Changeset 745 for trunk/server/source4/heimdal/lib/gssapi

trunk/server

Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740

trunk/server/source4/heimdal/lib/gssapi/gssapi/gssapi.h

-              r414
+              r745
 #ifndef BUILD_GSSAPI_LIB
 #if defined(_WIN32)
+#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
+#define GSSAPI_LIB_FUNCTION __declspec(dllimport)
+#define GSSAPI_LIB_CALL     __stdcall
 #define GSSAPI_LIB_VARIABLE __declspec(dllimport)
 #else
 #define GSSAPI_LIB_FUNCTION
+#define GSSAPI_LIB_CALL
 #define GSSAPI_LIB_VARIABLE
 #endif
 …
 #endif
+#ifdef _WIN32
+#define GSSAPI_CALLCONV __stdcall
+#else
+#define GSSAPI_CALLCONV
+#endif
 /*
  * Now define the three implementation-dependent types.
 …
 struct gss_name_t_desc_struct;
 typedef struct gss_name_t_desc_struct *gss_name_t;
+typedef const struct gss_name_t_desc_struct *gss_const_name_t;
 struct gss_ctx_id_t_desc_struct;
 typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
+typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t;
 typedef struct gss_OID_desc_struct {
 …
       void      *elements;
 } gss_OID_desc, *gss_OID;
+typedef const gss_OID_desc * gss_const_OID;
 typedef struct gss_OID_set_desc_struct  {
 …
       gss_OID    elements;
 } gss_OID_set_desc, *gss_OID_set;
+typedef const gss_OID_set_desc * gss_const_OID_set;
 typedef int gss_cred_usage_t;
 …
 struct gss_cred_id_t_desc_struct;
 typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
+typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t;
 typedef struct gss_buffer_desc_struct {
 …
       void *value;
 } gss_buffer_desc, *gss_buffer_t;
+typedef const gss_buffer_desc * gss_const_buffer_t;
 typedef struct gss_channel_bindings_struct {
 …
       gss_buffer_desc application_data;
 } *gss_channel_bindings_t;
+typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t;
 /* GGF extension data types */
 …
  */
 typedef OM_uint32 gss_qop_t;
 /*
 …
 #define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11
+#define GSS_IOV_BUFFER_TYPE_FLAG_MASK 0xffff0000
+#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE 0x00010000
+#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED 0x00020000
+#define GSS_IOV_BUFFER_TYPE_FLAG_MASK           0xffff0000
+#define GSS_IOV_BUFFER_FLAG_ALLOCATE            0x00010000
+#define GSS_IOV_BUFFER_FLAG_ALLOCATED           0x00020000
+#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE       0x00010000 /* old name */
+#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED      0x00020000 /* old name */
 #define GSS_IOV_BUFFER_TYPE(_t) ((_t) & ~GSS_IOV_BUFFER_TYPE_FLAG_MASK)
 …
 GSSAPI_CPP_START
+#include <gssapi/gssapi_oid.h>
 /*
 …
  * to that gss_OID_desc.
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_USER_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_user_name_oid_desc;
+#define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
 /*
 …
  * initialized to point to that gss_OID_desc.
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_MACHINE_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_machine_uid_name_oid_desc;
+#define GSS_C_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc)
 /*
 …
  * initialized to point to that gss_OID_desc.
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_STRING_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_string_uid_name_oid_desc;
+#define GSS_C_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc)
 /*
 …
  * implementations
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_hostbased_service_x_oid_desc;
+#define GSS_C_NT_HOSTBASED_SERVICE_X (&__gss_c_nt_hostbased_service_x_oid_desc)
 /*
 …
  * to point to that gss_OID_desc.
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_hostbased_service_oid_desc;
+#define GSS_C_NT_HOSTBASED_SERVICE (&__gss_c_nt_hostbased_service_oid_desc)
 /*
 …
  * to that gss_OID_desc.
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_ANONYMOUS;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc;
+#define GSS_C_NT_ANONYMOUS (&__gss_c_nt_anonymous_oid_desc)
 /*
 …
  * to that gss_OID_desc.
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_EXPORT_NAME;
+/*
+ * Digest mechanism
+ */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
+#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
 /* Major status codes */
 …
 #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
 #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
 /*
 …
  */
 OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred
            (OM_uint32 * /*minor_status*/,
             const gss_name_t /*desired_name*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred
            (OM_uint32 * /*minor_status*/,
             gss_cred_id_t * /*cred_handle*/
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_init_sec_context
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context
            (OM_uint32 * /*minor_status*/,
             const gss_cred_id_t /*initiator_cred_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_accept_sec_context
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_accept_sec_context
            (OM_uint32 * /*minor_status*/,
             gss_ctx_id_t * /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_process_context_token
            (OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_sec_context
            (OM_uint32 * /*minor_status*/,
             gss_ctx_id_t * /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_context_time
            (OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_mic
            (OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify_mic
            (OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap
            (OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap
            (OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_display_status
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_status
            (OM_uint32 * /*minor_status*/,
             OM_uint32 /*status_value*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_indicate_mechs
            (OM_uint32 * /*minor_status*/,
             gss_OID_set * /*mech_set*/
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_compare_name
            (OM_uint32 * /*minor_status*/,
             const gss_name_t /*name1*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name
            (OM_uint32 * /*minor_status*/,
             const gss_name_t /*input_name*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_import_name
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name
            (OM_uint32 * /*minor_status*/,
             const gss_buffer_t /*input_name_buffer*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name
            (OM_uint32  * /*minor_status*/,
             const gss_name_t /*input_name*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name
            (OM_uint32 * /*minor_status*/,
             gss_name_t * /*input_name*/
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_buffer
            (OM_uint32 * /*minor_status*/,
             gss_buffer_t /*buffer*/
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_oid_set
            (OM_uint32 * /*minor_status*/,
             gss_OID_set * /*set*/
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred
            (OM_uint32 * /*minor_status*/,
             const gss_cred_id_t /*cred_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_context (
             OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_size_limit (
             OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_add_cred (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred (
             OM_uint32 * /*minor_status*/,
             const gss_cred_id_t /*input_cred_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred_by_mech (
             OM_uint32 * /*minor_status*/,
             const gss_cred_id_t /*cred_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_sec_context (
             OM_uint32 * /*minor_status*/,
             gss_ctx_id_t * /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_sec_context (
             OM_uint32 * /*minor_status*/,
             const gss_buffer_t /*interprocess_token*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_create_empty_oid_set (
             OM_uint32 * /*minor_status*/,
             gss_OID_set * /*oid_set*/
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member (
             OM_uint32 * /*minor_status*/,
             const gss_OID /*member_oid*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_test_oid_set_member (
             OM_uint32 * /*minor_status*/,
             const gss_OID /*member*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_names_for_mech (
             OM_uint32 * /*minor_status*/,
             const gss_OID /*mechanism*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_mechs_for_name (
             OM_uint32 * /*minor_status*/,
             const gss_name_t /*input_name*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name (
             OM_uint32 * /*minor_status*/,
