diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am index b6ed90ce4..d67157e5f 100644 --- a/lib/gssapi/Makefile.am +++ b/lib/gssapi/Makefile.am @@ -85,7 +85,6 @@ mechsrc = \ mech/gss_acquire_cred_ext.c \ mech/gss_acquire_cred_with_password.c \ mech/gss_add_cred.c \ - mech/gss_add_cred_with_password.c \ mech/gss_add_oid_set_member.c \ mech/gss_aeap.c \ mech/gss_buffer_set.c \ diff --git a/lib/gssapi/gssapi_mech.h b/lib/gssapi/gssapi_mech.h index 0f9ab623d..db739ffde 100644 --- a/lib/gssapi/gssapi_mech.h +++ b/lib/gssapi/gssapi_mech.h @@ -460,34 +460,6 @@ struct gss_mo_desc_struct { int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t); }; -typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t - (OM_uint32 *, /* minor_status */ - const gss_name_t, /* desired_name */ - const gss_buffer_t, /* password */ - OM_uint32, /* time_req */ - const gss_OID_set, /* desired_mechs */ - gss_cred_usage_t, /* cred_usage */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 * /* time_rec */ - ); - - -typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t ( - OM_uint32 *, /* minor_status */ - const gss_cred_id_t, /* input_cred_handle */ - const gss_name_t, /* desired_name */ - const gss_OID, /* desired_mech */ - const gss_buffer_t, /* password */ - gss_cred_usage_t, /* cred_usage */ - OM_uint32, /* initiator_time_req */ - OM_uint32, /* acceptor_time_req */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 *, /* initiator_time_rec */ - OM_uint32 * /* acceptor_time_rec */ - ); - typedef OM_uint32 GSSAPI_CALLCONV _gss_pname_to_uid_t ( OM_uint32 *, /* minor_status */ const gss_name_t, /* name */ @@ -572,8 +544,6 @@ typedef struct gssapi_mech_interface_desc { _gss_set_name_attribute_t *gm_set_name_attribute; _gss_delete_name_attribute_t *gm_delete_name_attribute; _gss_export_name_composite_t *gm_export_name_composite; - _gss_acquire_cred_with_password_t *gm_acquire_cred_with_password; - _gss_add_cred_with_password_t *gm_add_cred_with_password; struct gss_mech_compat_desc_struct *gm_compat; } gssapi_mech_interface_desc, *gssapi_mech_interface; diff --git a/lib/gssapi/libgssapi-exports.def b/lib/gssapi/libgssapi-exports.def index 21989e6db..37842bc26 100644 --- a/lib/gssapi/libgssapi-exports.def +++ b/lib/gssapi/libgssapi-exports.def @@ -11,6 +11,7 @@ EXPORTS __gss_c_attr_stream_sizes_oid_desc DATA gss_accept_sec_context gss_acquire_cred + gss_acquire_cred_ext gss_acquire_cred_with_password gss_add_buffer_set_member gss_add_cred diff --git a/lib/gssapi/mech/compat.h b/lib/gssapi/mech/compat.h index b3ac2f544..e63f1e534 100644 --- a/lib/gssapi/mech/compat.h +++ b/lib/gssapi/mech/compat.h @@ -51,13 +51,44 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_attrs_for_mech_t ( gss_OID_set * /* known_mech_attrs */ ); +typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* desired_name */ + const gss_buffer_t, /* password */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* input_cred_handle */ + const gss_name_t, /* desired_name */ + const gss_OID, /* desired_mech */ + const gss_buffer_t, /* password */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + /* * API-as-SPI compatibility for compatibility with MIT mechanisms; * native Heimdal mechanisms should not use these. */ struct gss_mech_compat_desc_struct { - _gss_inquire_saslname_for_mech_t *gmc_inquire_saslname_for_mech; - _gss_inquire_mech_for_saslname_t *gmc_inquire_mech_for_saslname; - _gss_inquire_attrs_for_mech_t *gmc_inquire_attrs_for_mech; + _gss_inquire_saslname_for_mech_t *gmc_inquire_saslname_for_mech; + _gss_inquire_mech_for_saslname_t *gmc_inquire_mech_for_saslname; + _gss_inquire_attrs_for_mech_t *gmc_inquire_attrs_for_mech; + _gss_acquire_cred_with_password_t *gmc_acquire_cred_with_password; +#if 0 + _gss_add_cred_with_password_t *gmc_add_cred_with_password; +#endif }; diff --git a/lib/gssapi/mech/gss_acquire_cred_ext.c b/lib/gssapi/mech/gss_acquire_cred_ext.c index 1fbc8b1b5..1c26aae61 100644 --- a/lib/gssapi/mech/gss_acquire_cred_ext.c +++ b/lib/gssapi/mech/gss_acquire_cred_ext.c @@ -109,7 +109,30 @@ gss_acquire_cred_ext(OM_uint32 *minor_status, mc->gmc_mech_oid, cred_usage, &mc->gmc_cred); - } else if (credential_type != GSS_C_NO_OID) { + } else if (gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD) && + m->gm_compat && + m->gm_compat->gmc_acquire_cred_with_password) { + /* + * Shim for mechanisms that adhere to API-as-SPI and do not + * implement gss_acquire_cred_ext(). + */ + gss_OID_set_desc set2; + _gss_acquire_cred_with_password_t *acwp + = m->gm_compat->gmc_acquire_cred_with_password; + + set2.count = 1; + set2.elements = mc->gmc_mech_oid; + + major_status = acwp(minor_status, + desired_mech_name, + (const gss_buffer_t)credential_data, + time_req, + &set2, + cred_usage, + &mc->gmc_cred, + NULL, + NULL); + } else if (credential_type == GSS_C_NO_OID) { gss_OID_set_desc set2; set2.count = 1; diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index a0a76a183..4adfb5eb0 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -360,20 +360,20 @@ _gss_load_mech(void) OPTSYM(export_cred); OPTSYM(import_cred); OPTSYM(acquire_cred_ext); +#if 0 OPTSYM(iter_creds); OPTSYM(destroy_cred); OPTSYM(cred_hold); OPTSYM(cred_unhold); OPTSYM(cred_label_get); OPTSYM(cred_label_set); +#endif OPTSYM(display_name_ext); OPTSYM(inquire_name); OPTSYM(get_name_attribute); OPTSYM(set_name_attribute); OPTSYM(delete_name_attribute); OPTSYM(export_name_composite); - OPTSPISYM(acquire_cred_with_password); - OPTSYM(add_cred_with_password); OPTSYM(pname_to_uid); OPTSPISYM(authorize_localname); @@ -388,6 +388,7 @@ _gss_load_mech(void) COMPATSYM(inquire_saslname_for_mech); COMPATSYM(inquire_mech_for_saslname); COMPATSYM(inquire_attrs_for_mech); + COMPATSYM(acquire_cred_with_password); } /* pick up the oid sets of names */ diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index 27104284a..332513d2f 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -585,11 +585,11 @@ main(int argc, char **argv) gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); gss_release_name(&min_stat, &cname); } else if (credential_type) { - maj_stat = gss_acquire_cred_ex(&min_stat, GSS_C_NO_NAME, - credential_type, &credential_data, - 0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred); + maj_stat = gss_acquire_cred_ext(&min_stat, GSS_C_NO_NAME, + credential_type, &credential_data, + 0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred); if (GSS_ERROR(maj_stat)) - errx(1, "gss_acquire_cred_ex: %s", + errx(1, "gss_acquire_cred_ext: %s", gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); } diff --git a/lib/gssapi/version-script.map b/lib/gssapi/version-script.map index 11e9e3340..2736b2e7c 100644 --- a/lib/gssapi/version-script.map +++ b/lib/gssapi/version-script.map @@ -20,7 +20,7 @@ HEIMDAL_GSS_2.0 { gss_acquire_cred_with_password; gss_add_buffer_set_member; gss_add_cred; - gss_add_cred_with_password; +# gss_add_cred_with_password; gss_add_oid_set_member; gss_authorize_localname; gss_canonicalize_name;