lean client changes

All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
author: Zhanna Tsitkov <tsitkova@mit.edu> 2008-08-20 21:09:14 +0000
committer: Zhanna Tsitkov <tsitkova@mit.edu> 2008-08-20 21:09:14 +0000
commit: dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff (patch)
tree: 4065cf84935a72c2a79016c3083b04a3693a1102 /src/lib/gssapi
parent: 4c8485b11bb27a3763a8f0058547ee7ac84556fe (diff)
download: krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.tar.gz
krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.tar.xz
krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.zip
13 files changed, 136 insertions, 22 deletions
diff --git a/src/lib/gssapi/gss_libinit.c b/src/lib/gssapi/gss_libinit.c
index bb90857132..4c1755fd26 100644
--- a/src/lib/gssapi/gss_libinit.c
+++ b/src/lib/gssapi/gss_libinit.c
@@ -31,9 +31,11 @@ int gssint_lib_init(void)
     err = gssint_mechglue_init();
     if (err)
 	return err;
+#ifndef LEAN_CLIENT
     err = k5_mutex_finish_init(&gssint_krb5_keytab_lock);
     if (err)
 	return err;
+#endif /* LEAN_CLIENT */
     err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free);
     if (err)
 	return err;
@@ -76,7 +78,9 @@ void gssint_lib_fini(void)
 #ifndef _WIN32
     k5_mutex_destroy(&kg_kdc_flag_mutex);
 #endif
+#ifndef LEAN_CLIENT
     k5_mutex_destroy(&gssint_krb5_keytab_lock);
+#endif /* LEAN_CLIENT */
     gssint_mecherrmap_destroy();
     gssint_mechglue_fini();
 }
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index d7f1225137..6b3e0bf0ea 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000, 2004, 2007  by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2004, 2007, 2008  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -77,12 +77,15 @@
 #endif
 #include <assert.h>
 
+
 #ifdef CFX_EXERCISE
 #define CFX_ACCEPTOR_SUBKEY (time(0) & 1)
 #else
 #define CFX_ACCEPTOR_SUBKEY 1
 #endif
 
+#ifndef LEAN_CLIENT 
+
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 static krb5_error_code
 rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
@@ -206,6 +209,7 @@ cleanup:
     return retval;
 }
 
+
 OM_uint32
 krb5_gss_accept_sec_context(minor_status, context_handle, 
 			    verifier_cred_handle, input_token,
@@ -1001,3 +1005,5 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    }
    return (major_status);
 }
+#endif /* LEAN_CLIENT */
+
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 7754e2452e..55d19fd5af 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -91,6 +91,7 @@ static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,
 static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
 #endif
 
+#ifndef LEAN_CLIENT
 k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER;
 static char *krb5_gss_keytab = NULL;
 
@@ -204,6 +205,7 @@ acquire_accept_cred(context, minor_status, desired_name, output_princ, cred)
 
    return(GSS_S_COMPLETE);
 }
+#endif /* LEAN_CLIENT */
 
 /* get credentials corresponding to the default credential cache.
    If the default name is requested, return the name in output_princ.
@@ -507,7 +509,9 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
    cred->prerfc_mech = req_old;
    cred->rfc_mech = req_new;
 
+#ifndef LEAN_CLIENT
    cred->keytab = NULL;
+#endif /* LEAN_CLIENT */
    cred->ccache = NULL;
 
    code = k5_mutex_init(&cred->lock);
@@ -532,7 +536,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 
    /* if requested, acquire credentials for accepting */
    /* this will fill in cred->princ if the desired_name is not specified */
-
+#ifndef LEAN_CLIENT
    if ((cred_usage == GSS_C_ACCEPT) ||
        (cred_usage == GSS_C_BOTH))
       if ((ret = acquire_accept_cred(context, minor_status, desired_name,
@@ -547,6 +551,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 	 krb5_free_context(context);
 	 return(ret);
       }
+#endif /* LEAN_CLIENT */
 
