shim acquire_cred_with_password SPI into acquire_cred_ext

lib/gssapi/Makefile.am

@@ -85,7 +85,6 @@ mechsrc = \
 	mech/gss_acquire_cred_ext.c \
 	mech/gss_acquire_cred_with_password.c \
 	mech/gss_add_cred.c \
-	mech/gss_add_cred_with_password.c \
 	mech/gss_add_oid_set_member.c \
 	mech/gss_aeap.c \
 	mech/gss_buffer_set.c \

lib/gssapi/gssapi_mech.h

@@ -460,34 +460,6 @@ struct gss_mo_desc_struct {
     int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
 };
 
-typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* desired_name */
-	       const gss_buffer_t,     /* password */
-	       OM_uint32,              /* time_req */
-	       const gss_OID_set,      /* desired_mechs */
-	       gss_cred_usage_t,       /* cred_usage */
-	       gss_cred_id_t *,        /* output_cred_handle */
-	       gss_OID_set *,          /* actual_mechs */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-
-typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* input_cred_handle */
-	       const gss_name_t,       /* desired_name */
-	       const gss_OID,          /* desired_mech */
-	       const gss_buffer_t,     /* password */
-	       gss_cred_usage_t,       /* cred_usage */
-	       OM_uint32,              /* initiator_time_req */
-	       OM_uint32,              /* acceptor_time_req */
-	       gss_cred_id_t *,        /* output_cred_handle */
-	       gss_OID_set *,          /* actual_mechs */
-	       OM_uint32 *,            /* initiator_time_rec */
-	       OM_uint32 *             /* acceptor_time_rec */
-	      );
-
 typedef OM_uint32 GSSAPI_CALLCONV _gss_pname_to_uid_t (
 	       OM_uint32 *,		/* minor_status */
 	       const gss_name_t,	/* name */
@@ -572,8 +544,6 @@ typedef struct gssapi_mech_interface_desc {
         _gss_set_name_attribute_t       *gm_set_name_attribute;
         _gss_delete_name_attribute_t    *gm_delete_name_attribute;
         _gss_export_name_composite_t    *gm_export_name_composite;
-        _gss_acquire_cred_with_password_t   *gm_acquire_cred_with_password;
-        _gss_add_cred_with_password_t   *gm_add_cred_with_password;
         struct gss_mech_compat_desc_struct  *gm_compat;
 } gssapi_mech_interface_desc, *gssapi_mech_interface;
 

lib/gssapi/libgssapi-exports.def

@@ -11,6 +11,7 @@ EXPORTS
 	__gss_c_attr_stream_sizes_oid_desc	DATA
 	gss_accept_sec_context
 	gss_acquire_cred
+	gss_acquire_cred_ext
 	gss_acquire_cred_with_password
 	gss_add_buffer_set_member
 	gss_add_cred

lib/gssapi/mech/compat.h

@@ -51,6 +51,33 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_attrs_for_mech_t (
 	       gss_OID_set *          /* known_mech_attrs */
 	    );
 
+typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
+	      (OM_uint32 *,            /* minor_status */
+	       const gss_name_t,       /* desired_name */
+	       const gss_buffer_t,     /* password */
+	       OM_uint32,              /* time_req */
+	       const gss_OID_set,      /* desired_mechs */
+	       gss_cred_usage_t,       /* cred_usage */
+	       gss_cred_id_t *,        /* output_cred_handle */
+	       gss_OID_set *,          /* actual_mechs */
+	       OM_uint32 *             /* time_rec */
+	      );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t (
+	       OM_uint32 *,            /* minor_status */
+	       const gss_cred_id_t,    /* input_cred_handle */
+	       const gss_name_t,       /* desired_name */
+	       const gss_OID,          /* desired_mech */
+	       const gss_buffer_t,     /* password */
+	       gss_cred_usage_t,       /* cred_usage */
+	       OM_uint32,              /* initiator_time_req */
+	       OM_uint32,              /* acceptor_time_req */
+	       gss_cred_id_t *,        /* output_cred_handle */
+	       gss_OID_set *,          /* actual_mechs */
+	       OM_uint32 *,            /* initiator_time_rec */
+	       OM_uint32 *             /* acceptor_time_rec */
+	      );
+
 /*
  * API-as-SPI compatibility for compatibility with MIT mechanisms;
  * native Heimdal mechanisms should not use these.
@@ -59,5 +86,9 @@ struct gss_mech_compat_desc_struct {
 	_gss_inquire_saslname_for_mech_t    *gmc_inquire_saslname_for_mech;
 	_gss_inquire_mech_for_saslname_t    *gmc_inquire_mech_for_saslname;
 	_gss_inquire_attrs_for_mech_t       *gmc_inquire_attrs_for_mech;
+	_gss_acquire_cred_with_password_t   *gmc_acquire_cred_with_password;
+#if 0
+	_gss_add_cred_with_password_t       *gmc_add_cred_with_password;
+#endif
 };
 