             const gss_name_t /*input_name*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_name (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_name (
             OM_uint32 * /*minor_status*/,
             const gss_name_t /*src_name*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_oid (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_oid (
             OM_uint32 * /* minor_status */,
             gss_OID /* src_oid */,
 …
            );
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_oid
         (OM_uint32 * /*minor_status*/,
 …
         );
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_oid_to_str(
             OM_uint32 * /*minor_status*/,
 …
            );
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_sec_context_by_oid(
             OM_uint32 * minor_status,
 …
            );
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_set_sec_context_option (OM_uint32 *minor_status,
                             gss_ctx_id_t *context_handle,
 …
                             const gss_buffer_t value);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_set_cred_option (OM_uint32 *minor_status,
                      gss_cred_id_t *cred_handle,
 …
                      const gss_buffer_t value);
+int GSSAPI_LIB_FUNCTION
 gss_oid_equal(const gss_OID a, const gss_OID b);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_oid_equal(gss_const_OID a, gss_const_OID b);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_create_empty_buffer_set
            (OM_uint32 * minor_status,
             gss_buffer_set_t *buffer_set);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_add_buffer_set_member
            (OM_uint32 * minor_status,
 …
             gss_buffer_set_t *buffer_set);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_buffer_set
            (OM_uint32 * minor_status,
             gss_buffer_set_t *buffer_set);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_cred_by_oid(OM_uint32 *minor_status,
                         const gss_cred_id_t cred_handle,
 …
 #define GSS_C_PRF_KEY_PARTIAL 1
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_pseudo_random
         (OM_uint32 *minor_status,
 …
         );
+OM_uint32
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_store_cred(OM_uint32         * /* minor_status */,
                gss_cred_id_t     /* input_cred_handle */,
 …
 } gss_context_stream_sizes;
+extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES;
+OM_uint32 GSSAPI_LIB_FUNCTION
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_attr_stream_sizes_oid_desc;
+#define GSS_C_ATTR_STREAM_SIZES (&__gss_c_attr_stream_sizes_oid_desc)
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_context_query_attributes(OM_uint32 * /* minor_status */,
+                             gss_OID /* attribute */,
+                             const gss_ctx_id_t /* context_handle */,
+                             const gss_OID /* attribute */,
                              void * /*data*/,
                              size_t /* len */);
 …
  */
 OM_uint32 GSSAPI_LIB_FUNCTION GSSAPI_DEPRECATED gss_sign
+GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign
            (OM_uint32 * /*minor_status*/,
             gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION GSSAPI_DEPRECATED gss_verify
+GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify
            (OM_uint32 * /*minor_status*/,
             gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION GSSAPI_DEPRECATED gss_seal
+GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal
            (OM_uint32 * /*minor_status*/,
             gss_ctx_id_t /*context_handle*/,
 …
            );
 OM_uint32 GSSAPI_LIB_FUNCTION GSSAPI_DEPRECATED gss_unseal
+GSSAPI_DEPRECATED GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal
            (OM_uint32 * /*minor_status*/,
             gss_ctx_id_t /*context_handle*/,
 …
            );
 /*
+/**
+ *
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
 gss_encapsulate_token(gss_buffer_t /* input_token */,
                       gss_OID /* oid */,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_encapsulate_token(const gss_buffer_t /* input_token */,
+                      const gss_OID /* oid */,
                       gss_buffer_t /* output_token */);
+OM_uint32 GSSAPI_LIB_FUNCTION
 gss_decapsulate_token(gss_buffer_t /* input_token */,
                       gss_OID /* oid */,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_decapsulate_token(const gss_buffer_t /* input_token */,
+                      const gss_OID /* oid */,
                       gss_buffer_t /* output_token */);
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_wrap_iov(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *,
              gss_iov_buffer_desc *, int);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_unwrap_iov(OM_uint32 *, gss_ctx_id_t, int *, gss_qop_t *,
                gss_iov_buffer_desc *, int);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_wrap_iov_length(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *,
                     gss_iov_buffer_desc *, int);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_iov_buffer(OM_uint32 *, gss_iov_buffer_desc *, int);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_export_cred(OM_uint32 * /* minor_status */,
                 gss_cred_id_t /* cred_handle */,
                 gss_buffer_t /* cred_token */);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_import_cred(OM_uint32 * /* minor_status */,
                 gss_buffer_t /* cred_token */,
                 gss_cred_id_t * /* cred_handle */);
+/*
+ * mech option
+ */
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_mo_set(gss_const_OID mech, gss_const_OID option,
+           int enable, gss_buffer_t value);
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value);
+GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
+gss_mo_list(gss_const_OID mech, gss_OID_set *options);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name);
+/*
+ * SASL glue functions and mech inquire
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
+                              const gss_OID desired_mech,
+                              gss_buffer_t sasl_mech_name,
+                              gss_buffer_t mech_name,
+                              gss_buffer_t mech_description);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
+                              const gss_buffer_t sasl_mech_name,
+                              gss_OID *mech_type);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
+                            gss_const_OID_set desired_mech_attrs,
+                            gss_const_OID_set except_mech_attrs,
+                            gss_const_OID_set critical_mech_attrs,
+                            gss_OID_set *mechs);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
+                           gss_const_OID mech,
+                           gss_OID_set *mech_attr,
+                           gss_OID_set *known_mech_attrs);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_display_mech_attr(OM_uint32 * minor_status,
+                      gss_const_OID mech_attr,
+                      gss_buffer_t name,
+                      gss_buffer_t short_desc,
+                      gss_buffer_t long_desc);
+/*
+ * Naming extensions
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext (
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name */
+    gss_OID,            /* display_as_name_type */
+    gss_buffer_t        /* display_name */
+    );
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_name (
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name */
+    int *,              /* name_is_MN */
+    gss_OID *,          /* MN_mech */
+    gss_buffer_set_t *  /* attrs */
+    );
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_name_attribute (
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name */
+    gss_buffer_t,       /* attr */
+    int *,              /* authenticated */
+    int *,              /* complete */
+    gss_buffer_t,       /* value */
+    gss_buffer_t,       /* display_value */
+    int *               /* more */
+    );
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_name_attribute (
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name */
+    int,                /* complete */
+    gss_buffer_t,       /* attr */
+    gss_buffer_t        /* value */
+    );
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_name_attribute (
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name */
+    gss_buffer_t        /* attr */
+    );
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite (
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name */
+    gss_buffer_t        /* exp_composite_name */
+    );
+/*
+ *
+ */
+GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
+gss_oid_to_name(gss_const_OID oid);
+GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
+gss_name_to_oid(const char *name);
 GSSAPI_CPP_END