    /* if requested, acquire credentials for initiation */
    /* this will fill in cred->princ if it wasn't set above, and
@@ -559,8 +564,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 			     cred->princ?(gss_name_t)cred->princ:desired_name,
 			     &(cred->princ), cred))
 	  != GSS_S_COMPLETE) {
+#ifndef LEAN_CLIENT
 	 if (cred->keytab)
 	    krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
 	 if (cred->princ)
 	    krb5_free_principal(context, cred->princ);
          k5_mutex_destroy(&cred->lock);
@@ -578,8 +585,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 				      &(cred->princ)))) {
 	 if (cred->ccache)
 	    (void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
 	 if (cred->keytab)
 	    (void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
          k5_mutex_destroy(&cred->lock);
          xfree(cred);
 	 *minor_status = code;
@@ -601,8 +610,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
       if ((code = krb5_timeofday(context, &now))) {
 	 if (cred->ccache)
 	    (void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
 	 if (cred->keytab)
 	    (void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
 	 if (cred->princ)
 	    krb5_free_principal(context, cred->princ);
          k5_mutex_destroy(&cred->lock);
@@ -632,8 +643,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 							   &ret_mechs)))) {
 	   if (cred->ccache)
 	       (void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
 	   if (cred->keytab)
 	       (void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
 	   if (cred->princ)
 	       krb5_free_principal(context, cred->princ);
            k5_mutex_destroy(&cred->lock);
@@ -651,8 +664,10 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
       free(ret_mechs);
       if (cred->ccache)
 	 (void)krb5_cc_close(context, cred->ccache);
+#ifndef LEAN_CLIENT
       if (cred->keytab)
 	 (void)krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
       if (cred->princ)
 	 krb5_free_principal(context, cred->princ);
       k5_mutex_destroy(&cred->lock);
diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c
index 3ac32fc2e7..fdcd9c0d33 100644
--- a/src/lib/gssapi/krb5/add_cred.c
+++ b/src/lib/gssapi/krb5/add_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -209,7 +209,7 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
 	    krb5_free_context(context);
 	    return(GSS_S_FAILURE);
 	}
-	    
+#ifndef LEAN_CLIENT 
 	if (cred->keytab) {
 	    kttype = krb5_kt_get_type(context, cred->keytab);
 	    if ((strlen(kttype)+2) > sizeof(ktboth)) {
@@ -252,16 +252,21 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
 		return(GSS_S_FAILURE);
 	    }
 	} else {
+#endif /* LEAN_CLIENT */
 	    new_cred->keytab = NULL;
+#ifndef LEAN_CLIENT 
 	}
+#endif /* LEAN_CLIENT */
 		
 	if (cred->rcache) {
 	    /* Open the replay cache for this principal. */
 	    if ((code = krb5_get_server_rcache(context,
 					       krb5_princ_component(context, cred->princ, 0),
 					       &new_cred->rcache))) {
+#ifndef LEAN_CLIENT 
 		if (new_cred->keytab)
 		    krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
 		if (new_cred->princ)
 		    krb5_free_principal(context, new_cred->princ);
 		xfree(new_cred);
@@ -282,8 +287,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
 	    if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) {
 		if (new_cred->rcache)
 		    krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT 
 		if (new_cred->keytab)
 		    krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
 		if (new_cred->princ)
 		krb5_free_principal(context, new_cred->princ);
 		xfree(new_cred);
@@ -302,8 +309,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
 	    if (code) {
 		if (new_cred->rcache)
 		    krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT 
 		if (new_cred->keytab)
 		    krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
 		if (new_cred->princ)
 		    krb5_free_principal(context, new_cred->princ);
 		xfree(new_cred);
@@ -324,8 +333,10 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
 		krb5_cc_close(context, new_cred->ccache);
 	    if (new_cred->rcache)
 		krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT 
 	    if (new_cred->keytab)
 		krb5_kt_close(context, new_cred->keytab);
+#endif /* LEAN_CLIENT */
 	    if (new_cred->princ)
 	    krb5_free_principal(context, new_cred->princ);
 	    xfree(new_cred);
diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c
index 867d4d6f50..f20d853d05 100644
--- a/src/lib/gssapi/krb5/export_sec_context.c
+++ b/src/lib/gssapi/krb5/export_sec_context.c
@@ -1,7 +1,7 @@
 /*
  * lib/gssapi/krb5/export_sec_context.c
  *
- * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -29,7 +29,7 @@
  * export_sec_context.c	- Externalize the security context.
  */
 #include "gssapiP_krb5.h"
-
+#ifndef LEAN_CLIENT
 OM_uint32
 krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
     OM_uint32		*minor_status;
@@ -103,3 +103,4 @@ error_out:
 	    *minor_status = (OM_uint32) kret;
     return(retval);
 }
+#endif /* LEAN_CLIENT */
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 57c2ed9ea6..33036fc534 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -211,7 +211,9 @@ typedef struct _krb5_gss_ctx_id_rec {
 