lib/gssapi/mech/gss_acquire_cred_ext.c

@@ -109,7 +109,30 @@ gss_acquire_cred_ext(OM_uint32 *minor_status,
 						  mc->gmc_mech_oid,
 						  cred_usage,
 						  &mc->gmc_cred);
-	} else if (credential_type != GSS_C_NO_OID) {
+	} else if (gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD) &&
+		   m->gm_compat &&
+		   m->gm_compat->gmc_acquire_cred_with_password) {
+	    /*
+	     * Shim for mechanisms that adhere to API-as-SPI and do not
+	     * implement gss_acquire_cred_ext().
+	     */
+	    gss_OID_set_desc set2;
+	    _gss_acquire_cred_with_password_t *acwp
+		= m->gm_compat->gmc_acquire_cred_with_password;
+
+	    set2.count = 1;
+	    set2.elements = mc->gmc_mech_oid;
+
+	    major_status = acwp(minor_status,
+				desired_mech_name,
+				(const gss_buffer_t)credential_data,
+				time_req,
+				&set2,
+				cred_usage,
+				&mc->gmc_cred,
+				NULL,
+				NULL);
+	} else if (credential_type == GSS_C_NO_OID) {
 	    gss_OID_set_desc set2;
 
 	    set2.count = 1;

lib/gssapi/mech/gss_mech_switch.c

@@ -360,20 +360,20 @@ _gss_load_mech(void)
 		OPTSYM(export_cred);
 		OPTSYM(import_cred);
 		OPTSYM(acquire_cred_ext);
+#if 0
 		OPTSYM(iter_creds);
 		OPTSYM(destroy_cred);
 		OPTSYM(cred_hold);
 		OPTSYM(cred_unhold);
 		OPTSYM(cred_label_get);
 		OPTSYM(cred_label_set);
+#endif
 		OPTSYM(display_name_ext);
 		OPTSYM(inquire_name);
 		OPTSYM(get_name_attribute);
 		OPTSYM(set_name_attribute);
 		OPTSYM(delete_name_attribute);
 		OPTSYM(export_name_composite);
-		OPTSPISYM(acquire_cred_with_password);
-		OPTSYM(add_cred_with_password);
 		OPTSYM(pname_to_uid);
 		OPTSPISYM(authorize_localname);
 
@@ -388,6 +388,7 @@ _gss_load_mech(void)
 			COMPATSYM(inquire_saslname_for_mech);
 			COMPATSYM(inquire_mech_for_saslname);
 			COMPATSYM(inquire_attrs_for_mech);
+			COMPATSYM(acquire_cred_with_password);
 		}
 
 		/* pick up the oid sets of names */

lib/gssapi/test_context.c

@@ -585,11 +585,11 @@ main(int argc, char **argv)
 		 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
 	gss_release_name(&min_stat, &cname);
     } else if (credential_type) {
-	maj_stat = gss_acquire_cred_ex(&min_stat, GSS_C_NO_NAME,
+	maj_stat = gss_acquire_cred_ext(&min_stat, GSS_C_NO_NAME,
 	                                credential_type, &credential_data,
                                         0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred);
 	if (GSS_ERROR(maj_stat))
-	    errx(1, "gss_acquire_cred_ex: %s",
+	    errx(1, "gss_acquire_cred_ext: %s",
 		 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
     }
 

lib/gssapi/version-script.map

@@ -20,7 +20,7 @@ HEIMDAL_GSS_2.0 {
 		gss_acquire_cred_with_password;
 		gss_add_buffer_set_member;
 		gss_add_cred;
-		gss_add_cred_with_password;
+#		gss_add_cred_with_password;
 		gss_add_oid_set_member;
 		gss_authorize_localname;
 		gss_canonicalize_name;