trunk/server/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h

-              r414
+              r745
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_USER_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_STRING_UID_NAME;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_MECHANISM;
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc;
+#define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc)
+#define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc)
+#define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc)
+#define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc)
+extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
+#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
 /* for compatibility with MIT api */
 …
 #define gss_mech_krb5 GSS_KRB5_MECHANISM
 #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
-/* Extensions set contexts options */
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COPY_CCACHE_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SEND_TO_KDC_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CCACHE_NAME_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_TIME_OFFSET_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TIME_OFFSET_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_PLUGIN_REGISTER_X;
-/* Extensions inquire context */
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SUBKEY_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_AUTHTIME_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
-/* Extensions creds */
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_IMPORT_CRED_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
-extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
 /*
 …
 struct Principal;
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
                      const char * /*name */,
                      const char ** /*out_name */);
 OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
         (const char */*identity*/);
 OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
         (const char */*identity*/);
 OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
         (OM_uint32 */*minor*/,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity
+        (const char * /*identity*/);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity
+        (const char * /*identity*/);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache
+        (OM_uint32 * /*minor*/,
          gss_cred_id_t /*cred*/,
          struct krb5_ccache_data */*out*/);
+OM_uint32 GSSAPI_LIB_FUNCTION
 gss_krb5_import_cred(OM_uint32 */*minor*/,
+         struct krb5_ccache_data * /*out*/);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_krb5_import_cred(OM_uint32 * /*minor*/,
                      struct krb5_ccache_data * /*in*/,
                      struct Principal * /*keytab_principal*/,
                      struct krb5_keytab_data * /*keytab*/,
                      gss_cred_id_t */*out*/);
 OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
         (OM_uint32 */*minor*/,
+                     gss_cred_id_t * /*out*/);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags
+        (OM_uint32 * /*minor*/,
          gss_ctx_id_t /*context_handle*/,
          OM_uint32 */*tkt_flags*/);
+OM_uint32 GSSAPI_LIB_FUNCTION
+         OM_uint32 * /*tkt_flags*/);
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_extract_authz_data_from_sec_context
         (OM_uint32 * /*minor_status*/,
 …
          gss_buffer_t /*ad_data*/);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_dns_canonicalize(int);
 …
 };
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *)
     GSSKRB5_FUNCTION_DEPRECATED;
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_default_realm(const char *);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
 struct EncryptionKey;
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
                                  gss_ctx_id_t context_handle,
                                  struct EncryptionKey **out);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
                                  gss_ctx_id_t context_handle,
                                  struct EncryptionKey **out);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_get_subkey(OM_uint32 *minor_status,
                    gss_ctx_id_t context_handle,
                    struct EncryptionKey **out);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_time_offset(int);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_get_time_offset(int *);
 …
 };
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *);
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
                                   gss_ctx_id_t *context_handle,
 …
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
                                 void *kctx);
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
                                 gss_cred_id_t cred,

trunk/server/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h

-              r414
+              r745
  *  iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
  */
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_SPNEGO_MECHANISM;
+extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc;
+#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc)
 #define gss_mech_spnego GSS_SPNEGO_MECHANISM