 extern g_set kg_vdb;
 
+#ifndef LEAN_CLIENT
 extern k5_mutex_t gssint_krb5_keytab_lock;
+#endif /* LEAN_CLIENT */
 
 /* helper macros */
 
@@ -363,6 +365,7 @@ OM_uint32 krb5_gss_init_sec_context
             OM_uint32*        /* time_rec */
            );
 
+#ifndef LEAN_CLIENT
 OM_uint32 krb5_gss_accept_sec_context
 (OM_uint32*,       /* minor_status */
             gss_ctx_id_t*,    /* context_handle */
@@ -377,6 +380,7 @@ OM_uint32 krb5_gss_accept_sec_context
             OM_uint32*,       /* time_rec */
             gss_cred_id_t*    /* delegated_cred_handle */
            );
+#endif /* LEAN_CLIENT */
 
 OM_uint32 krb5_gss_process_context_token
 (OM_uint32*,       /* minor_status */
@@ -459,6 +463,7 @@ OM_uint32 krb5_gss_display_name
             gss_OID*         /* output_name_type */
            );
 
+
 OM_uint32 krb5_gss_import_name
 (OM_uint32*,       /* minor_status */
             gss_buffer_t,     /* input_name_buffer */
@@ -574,7 +579,7 @@ OM_uint32 krb5_gss_inquire_cred_by_mech
 	    OM_uint32 *,		/* acceptor_lifetime */
 	    gss_cred_usage_t * 		/* cred_usage */
 	   );
-
+#ifndef LEAN_CLIENT
 OM_uint32 krb5_gss_export_sec_context
 (OM_uint32 *,		/* minor_status */
 	    gss_ctx_id_t *,		/* context_handle */
@@ -586,6 +591,7 @@ OM_uint32 krb5_gss_import_sec_context
 	    gss_buffer_t,		/* interprocess_token */
 	    gss_ctx_id_t *		/* context_handle */
 	    );
+#endif /* LEAN_CLIENT */
 
 krb5_error_code krb5_gss_ser_init(krb5_context);
 
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index 77cf0da5ee..3b2054bd6b 100644
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -27,6 +27,7 @@
 #include "gssapiP_krb5.h"
 #include "mglueP.h"
 
+
 /** mechglue wrappers **/
 
 static OM_uint32 k5glue_acquire_cred
@@ -61,7 +62,8 @@ static OM_uint32 k5glue_init_sec_context
             OM_uint32*,       /* ret_flags */
             OM_uint32*        /* time_rec */
            );
-
+		   
+#ifndef LEAN_CLIENT
 static OM_uint32 k5glue_accept_sec_context
 (void *, OM_uint32*,       /* minor_status */
             gss_ctx_id_t*,    /* context_handle */
@@ -76,6 +78,7 @@ static OM_uint32 k5glue_accept_sec_context
             OM_uint32*,       /* time_rec */
             gss_cred_id_t*    /* delegated_cred_handle */
            );
+#endif   /* LEAN_CLIENT */
 
