCONV -gss_delete_sec_context(minor_status, context_handle, output_token) +static OM_uint32 +k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_buffer_t output_token; @@ -152,8 +554,9 @@ gss_delete_sec_context(minor_status, context_handle, output_token) context_handle, output_token)); } -OM_uint32 KRB5_CALLCONV -gss_display_name(minor_status, input_name, output_name_buffer, output_name_type) +static OM_uint32 +k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) + void *ctx; OM_uint32 *minor_status; gss_name_t input_name; gss_buffer_t output_name_buffer; @@ -163,9 +566,10 @@ gss_display_name(minor_status, input_name, output_name_buffer, output_name_type) output_name_buffer, output_name_type)); } -OM_uint32 KRB5_CALLCONV -gss_display_status(minor_status, status_value, status_type, +static OM_uint32 +k5glue_display_status(ctx, minor_status, status_value, status_type, mech_type, message_context, status_string) + void *ctx; OM_uint32 *minor_status; OM_uint32 status_value; int status_type; @@ -179,8 +583,9 @@ gss_display_status(minor_status, status_value, status_type, } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_export_sec_context(minor_status, context_handle, interprocess_token) +static OM_uint32 +k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_buffer_t interprocess_token; @@ -190,10 +595,12 @@ gss_export_sec_context(minor_status, context_handle, interprocess_token) interprocess_token)); } +#if 0 /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_get_mic(minor_status, context_handle, qop_req, +static OM_uint32 +k5glue_get_mic(ctx, minor_status, context_handle, qop_req, message_buffer, message_token) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_qop_t qop_req; @@ -203,27 +610,32 @@ gss_get_mic(minor_status, context_handle, qop_req, return(krb5_gss_get_mic(minor_status, context_handle, qop_req, message_buffer, message_token)); } +#endif -OM_uint32 KRB5_CALLCONV -gss_import_name(minor_status, input_name_buffer, input_name_type, output_name) +static OM_uint32 +k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) + void *ctx; OM_uint32 *minor_status; gss_buffer_t input_name_buffer; gss_OID input_name_type; gss_name_t *output_name; { +#if 0 OM_uint32 err; err = gssint_initialize_library(); if (err) { *minor_status = err; return GSS_S_FAILURE; } +#endif return(krb5_gss_import_name(minor_status, input_name_buffer, input_name_type, output_name)); } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_import_sec_context(minor_status, interprocess_token, context_handle) +static OM_uint32 +k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) + void *ctx; OM_uint32 *minor_status; gss_buffer_t interprocess_token; gss_ctx_id_t *context_handle; @@ -233,19 +645,21 @@ gss_import_sec_context(minor_status, interprocess_token, context_handle) context_handle)); } -OM_uint32 KRB5_CALLCONV -gss_indicate_mechs(minor_status, mech_set) +static OM_uint32 +k5glue_indicate_mechs(ctx, minor_status, mech_set) + void *ctx; OM_uint32 *minor_status; gss_OID_set *mech_set; { return(krb5_gss_indicate_mechs(minor_status, mech_set)); } -OM_uint32 KRB5_CALLCONV -gss_init_sec_context(minor_status, claimant_cred_handle, context_handle, +static OM_uint32 +k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, target_name, mech_type, req_flags, time_req, input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec) + void *ctx; OM_uint32 *minor_status; gss_cred_id_t claimant_cred_handle; gss_ctx_id_t *context_handle; @@ -268,10 +682,11 @@ gss_init_sec_context(minor_status, claimant_cred_handle, context_handle, time_rec)); } -OM_uint32 KRB5_CALLCONV -gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, +static OM_uint32 +k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, locally_initiated, open) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_name_t *initiator_name; @@ -288,9 +703,10 @@ gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, open)); } -OM_uint32 KRB5_CALLCONV -gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, +static OM_uint32 +k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, cred_usage, mechanisms) + void *ctx; OM_uint32 *minor_status; gss_cred_id_t cred_handle; gss_name_t *name; @@ -303,9 +719,10 @@ gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, +static OM_uint32 +k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, initiator_lifetime, acceptor_lifetime, cred_usage) + void *ctx; OM_uint32 *minor_status; gss_cred_id_t cred_handle; gss_OID mech_type; @@ -320,8 +737,9 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_inquire_names_for_mech(minor_status, mechanism, name_types) +static OM_uint32 +k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) + void *ctx; OM_uint32 *minor_status; gss_OID mechanism; gss_OID_set *name_types; @@ -331,18 +749,22 @@ gss_inquire_names_for_mech(minor_status, mechanism, name_types) name_types)); } +#if 0 /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_oid_to_str(minor_status, oid, oid_str) +static OM_uint32 +k5glue_oid_to_str(ctx, minor_status, oid, oid_str) + void *ctx; OM_uint32 *minor_status; gss_OID oid; gss_buffer_t oid_str; { return(generic_gss_oid_to_str(minor_status, oid, oid_str)); } +#endif -OM_uint32 KRB5_CALLCONV -gss_process_context_token(minor_status, context_handle, token_buffer) +static OM_uint32 +k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t token_buffer; @@ -351,52 +773,62 @@ gss_process_context_token(minor_status, context_handle, token_buffer) context_handle, token_buffer)); } -OM_uint32 KRB5_CALLCONV -gss_release_cred(minor_status, cred_handle) +static OM_uint32 +k5glue_release_cred(ctx, minor_status, cred_handle) + void *ctx; OM_uint32 *minor_status; gss_cred_id_t *cred_handle; { return(krb5_gss_release_cred(minor_status, cred_handle)); } -OM_uint32 KRB5_CALLCONV -gss_release_name(minor_status, input_name) +static OM_uint32 +k5glue_release_name(ctx, minor_status, input_name) + void *ctx; OM_uint32 *minor_status; gss_name_t *input_name; { return(krb5_gss_release_name(minor_status, input_name)); } -OM_uint32 KRB5_CALLCONV -gss_release_buffer(minor_status, buffer) +#if 0 +static OM_uint32 +k5glue_release_buffer(ctx, minor_status, buffer) + void *ctx; OM_uint32 *minor_status; gss_buffer_t buffer; { return(generic_gss_release_buffer(minor_status, buffer)); } +#endif /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_release_oid(minor_status, oid) +static OM_uint32 +k5glue_internal_release_oid(ctx, minor_status, oid) + void *ctx; OM_uint32 *minor_status; gss_OID *oid; { - return(krb5_gss_release_oid(minor_status, oid)); + return(krb5_gss_internal_release_oid(minor_status, oid)); } -OM_uint32 KRB5_CALLCONV -gss_release_oid_set(minor_status, set) +#if 0 +static OM_uint32 +k5glue_release_oid_set(ctx, minor_status, set) + void *ctx; OM_uint32 * minor_status; gss_OID_set *set; { return(generic_gss_release_oid_set(minor_status, set)); } +#endif /* V1 only */ -OM_uint32 KRB5_CALLCONV -gss_seal(minor_status, context_handle, conf_req_flag, qop_req, +static OM_uint32 +k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; @@ -410,10 +842,11 @@ gss_seal(minor_status, context_handle, conf_req_flag, qop_req, conf_state, output_message_buffer)); } -OM_uint32 KRB5_CALLCONV -gss_sign(minor_status, context_handle, +static OM_uint32 +k5glue_sign(ctx, minor_status, context_handle, qop_req, message_buffer, message_token) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int qop_req; @@ -424,10 +857,12 @@ gss_sign(minor_status, context_handle, qop_req, message_buffer, message_token)); } +#if 0 /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_verify_mic(minor_status, context_handle, +static OM_uint32 +k5glue_verify_mic(ctx, minor_status, context_handle, message_buffer, token_buffer, qop_state) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; @@ -439,9 +874,10 @@ gss_verify_mic(minor_status, context_handle, } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, +static OM_uint32 +k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; @@ -456,8 +892,9 @@ gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_str_to_oid(minor_status, oid_str, oid) +static OM_uint32 +k5glue_str_to_oid(ctx, minor_status, oid_str, oid) + void *ctx; OM_uint32 *minor_status; gss_buffer_t oid_str; gss_OID *oid; @@ -466,8 +903,9 @@ gss_str_to_oid(minor_status, oid_str, oid) } /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_test_oid_set_member(minor_status, member, set, present) +static OM_uint32 +k5glue_test_oid_set_member(ctx, minor_status, member, set, present) + void *ctx; OM_uint32 *minor_status; gss_OID member; gss_OID_set set; @@ -476,11 +914,13 @@ gss_test_oid_set_member(minor_status, member, set, present) return(generic_gss_test_oid_set_member(minor_status, member, set, present)); } +#endif /* V1 only */ -OM_uint32 KRB5_CALLCONV -gss_unseal(minor_status, context_handle, input_message_buffer, +static OM_uint32 +k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; @@ -493,10 +933,12 @@ gss_unseal(minor_status, context_handle, input_message_buffer, conf_state, qop_state)); } +#if 0 /* V2 */ -OM_uint32 KRB5_CALLCONV -gss_unwrap(minor_status, context_handle, input_message_buffer, +static OM_uint32 +k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; @@ -507,11 +949,13 @@ gss_unwrap(minor_status, context_handle, input_message_buffer, return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state)); } +#endif /* V1 only */ -OM_uint32 KRB5_CALLCONV -gss_verify(minor_status, context_handle, message_buffer, +static OM_uint32 +k5glue_verify(ctx, minor_status, context_handle, message_buffer, token_buffer, qop_state) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; @@ -526,9 +970,10 @@ gss_verify(minor_status, context_handle, message_buffer, } /* V2 interface */ -OM_uint32 KRB5_CALLCONV -gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, +static OM_uint32 +k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, qop_req, req_output_size, max_input_size) + void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; @@ -541,9 +986,11 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, req_output_size, max_input_size)); } +#if 0 /* V2 interface */ -OM_uint32 KRB5_CALLCONV -gss_canonicalize_name(minor_status, input_name, mech_type, output_name) +static OM_uint32 +k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) + void *ctx; OM_uint32 *minor_status; const gss_name_t input_name; const gss_OID mech_type; @@ -552,11 +999,12 @@ gss_canonicalize_name(minor_status, input_name, mech_type, output_name) return krb5_gss_canonicalize_name(minor_status, input_name, mech_type, output_name); } - +#endif /* V2 interface */ -OM_uint32 KRB5_CALLCONV -gss_export_name(minor_status, input_name, exported_name) +static OM_uint32 +k5glue_export_name(ctx, minor_status, input_name, exported_name) + void *ctx; OM_uint32 *minor_status; const gss_name_t input_name; gss_buffer_t exported_name; @@ -564,15 +1012,96 @@ gss_export_name(minor_status, input_name, exported_name) return krb5_gss_export_name(minor_status, input_name, exported_name); } +#if 0 /* V2 interface */ -OM_uint32 KRB5_CALLCONV -gss_duplicate_name(minor_status, input_name, dest_name) +static OM_uint32 +k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) + void *ctx; OM_uint32 *minor_status; const gss_name_t input_name; gss_name_t *dest_name; { return krb5_gss_duplicate_name(minor_status, input_name, dest_name); } +#endif + +OM_uint32 KRB5_CALLCONV +gss_krb5_get_tkt_flags( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_flags *ticket_flags) +{ + gss_union_ctx_id_t uctx; + + uctx = (gss_union_ctx_id_t)context_handle; + if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && + !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) + return GSS_S_BAD_MECH; + return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id, + ticket_flags); +} + +OM_uint32 KRB5_CALLCONV +gss_krb5_copy_ccache( + OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + krb5_ccache out_ccache) +{ + gss_union_cred_t ucred; + gss_cred_id_t mcred; + + ucred = (gss_union_cred_t)cred_handle; + + mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); + if (mcred != GSS_C_NO_CREDENTIAL) + return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); + + mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); + if (mcred != GSS_C_NO_CREDENTIAL) + return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); + + return GSS_S_DEFECTIVE_CREDENTIAL; +} + +/* XXX need to delete mechglue ctx too */ +OM_uint32 KRB5_CALLCONV +gss_krb5_export_lucid_sec_context( + OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **kctx) +{ + gss_union_ctx_id_t uctx; + + uctx = (gss_union_ctx_id_t)*context_handle; + if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && + !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) + return GSS_S_BAD_MECH; + return gss_krb5int_export_lucid_sec_context(minor_status, + &uctx->internal_ctx_id, + version, kctx); +} +OM_uint32 KRB5_CALLCONV +gss_krb5_set_allowable_enctypes( + OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_ktypes, + krb5_enctype *ktypes) +{ + gss_union_cred_t ucred; + gss_cred_id_t mcred; + + ucred = (gss_union_cred_t)cred; + mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); + if (mcred != GSS_C_NO_CREDENTIAL) + return gss_krb5int_set_allowable_enctypes(minor_status, mcred, + num_ktypes, ktypes); + mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); + if (mcred != GSS_C_NO_CREDENTIAL) + return gss_krb5int_set_allowable_enctypes(minor_status, mcred, + num_ktypes, ktypes); + return GSS_S_DEFECTIVE_CREDENTIAL; +} diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c index ac81fff603..a1679a93d5 100644 --- a/src/lib/gssapi/krb5/lucid_context.c +++ b/src/lib/gssapi/krb5/lucid_context.c @@ -60,7 +60,7 @@ make_external_lucid_ctx_v1( */ OM_uint32 KRB5_CALLCONV -gss_krb5_export_lucid_sec_context( +gss_krb5int_export_lucid_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, OM_uint32 version, diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c index 01921c02f7..dcb1fe97af 100644 --- a/src/lib/gssapi/krb5/rel_oid.c +++ b/src/lib/gssapi/krb5/rel_oid.c @@ -30,10 +30,11 @@ */ #include "gssapiP_krb5.h" -static OM_uint32 krb5_gss_internal_release_oid (OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ +OM_uint32 krb5_gss_internal_release_oid (OM_uint32 *, /* minor_status */ + gss_OID * /* oid */ ); +#if 0 OM_uint32 krb5_gss_release_oid(minor_status, oid) OM_uint32 *minor_status; @@ -58,8 +59,9 @@ krb5_gss_release_oid(minor_status, oid) return(GSS_S_COMPLETE); } } +#endif -static OM_uint32 +OM_uint32 krb5_gss_internal_release_oid(minor_status, oid) OM_uint32 *minor_status; gss_OID *oid; @@ -71,6 +73,7 @@ krb5_gss_internal_release_oid(minor_status, oid) if ((*oid != gss_mech_krb5) && (*oid != gss_mech_krb5_old) && + (*oid != gss_mech_krb5_wrong) && (*oid != gss_nt_krb5_name) && (*oid != gss_nt_krb5_principal)) { /* We don't know about this OID */ diff --git a/src/lib/gssapi/krb5/set_allowable_enctypes.c b/src/lib/gssapi/krb5/set_allowable_enctypes.c index 2bc2090fa0..f573d7dfcc 100644 --- a/src/lib/gssapi/krb5/set_allowable_enctypes.c +++ b/src/lib/gssapi/krb5/set_allowable_enctypes.c @@ -59,10 +59,10 @@ #include "gssapi_krb5.h" OM_uint32 KRB5_CALLCONV -gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - OM_uint32 num_ktypes, - krb5_enctype *ktypes) +gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + OM_uint32 num_ktypes, + krb5_enctype *ktypes) { int i; krb5_enctype * new_ktypes; |