trunk/server/source4/heimdal/lib/gssapi/gssapi_mech.h

-              r414
+              r745
 #include <gssapi.h>
 typedef OM_uint32 _gss_acquire_cred_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_t
               (OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* desired_name */
 …
               );
 typedef OM_uint32 _gss_release_cred_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_release_cred_t
               (OM_uint32 *,            /* minor_status */
                gss_cred_id_t *         /* cred_handle */
               );
 typedef OM_uint32 _gss_init_sec_context_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_init_sec_context_t
               (OM_uint32 *,            /* minor_status */
                const gss_cred_id_t,    /* initiator_cred_handle */
 …
               );
 typedef OM_uint32 _gss_accept_sec_context_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_accept_sec_context_t
               (OM_uint32 *,            /* minor_status */
                gss_ctx_id_t *,         /* context_handle */
 …
               );
 typedef OM_uint32 _gss_process_context_token_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_process_context_token_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_delete_sec_context_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_sec_context_t
               (OM_uint32 *,            /* minor_status */
                gss_ctx_id_t *,         /* context_handle */
 …
               );
 typedef OM_uint32 _gss_context_time_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_context_time_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_get_mic_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_get_mic_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_verify_mic_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_verify_mic_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_wrap_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_unwrap_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_unwrap_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_display_status_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_display_status_t
               (OM_uint32 *,            /* minor_status */
                OM_uint32,              /* status_value */
 …
               );
 typedef OM_uint32 _gss_indicate_mechs_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_indicate_mechs_t
               (OM_uint32 *,            /* minor_status */
                gss_OID_set *           /* mech_set */
               );
 typedef OM_uint32 _gss_compare_name_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_compare_name_t
               (OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* name1 */
 …
               );
 typedef OM_uint32 _gss_display_name_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_t
               (OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* input_name */
 …
               );
 typedef OM_uint32 _gss_import_name_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_import_name_t
               (OM_uint32 *,            /* minor_status */
                const gss_buffer_t,     /* input_name_buffer */
 …
               );
 typedef OM_uint32 _gss_export_name_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_t
               (OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* input_name */
 …
               );
 typedef OM_uint32 _gss_release_name_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_release_name_t
               (OM_uint32 *,            /* minor_status */
                gss_name_t *            /* input_name */
               );
 typedef OM_uint32 _gss_inquire_cred_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_t
               (OM_uint32 *,            /* minor_status */
                const gss_cred_id_t,    /* cred_handle */
 …
               );
 typedef OM_uint32 _gss_inquire_context_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_context_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_wrap_size_limit_t
+typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_size_limit_t
               (OM_uint32 *,            /* minor_status */
                const gss_ctx_id_t,     /* context_handle */
 …
               );
 typedef OM_uint32 _gss_add_cred_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_t (
                OM_uint32 *,            /* minor_status */
                const gss_cred_id_t,    /* input_cred_handle */
 …
               );
 typedef OM_uint32 _gss_inquire_cred_by_mech_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_mech_t (
                OM_uint32 *,            /* minor_status */
                const gss_cred_id_t,    /* cred_handle */
 …
               );
 typedef OM_uint32 _gss_export_sec_context_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_export_sec_context_t (
                OM_uint32 *,            /* minor_status */
                gss_ctx_id_t *,         /* context_handle */
 …
               );
 typedef OM_uint32 _gss_import_sec_context_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_import_sec_context_t (
                OM_uint32 *,            /* minor_status */
                const gss_buffer_t,     /* interprocess_token */
 …
               );
 typedef OM_uint32 _gss_inquire_names_for_mech_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_names_for_mech_t (
                OM_uint32 *,            /* minor_status */
                const gss_OID,          /* mechanism */
 …
               );
 typedef OM_uint32 _gss_inquire_mechs_for_name_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_mechs_for_name_t (
                OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* input_name */
 …
               );
 typedef OM_uint32 _gss_canonicalize_name_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_canonicalize_name_t (
                OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* input_name */
 …
               );
 typedef OM_uint32 _gss_duplicate_name_t (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_duplicate_name_t (
                OM_uint32 *,            /* minor_status */
                const gss_name_t,       /* src_name */
 …
               );
 typedef OM_uint32 _gss_inquire_sec_context_by_oid (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_sec_context_by_oid (
                OM_uint32 *minor_status,
                const gss_ctx_id_t context_handle,
 …
               );
 typedef OM_uint32 _gss_inquire_cred_by_oid (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_oid (
                OM_uint32 *minor_status,
                const gss_cred_id_t cred,
 …
               );
 typedef OM_uint32 _gss_set_sec_context_option (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_set_sec_context_option (
                OM_uint32 *minor_status,
                gss_ctx_id_t *cred_handle,
 …
               );
 typedef OM_uint32 _gss_set_cred_option (
+typedef OM_uint32 GSSAPI_CALLCONV _gss_set_cred_option (
                OM_uint32 *minor_status,
                gss_cred_id_t *cred_handle,
 …
 typedef OM_uint32 _gss_pseudo_random(
+typedef OM_uint32 GSSAPI_CALLCONV _gss_pseudo_random(
                OM_uint32 *minor_status,
                gss_ctx_id_t context,
 …
               );
 typedef OM_uint32
+typedef OM_uint32 GSSAPI_CALLCONV
 _gss_wrap_iov_t(OM_uint32 *minor_status,
                 gss_ctx_id_t  context_handle,
 …
                 int iov_count);
 typedef OM_uint32
+typedef OM_uint32 GSSAPI_CALLCONV
 _gss_unwrap_iov_t(OM_uint32 *minor_status,
                   gss_ctx_id_t context_handle,
 …
                   int iov_count);
 typedef OM_uint32
+typedef OM_uint32 GSSAPI_CALLCONV
 _gss_wrap_iov_length_t(OM_uint32 * minor_status,
                        gss_ctx_id_t context_handle,
 …
                        int iov_count);
 typedef OM_uint32
+typedef OM_uint32 GSSAPI_CALLCONV
 _gss_store_cred_t(OM_uint32         *minor_status,
                   gss_cred_id_t     input_cred_handle,
 …
                   gss_cred_usage_t  *cred_usage_stored);
 typedef OM_uint32
+typedef OM_uint32 GSSAPI_CALLCONV
 _gss_export_cred_t(OM_uint32 *minor_status,
                    gss_cred_id_t cred_handle,
                    gss_buffer_t cred_token);
 typedef OM_uint32
+typedef OM_uint32 GSSAPI_CALLCONV
 _gss_import_cred_t(OM_uint32 * minor_status,
                    gss_buffer_t cred_token,
 …
+#define GMI_VERSION 2
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_acquire_cred_ex_t(void * /* status */,
+                       const gss_name_t /* desired_name */,
+                       OM_uint32 /* flags */,
+                       OM_uint32 /* time_req */,
+                       gss_cred_usage_t /* cred_usage */,
+                       void * /* identity */,
+                       void * /* ctx */,
+                       void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32));
+typedef void GSSAPI_CALLCONV
+_gss_iter_creds_t(OM_uint32 /* flags */,
+                  void * /* userctx */,
+                  void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t));
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_destroy_cred_t(OM_uint32 * /* minor_status */,
+                    gss_cred_id_t * /* cred */);
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_hold_t(OM_uint32 * /* minor_status */,
+                 gss_cred_id_t /* cred */);
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_unhold_t(OM_uint32 * /* minor_status */,
+                   gss_cred_id_t /* cred */);
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_label_set_t(OM_uint32 * /* minor_status */,
+                      gss_cred_id_t /* cred */,
+                      const char * /* label */,
+                      gss_buffer_t /* value */);
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_cred_label_get_t(OM_uint32 * /* minor_status */,
+                      gss_cred_id_t /* cred */,
+                      const char * /* label */,
+                      gss_buffer_t /* value */);
+typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t (
+               OM_uint32 *,            /* minor_status */
+               gss_name_t,             /* name */
+               gss_OID,                /* display_as_name_type */
+               gss_buffer_t            /* display_name */
+              );
+typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_name_t (
+               OM_uint32 *,            /* minor_status */
+               gss_name_t,             /* name */
+               int *,                  /* name_is_MN */
+               gss_OID *,              /* MN_mech */
+               gss_buffer_set_t *      /* attrs */
+              );
+typedef OM_uint32 GSSAPI_CALLCONV _gss_get_name_attribute_t (
+               OM_uint32 *,           /* minor_status */
+               gss_name_t,            /* name */
+               gss_buffer_t,          /* attr */
+               int *,                 /* authenticated */
+               int *,                 /* complete */
+               gss_buffer_t,          /* value */
+               gss_buffer_t,          /* display_value */
+               int *                  /* more */
+            );
+typedef OM_uint32 GSSAPI_CALLCONV _gss_set_name_attribute_t (
+               OM_uint32 *,           /* minor_status */
+               gss_name_t,            /* name */
+               int,                   /* complete */
+               gss_buffer_t,          /* attr */
+               gss_buffer_t           /* value */
+            );
+typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_name_attribute_t (
+               OM_uint32 *,           /* minor_status */
+               gss_name_t,            /* name */
+               gss_buffer_t           /* attr */
+            );
+typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t (
+               OM_uint32 *,           /* minor_status */
+               gss_name_t,            /* name */
+               gss_buffer_t           /* exp_composite_name */
+            );
+/*
+ *
+ */
+typedef struct gss_mo_desc_struct gss_mo_desc;
+typedef OM_uint32 GSSAPI_CALLCONV
+_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *);
+struct gss_mo_desc_struct {
+    gss_OID option;
+    OM_uint32 flags;
+#define GSS_MO_MA               1
+#define GSS_MO_MA_CRITICAL      2
+    const char *name;
+    void *ctx;
+    int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+    int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
+};
+#define GMI_VERSION 5
+/* gm_flags */
+#define GM_USE_MG_CRED          1       /* uses mech glue credentials */
 typedef struct gssapi_mech_interface_desc {
 …
         const char                      *gm_name;
         gss_OID_desc                    gm_mech_oid;
+        unsigned                        gm_flags;
         _gss_acquire_cred_t             *gm_acquire_cred;
         _gss_release_cred_t             *gm_release_cred;
 …
         _gss_export_cred_t              *gm_export_cred;
         _gss_import_cred_t              *gm_import_cred;
+        _gss_acquire_cred_ex_t          *gm_acquire_cred_ex;
+        _gss_iter_creds_t               *gm_iter_creds;
+        _gss_destroy_cred_t             *gm_destroy_cred;
+        _gss_cred_hold_t                *gm_cred_hold;
+        _gss_cred_unhold_t              *gm_cred_unhold;
+        _gss_cred_label_get_t           *gm_cred_label_get;
+        _gss_cred_label_set_t           *gm_cred_label_set;
+        gss_mo_desc                     *gm_mo;
+        size_t                           gm_mo_num;
+        _gss_display_name_ext_t         *gm_display_name_ext;
+        _gss_inquire_name_t             *gm_inquire_name;
+        _gss_get_name_attribute_t       *gm_get_name_attribute;
+        _gss_set_name_attribute_t       *gm_set_name_attribute;
+        _gss_delete_name_attribute_t    *gm_delete_name_attribute;
+        _gss_export_name_composite_t    *gm_export_name_composite;
 } gssapi_mech_interface_desc, *gssapi_mech_interface;
 gssapi_mech_interface
 __gss_get_mechanism(gss_OID /* oid */);
+__gss_get_mechanism(gss_const_OID /* oid */);
 gssapi_mech_interface __gss_spnego_initialize(void);
 …
 void            gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32);
+int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t);
+struct _gss_oid_name_table {
+    gss_OID oid;
+    const char *name;
+    const char *short_desc;
+    const char *long_desc;
+};
+extern struct _gss_oid_name_table _gss_ont_mech[];
+extern struct _gss_oid_name_table _gss_ont_ma[];
 #endif /* GSSAPI_MECH_H */