 static OM_uint32 k5glue_process_context_token
 (void *, OM_uint32*,       /* minor_status */
@@ -94,7 +97,7 @@ static OM_uint32 k5glue_context_time
             gss_ctx_id_t,     /* context_handle */
             OM_uint32*        /* time_rec */
            );
-
+		   
 static OM_uint32 k5glue_sign
 (void *, OM_uint32*,       /* minor_status */
             gss_ctx_id_t,     /* context_handle */
@@ -156,7 +159,7 @@ static OM_uint32 k5glue_display_name
             gss_name_t,      /* input_name */
             gss_buffer_t,    /* output_name_buffer */
             gss_OID*         /* output_name_type */
-           );
+          );
 
 static OM_uint32 k5glue_import_name
 (void *, OM_uint32*,       /* minor_status */
@@ -278,6 +281,7 @@ static OM_uint32 k5glue_inquire_cred_by_mech
 	    gss_cred_usage_t * 		/* cred_usage */
 	   );
 
+#ifndef LEAN_CLIENT
 static OM_uint32 k5glue_export_sec_context
 (void *, OM_uint32 *,		/* minor_status */
 	    gss_ctx_id_t *,		/* context_handle */
@@ -289,6 +293,7 @@ static OM_uint32 k5glue_import_sec_context
 	    gss_buffer_t,		/* interprocess_token */
 	    gss_ctx_id_t *		/* context_handle */
 	    );
+#endif /* LEAN_CLIENT */
 
 krb5_error_code k5glue_ser_init(krb5_context);
 
@@ -338,13 +343,14 @@ static OM_uint32 k5glue_validate_cred
  * ensure that both dispatch tables contain identical function
  * pointers.
  */
+#ifndef LEAN_CLIENT	
 #define KRB5_GSS_CONFIG_INIT				\
     NULL,						\
     k5glue_acquire_cred,				\
     k5glue_release_cred,				\
     k5glue_init_sec_context,				\
     k5glue_accept_sec_context,				\
-    k5glue_process_context_token,			\
+	k5glue_process_context_token,			\
     k5glue_delete_sec_context,				\
     k5glue_context_time,				\
     k5glue_sign,					\
@@ -369,6 +375,42 @@ static OM_uint32 k5glue_validate_cred
     k5glue_export_name,					\
     NULL			/* store_cred */
 
+#else	/* LEAN_CLIENT */
+
+#define KRB5_GSS_CONFIG_INIT				\
+    NULL,						\
+    k5glue_acquire_cred,				\
+    k5glue_release_cred,				\
+    k5glue_init_sec_context,				\
+    NULL,						\
+	k5glue_process_context_token,			\
+    k5glue_delete_sec_context,				\
+    k5glue_context_time,				\
+    k5glue_sign,					\
+    k5glue_verify,					\
+    k5glue_seal,					\
+    k5glue_unseal,					\
+    k5glue_display_status,				\
+    k5glue_indicate_mechs,				\
+    k5glue_compare_name,				\
+    k5glue_display_name,				\
+    k5glue_import_name,					\
+    k5glue_release_name,				\
+    k5glue_inquire_cred,				\
+    k5glue_add_cred,					\
+    NULL,						\
+    NULL,						\
+    k5glue_inquire_cred_by_mech,			\
+    k5glue_inquire_names_for_mech,			\
+    k5glue_inquire_context,				\
+    k5glue_internal_release_oid,			\
+    k5glue_wrap_size_limit,				\
+    k5glue_export_name,					\
+    NULL			/* store_cred */
+
+#endif /* LEAN_CLIENT */	
+
+
 static struct gss_config krb5_mechanism = {
     100, "kerberos_v5",
     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
@@ -414,6 +456,7 @@ gssint_get_mech_configs(void)
     return krb5_mech_configs;
 }
 