trunk/server/source4/heimdal/lib/gssapi/krb5/8003.c

-              r414
+              r745
+{
   u_char num[4];
+  MD5_CTX md5;
+  MD5_Init(&md5);
+  EVP_MD_CTX *ctx;
+  ctx = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
   _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num);
   MD5_Update (&md5, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   _gsskrb5_encode_om_uint32 (b->initiator_address.length, num);
   MD5_Update (&md5, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   if (b->initiator_address.length)
     MD5_Update (&md5,
                 b->initiator_address.value,
                 b->initiator_address.length);
+      EVP_DigestUpdate(ctx,
+                       b->initiator_address.value,
+                       b->initiator_address.length);
   _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num);
   MD5_Update (&md5, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
   MD5_Update (&md5, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   if (b->acceptor_address.length)
     MD5_Update (&md5,
                 b->acceptor_address.value,
                 b->acceptor_address.length);
+      EVP_DigestUpdate(ctx,
+                       b->acceptor_address.value,
+                       b->acceptor_address.length);
   _gsskrb5_encode_om_uint32 (b->application_data.length, num);
   MD5_Update (&md5, num, sizeof(num));
+  EVP_DigestUpdate(ctx, num, sizeof(num));
   if (b->application_data.length)
+    MD5_Update (&md5,
+                b->application_data.value,
+                b->application_data.length);
+  MD5_Final (p, &md5);
+      EVP_DigestUpdate(ctx,
+                       b->application_data.value,
+                       b->application_data.length);
+  EVP_DigestFinal_ex(ctx, p, NULL);
+  EVP_MD_CTX_destroy(ctx);
   return 0;
+}
 …
     static unsigned char zeros[16];
-    if (cksum == NULL) {
-        *minor_status = 0;
-        return GSS_S_BAD_BINDINGS;
+    }
     /* XXX should handle checksums > 24 bytes */
     if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {
 …
             return GSS_S_BAD_BINDINGS;
+        }
         if(memcmp(hash, p, sizeof(hash)) != 0) {
+        if(ct_memcmp(hash, p, sizeof(hash)) != 0) {
             *minor_status = 0;
             return GSS_S_BAD_BINDINGS;

trunk/server/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c

-              r414
+              r745
         ret = krb5_kt_default(context, &_gsskrb5_keytab);
     } else {
         char *p;
         asprintf(&p, "FILE:%s", identity);
         if(p == NULL) {
+        char *p = NULL;
+        ret = asprintf(&p, "FILE:%s", identity);
+        if(ret < 0 || p == NULL) {
             HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
             return GSS_S_FAILURE;
 …
     case ETYPE_DES_CBC_MD5:
     case ETYPE_DES3_CBC_MD5:
+    case ETYPE_OLD_DES3_CBC_SHA1:
     case ETYPE_DES3_CBC_SHA1:
     case ETYPE_ARCFOUR_HMAC_MD5:
 …
     int is_cfx = 0;
     krb5_auth_getremoteseqnumber (context,
                                   ctx->auth_context,
                                   &seq_number);
+    krb5_auth_con_getremoteseqnumber (context,
+                                      ctx->auth_context,
+                                      &seq_number);
     _gsskrb5i_is_cfx(context, ctx, 1);
 …
     krb5_error_code ret;
     krb5_data outbuf;
+    /* this e_data value encodes KERB_AP_ERR_TYPE_SKEW_RECOVERY which
+       tells windows to try again with the corrected timestamp. See
+       [MS-KILE] 2.2.1 KERB-ERROR-DATA */
+    krb5_data e_data = { 7, rk_UNCONST("\x30\x05\xa1\x03\x02\x01\x02") };
     /* build server from request if the acceptor had not selected one */
 …
+    }
     ret = krb5_mk_error(context, kret, NULL, NULL, NULL,
+    ret = krb5_mk_error(context, kret, NULL, &e_data, NULL,
                         server, NULL, NULL, &outbuf);
     if (ap_req_server)
 …
      * We need to get the flags out of the 8003 checksum.
      */
+    {
         krb5_authenticator authenticator;
 …
             *minor_status = kret;
             return ret;
+        }
+        if (authenticator->cksum == NULL) {
+            krb5_free_authenticator(context, &authenticator);
+            *minor_status = 0;
+            return GSS_S_BAD_BINDINGS;
+        }
 …
+        }
         kret = krb5_auth_getremoteseqnumber(context,
                                             ctx->auth_context,
                                             &r_seq_number);
+        kret = krb5_auth_con_getremoteseqnumber(context,
+                                                ctx->auth_context,
+                                                &r_seq_number);
         if (kret) {
             *minor_status = kret;
 …
         int32_t tmp_r_seq_number, tmp_l_seq_number;
         kret = krb5_auth_getremoteseqnumber(context,
                                             ctx->auth_context,
                                             &tmp_r_seq_number);
+        kret = krb5_auth_con_getremoteseqnumber(context,
+                                                ctx->auth_context,
+                                                &tmp_r_seq_number);
         if (kret) {
             *minor_status = kret;
 …
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_accept_sec_context(OM_uint32 * minor_status,
                             gss_ctx_id_t * context_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/acquire_cred.c

-              r414
+              r745
                           OM_uint32 *lifetime)
+{
     krb5_creds in_cred, *out_cred;
+    krb5_creds in_cred, out_cred;
     krb5_const_realm realm;
     krb5_error_code kret;
 …
+    }
+    kret = krb5_get_credentials(context, 0,
+                                id, &in_cred, &out_cred);
+    kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred);
     krb5_free_principal(context, in_cred.server);
     if (kret) {
+        *minor_status = kret;
+        return GSS_S_FAILURE;
+    }
+    *lifetime = out_cred->times.endtime;
+    krb5_free_creds(context, out_cred);
+        *minor_status = 0;
+        *lifetime = 0;
+        return GSS_S_COMPLETE;
+    }
+    *lifetime = out_cred.times.endtime;
+    krb5_free_cred_contents(context, &out_cred);
     return GSS_S_COMPLETE;
 …
+}
 OM_uint32 _gsskrb5_acquire_cred
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred
 (OM_uint32 * minor_status,
  const gss_name_t desired_name,
 …
     if (desired_name != GSS_C_NO_NAME) {
         ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
+        ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
                                   desired_name, &handle->principal);
         if (ret) {

trunk/server/source4/heimdal/lib/gssapi/krb5/add_cred.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
 OM_uint32 _gsskrb5_add_cred (
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
      OM_uint32           *minor_status,
      const gss_cred_id_t input_cred_handle,
 …
         if (cred->ccache) {
             const char *type, *name;
             char *type_name;
+            char *type_name = NULL;
             ret = GSS_S_FAILURE;
 …
+                }
                 asprintf(&type_name, "%s:%s", type, name);
                 if (type_name == NULL) {
+                kret = asprintf(&type_name, "%s:%s", type, name);
+                if (kret < 0 || type_name == NULL) {
                     *minor_status = ENOMEM;
                     goto failure;

trunk/server/source4/heimdal/lib/gssapi/krb5/aeap.c

-              r414
+              r745
 #include <roken.h>
 OM_uint32 GSSAPI_LIB_FUNCTION
+OM_uint32 GSSAPI_CALLCONV
 _gk_wrap_iov(OM_uint32 * minor_status,
              gss_ctx_id_t  context_handle,
 …
+}
 OM_uint32 GSSAPI_LIB_FUNCTION
+OM_uint32 GSSAPI_CALLCONV
 _gk_unwrap_iov(OM_uint32 *minor_status,
                gss_ctx_id_t context_handle,
 …
+}
 OM_uint32  GSSAPI_LIB_FUNCTION
+OM_uint32 GSSAPI_CALLCONV
 _gk_wrap_iov_length(OM_uint32 * minor_status,
                     gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/arcfour.c