+#ifndef LEAN_CLIENT
 static OM_uint32
 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
 		       input_token, input_chan_bindings, src_name, mech_type, 
@@ -443,6 +486,7 @@ k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handl
 				      time_rec,
 				      delegated_cred_handle));
 }
+#endif /* LEAN_CLIENT */
 
 static OM_uint32
 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
@@ -579,7 +623,7 @@ k5glue_display_status(ctx, minor_status, status_value, status_type,
 				  status_type, mech_type, message_context,
 				  status_string));
 }
-
+#ifndef LEAN_CLIENT
 /* V2 */
 static OM_uint32
 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
@@ -592,7 +636,7 @@ k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
 				      context_handle,
 				      interprocess_token));
 }
-
+#endif /* LEAN_CLIENT */
 #if 0
 /* V2 */
 static OM_uint32
@@ -630,6 +674,7 @@ k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output
 				input_name_type, output_name));
 }
 
+#ifndef LEAN_CLIENT
 /* V2 */
 static OM_uint32
 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
@@ -642,6 +687,7 @@ k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
 				      interprocess_token,
 				      context_handle));
 }
+#endif /* LEAN_CLIENT */
 
 static OM_uint32
 k5glue_indicate_mechs(ctx, minor_status, mech_set)
diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index efd9a4f4dc..1b4a6ce55c 100644
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -59,9 +59,11 @@ krb5_gss_release_cred(minor_status, cred_handle)
    else
       code1 = 0;
 
+#ifndef LEAN_CLIENT 
    if (cred->keytab)
       code2 = krb5_kt_close(context, cred->keytab);
    else
+#endif /* LEAN_CLIENT */
       code2 = 0;
 
    if (cred->rcache)
diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
index c12e2bf4ff..9527895eee 100644
--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -33,6 +33,7 @@
 #include <string.h>
 #include <errno.h>
 
+#ifndef LEAN_CLIENT
 static OM_uint32
 val_acc_sec_ctx_args(
     OM_uint32 *minor_status,
@@ -84,7 +85,6 @@ val_acc_sec_ctx_args(
     return (GSS_S_COMPLETE);
 }
 
-
 OM_uint32 KRB5_CALLCONV
 gss_accept_sec_context (minor_status,
                         context_handle,
@@ -361,4 +361,5 @@ error_out:
 
     return (status);
 }
+#endif /* LEAN_CLIENT */
 
diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c
index 28e25b325a..cf9905f830 100644
--- a/src/lib/gssapi/mechglue/g_exp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c
@@ -25,6 +25,7 @@
 /*
  *  glue routine for gss_export_sec_context
  */
+#ifndef LEAN_CLIENT
 
 #include "mglueP.h"
 #include <stdio.h>
@@ -135,3 +136,4 @@ gss_buffer_t		interprocess_token;
     
     return(GSS_S_COMPLETE);
 }
+#endif /*LEAN_CLIENT */
diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
index f83d861707..2b7aacf102 100644
--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -26,6 +26,8 @@
  *  glue routine gss_export_sec_context
  */
 
+#ifndef LEAN_CLIENT
+
 #include "mglueP.h"
 #include <stdio.h>
 #include <errno.h>
@@ -162,3 +164,4 @@ error_out:
     }
     return status;
 }
+#endif /* LEAN_CLIENT */
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index 1c8fd7a7b5..717181c6b2 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -167,6 +167,7 @@ OM_uint32 spnego_gss_init_sec_context
 	OM_uint32 *		/* time_rec */
 );
 
+#ifndef LEAN_CLIENT
 OM_uint32 spnego_gss_accept_sec_context
 (
 	void *,			/* spnego context */
@@ -183,6 +184,7 @@ OM_uint32 spnego_gss_accept_sec_context
 	/* CSTYLED */
 	gss_cred_id_t *		/* delegated_cred_handle */
 );
+#endif /* LEAN_CLIENT */
 
 OM_uint32 spnego_gss_display_name
 (
@@ -276,7 +278,7 @@ OM_uint32 spnego_gss_context_time
 	const gss_ctx_id_t context_handle,
 	OM_uint32	*time_rec
 );
-
+#ifndef LEAN_CLIENT
 OM_uint32 spnego_gss_export_sec_context
 (
 	void *context,
@@ -292,6 +294,7 @@ OM_uint32 spnego_gss_import_sec_context
 	const gss_buffer_t	interprocess_token,
 	gss_ctx_id_t		*context_handle
 );
+#endif /* LEAN_CLIENT */
 