-              r414
+              r745
     size_t len, total_len;
     u_char k6_data[16], *p0, *p;
     RC4_KEY rc4_key;
+    EVP_CIPHER_CTX rc4_key;
     _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
 …
     memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
+    RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+    RC4 (&rc4_key, 8, p, p);
+    memset(&rc4_key, 0, sizeof(rc4_key));
+    EVP_CIPHER_CTX_init(&rc4_key);
+    EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+    EVP_Cipher(&rc4_key, p, p, 8);
+    EVP_CIPHER_CTX_cleanup(&rc4_key);
     memset(k6_data, 0, sizeof(k6_data));
 …
+    }
     cmp = memcmp(cksum_data, p + 8, 8);
+    cmp = ct_memcmp(cksum_data, p + 8, 8);
     if (cmp) {
         *minor_status = 0;
 …
+    {
         RC4_KEY rc4_key;
+        EVP_CIPHER_CTX rc4_key;
+        RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data);
+        RC4 (&rc4_key, 8, p, SND_SEQ);
+        memset(&rc4_key, 0, sizeof(rc4_key));
+        EVP_CIPHER_CTX_init(&rc4_key);
+        EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
+        EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
+        EVP_CIPHER_CTX_cleanup(&rc4_key);
         memset(k6_data, 0, sizeof(k6_data));
+    }
 …
     if(conf_req_flag) {
         RC4_KEY rc4_key;
         RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data);
         /* XXX ? */
         RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
         memset(&rc4_key, 0, sizeof(rc4_key));
+        EVP_CIPHER_CTX rc4_key;
+        EVP_CIPHER_CTX_init(&rc4_key);
+        EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+        EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen);
+        EVP_CIPHER_CTX_cleanup(&rc4_key);
+    }
     memset(k6_data, 0, sizeof(k6_data));
 …
+    {
         RC4_KEY rc4_key;
+        EVP_CIPHER_CTX rc4_key;
+        RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+        RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
+        memset(&rc4_key, 0, sizeof(rc4_key));
+        EVP_CIPHER_CTX_init(&rc4_key);
+        EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+        EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
+        EVP_CIPHER_CTX_cleanup(&rc4_key);
         memset(k6_data, 0, sizeof(k6_data));
+    }
 …
+    {
         RC4_KEY rc4_key;
+        EVP_CIPHER_CTX rc4_key;
+        RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+        RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
+        memset(&rc4_key, 0, sizeof(rc4_key));
+        EVP_CIPHER_CTX_init(&rc4_key);
+        EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+        EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
+        EVP_CIPHER_CTX_cleanup(&rc4_key);
         memset(k6_data, 0, sizeof(k6_data));
+    }
 …
     if(conf_flag) {
         RC4_KEY rc4_key;
         RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
         RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
         RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
              output_message_buffer->value);
         memset(&rc4_key, 0, sizeof(rc4_key));
+        EVP_CIPHER_CTX rc4_key;
+        EVP_CIPHER_CTX_init(&rc4_key);
+        EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+        EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
+        EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen);
+        EVP_CIPHER_CTX_cleanup(&rc4_key);
     } else {
         memcpy(Confounder, p0 + 24, 8); /* Confounder */
 …
+    }
     cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
+    cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
     if (cmp) {
         _gsskrb5_release_buffer(minor_status, output_message_buffer);

trunk/server/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_canonicalize_name (
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_canonicalize_name (
37	37	OM_uint32 * minor_status,
38	38	const gss_name_t input_name,