 OM_uint32 spnego_gss_inquire_context
 (
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 9f68a6ccdf..775306f0be 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006,2007 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
  * All rights reserved.
  *
  * Export of this software from the United States of America may
@@ -45,6 +45,7 @@
 #include	"gssapiP_spnego.h"
 #include	<gssapi_err_generic.h>
 
+
 #undef g_token_size
 #undef g_verify_token_header
 #undef g_make_token_header
@@ -164,7 +165,11 @@ static struct gss_config spnego_mechanism =
 	spnego_gss_acquire_cred,
 	spnego_gss_release_cred,
 	spnego_gss_init_sec_context,
+#ifndef LEAN_CLIENT
 	spnego_gss_accept_sec_context,
+#else
+	NULL,				
+#endif  /* LEAN_CLIENT */
 	NULL,				/* gss_process_context_token */
 	spnego_gss_delete_sec_context,	/* gss_delete_sec_context */
 	spnego_gss_context_time,	/* gss_context_time */
@@ -180,8 +185,13 @@ static struct gss_config spnego_mechanism =
 	spnego_gss_release_name,
 	NULL,				/* gss_inquire_cred */
 	NULL,				/* gss_add_cred */
-	spnego_gss_export_sec_context,	/* gss_export_sec_context */
-	spnego_gss_import_sec_context,	/* gss_import_sec_context */
+#ifndef LEAN_CLIENT
+	spnego_gss_export_sec_context,		/* gss_export_sec_context */
+	spnego_gss_import_sec_context,		/* gss_import_sec_context */
+#else
+	NULL,				/* gss_export_sec_context */
+	NULL,				/* gss_import_sec_context */
+#endif /* LEAN_CLIENT */
 	NULL, 				/* gss_inquire_cred_by_mech */
 	spnego_gss_inquire_names_for_mech,
 	spnego_gss_inquire_context,	/* gss_inquire_context */
@@ -1091,7 +1101,7 @@ cleanup:
 	gss_release_oid_set(&tmpmin, &mech_set);
 	return ret;
 }
-
+#ifndef LEAN_CLIENT
 /*
  * Wrap call to gss_accept_sec_context() and update state
  * accordingly.
@@ -1290,6 +1300,7 @@ cleanup:
 	}
 	return ret;
 }
+#endif /*  LEAN_CLIENT */
 
 
 /*ARGSUSED*/
@@ -1336,6 +1347,7 @@ spnego_gss_display_status(void *ctx,
 	return (GSS_S_COMPLETE);
 }
 
+
 /*ARGSUSED*/
 OM_uint32
 spnego_gss_import_name(void *ctx,
@@ -1389,6 +1401,7 @@ spnego_gss_display_name(void *ctx,
 	return (status);
 }
 
+
 /*ARGSUSED*/
 OM_uint32
 spnego_gss_inquire_names_for_mech(void *ctx,
@@ -1529,7 +1542,7 @@ spnego_gss_context_time(void *context,
 			    time_rec);
 	return (ret);
 }
-
+#ifndef LEAN_CLIENT
 OM_uint32
 spnego_gss_export_sec_context(void *context,
 			    OM_uint32	  *minor_status,
@@ -1555,6 +1568,7 @@ spnego_gss_import_sec_context(void *context,
 				    context_handle);
 	return (ret);
 }
+#endif /* LEAN_CLIENT */
 
 OM_uint32
 spnego_gss_inquire_context(void *context,
author	Zhanna Tsitkov <tsitkova@mit.edu>	2008-08-20 21:09:14 +0000
committer	Zhanna Tsitkov <tsitkova@mit.edu>	2008-08-20 21:09:14 +0000
commit	dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff (patch)
tree	4065cf84935a72c2a79016c3083b04a3693a1102 /src/lib/gssapi
parent	4c8485b11bb27a3763a8f0058547ee7ac84556fe (diff)
download	krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.tar.gz krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.tar.xz krb5-dac88c2b08c7c4cab30b842008dc6fd0f2b4f1ff.zip