trunk/server/source4/heimdal/lib/gssapi/krb5/cfx.c

-              r414
+              r745
+}
 static OM_uint32
 allocate_buffer(OM_uint32 *minor_status, gss_iov_buffer_desc *buffer, size_t size)
+OM_uint32
+_gk_allocate_buffer(OM_uint32 *minor_status, gss_iov_buffer_desc *buffer, size_t size)
+{
     if (buffer->type & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED) {
+    if (buffer->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
         if (buffer->buffer.length == size)
             return GSS_S_COMPLETE;
 …
         return GSS_S_FAILURE;
+    }
     buffer->type |= GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED;
+    buffer->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
     return GSS_S_COMPLETE;
 …
+OM_uint32
+_gk_verify_buffers(OM_uint32 *minor_status,
+                   const gsskrb5_ctx ctx,
+                   const gss_iov_buffer_desc *header,
+                   const gss_iov_buffer_desc *padding,
+                   const gss_iov_buffer_desc *trailer)
+{
+    if (header == NULL) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+    if (IS_DCE_STYLE(ctx)) {
+        /*
+         * In DCE style mode we reject having a padding or trailer buffer
+         */
+        if (padding) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
+        if (trailer) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
+    } else {
+        /*
+         * In non-DCE style mode we require having a padding buffer
+         */
+        if (padding == NULL) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
+    }
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
 OM_uint32
 …
     size_t gsshsize, k5hsize;
     size_t gsstsize, k5tsize;
     size_t i, padlength, rrc = 0, ec = 0;
+    size_t i, rrc = 0, ec = 0;
     gss_cfx_wrap_token token;
     krb5_error_code ret;
 …
     unsigned usage;
     krb5_crypto_iov *data = NULL;
+    int paddingoffset = 0;
     header = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
     if (header == NULL) {
 …
+    }
-    krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_PADDING, &padlength);
     padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    if (padlength != 0 && padding == NULL) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    if (padding != NULL) {
+        padding->buffer.length = 0;
+    }
     trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+    if (major_status != GSS_S_COMPLETE) {
+            return major_status;
+    }
     if (conf_req_flag) {
+        ec = padlength;
+        krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER, &k5tsize);
+        krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER, &k5hsize);
+        gsshsize = k5hsize + sizeof(*token);
+        gsstsize = k5tsize + sizeof(*token); /* encrypted token stored in trailer */
+    } else {
+        krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_CHECKSUM, &k5tsize);
+        gsshsize = sizeof(*token);
+        size_t k5psize = 0;
+        size_t k5pbase = 0;
+        size_t k5bsize = 0;
+        size_t size = 0;
+        for (i = 0; i < iov_count; i++) {
+            switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
+            case GSS_IOV_BUFFER_TYPE_DATA:
+                size += iov[i].buffer.length;
+                break;
+            default:
+                break;
+            }
+        }
+        size += sizeof(gss_cfx_wrap_token_desc);
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_HEADER,
+                                           &k5hsize);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_TRAILER,
+                                           &k5tsize);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_PADDING,
+                                           &k5pbase);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        if (k5pbase > 1) {
+            k5psize = k5pbase - (size % k5pbase);
+        } else {
+            k5psize = 0;
+        }
+        if (k5psize == 0 && IS_DCE_STYLE(ctx)) {
+            *minor_status = krb5_crypto_getblocksize(context, ctx->crypto,
+                                                     &k5bsize);
+            if (*minor_status)
+                return GSS_S_FAILURE;
+            ec = k5bsize;
+        } else {
+            ec = k5psize;
+        }
+        gsshsize = sizeof(gss_cfx_wrap_token_desc) + k5hsize;
+        gsstsize = sizeof(gss_cfx_wrap_token_desc) + ec + k5tsize;
+    } else {
+        if (IS_DCE_STYLE(ctx)) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
+        k5hsize = 0;
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_CHECKSUM,
+                                           &k5tsize);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        gsshsize = sizeof(gss_cfx_wrap_token_desc);
         gsstsize = k5tsize;
+    }
 …
     if (trailer == NULL) {
-        /* conf_req_flag=0 doesn't support DCE_STYLE */
-        if (conf_req_flag == 0) {
-            *minor_status = EINVAL;
-            major_status = GSS_S_FAILURE;
-            goto failure;
+        }
         rrc = gsstsize;
         if (IS_DCE_STYLE(ctx))
 …
         gsshsize += gsstsize;
         gsstsize = 0;
     } else if (GSS_IOV_BUFFER_FLAGS(trailer->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
         major_status = allocate_buffer(minor_status, trailer, gsstsize);
+    } else if (GSS_IOV_BUFFER_FLAGS(trailer->type) & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+        major_status = _gk_allocate_buffer(minor_status, trailer, gsstsize);
         if (major_status)
             goto failure;
 …
      */
     if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE) {
         major_status = allocate_buffer(minor_status, header, gsshsize);
+    if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+        major_status = _gk_allocate_buffer(minor_status, header, gsshsize);
         if (major_status != GSS_S_COMPLETE)
             goto failure;
 …
          */
         token->Flags |= CFXSealed;
         token->EC[0] = (padlength >> 8) & 0xFF;
         token->EC[1] = (padlength >> 0) & 0xFF;
+        token->EC[0] = (ec >> 8) & 0xFF;
+        token->EC[1] = (ec >> 0) & 0xFF;
     } else {
 …
           plain packet:
           {"header" | encrypt(plaintext-data | padding | E"header")}
+          {"header" | encrypt(plaintext-data | ec-padding | E"header")}
           Expanded, this is with with RRC = 0:
           {"header" | krb5-header | plaintext-data | padding | E"header" | krb5-trailer }
           In DCE-RPC mode == no trailer: RRC = gss "trailer" == length(padding | E"header" | krb5-trailer)
           {"header" | padding | E"header" | krb5-trailer | krb5-header | plaintext-data  }
+          {"header" | krb5-header | plaintext-data | ec-padding | E"header" | krb5-trailer }
+          In DCE-RPC mode == no trailer: RRC = gss "trailer" == length(ec-padding | E"header" | krb5-trailer)
+          {"header" | ec-padding | E"header" | krb5-trailer | krb5-header | plaintext-data  }
          */
 …
             case GSS_IOV_BUFFER_TYPE_DATA:
                 data[i].flags = KRB5_CRYPTO_TYPE_DATA;
-                break;
-            case GSS_IOV_BUFFER_TYPE_PADDING:
-                data[i].flags = KRB5_CRYPTO_TYPE_PADDING;
-                paddingoffset = i;
                 break;
             case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
 …
          */
-        /* XXX KRB5_CRYPTO_TYPE_PADDING */
         /* encrypted CFX header in trailer (or after the header if in
            DCE mode). Copy in header into E"header"
 …
             data[i].data.data = trailer->buffer.value;
         else
+            data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize - k5tsize - sizeof(*token);
+        data[i].data.length = sizeof(*token);
+        memcpy(data[i].data.data, token, sizeof(*token));
+            data[i].data.data = ((uint8_t *)header->buffer.value) + sizeof(*token);
+        data[i].data.length = ec + sizeof(*token);
+        memset(data[i].data.data, 0xFF, ec);
+        memcpy(((uint8_t *)data[i].data.data) + ec, token, sizeof(*token));
         i++;
         /* Kerberos trailer comes after the gss trailer */
         data[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
         data[i].data.data = ((uint8_t *)data[i-1].data.data) + sizeof(*token);
+        data[i].data.data = ((uint8_t *)data[i-1].data.data) + ec + sizeof(*token);
         data[i].data.length = k5tsize;
         i++;
 …
+        }
-        if (paddingoffset)
-            padding->buffer.length = data[paddingoffset].data.length;
     } else {
         /*
 …
             switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
             case GSS_IOV_BUFFER_TYPE_DATA:
-            case GSS_IOV_BUFFER_TYPE_PADDING:
                 data[i].flags = KRB5_CRYPTO_TYPE_DATA;
                 break;
 …
         data[i].flags = KRB5_CRYPTO_TYPE_DATA;
         data[i].data.data = header->buffer.value;
         data[i].data.length = header->buffer.length;
+        data[i].data.length = sizeof(gss_cfx_wrap_token_desc);
         i++;
         data[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+        data[i].data.data = trailer->buffer.value;
+        data[i].data.length = trailer->buffer.length;
+        if (trailer) {
+                data[i].data.data = trailer->buffer.value;
+        } else {
+                data[i].data.data = (uint8_t *)header->buffer.value +
+                                     sizeof(gss_cfx_wrap_token_desc);
+        }
+        data[i].data.length = k5tsize;
         i++;
 …
+        }
+        token->EC[0] =  (trailer->buffer.length >> 8) & 0xFF;
+        token->EC[1] =  (trailer->buffer.length >> 0) & 0xFF;
+        if (rrc) {
+            token->RRC[0] = (rrc >> 8) & 0xFF;
+            token->RRC[1] = (rrc >> 0) & 0xFF;
+        }
+        token->EC[0] =  (k5tsize >> 8) & 0xFF;
+        token->EC[1] =  (k5tsize >> 0) & 0xFF;
+    }
 …
             GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER)
+        {
             memcpy(q, iov[i].buffer.value, MIN(iov[i].buffer.length, skip));
+            memcpy(q, iov[i].buffer.value, min(iov[i].buffer.length, skip));
             if (iov[i].buffer.length > skip)
                 break;
 …
+{
     OM_uint32 seq_number_lo, seq_number_hi, major_status, junk;
     gss_iov_buffer_desc *header, *trailer;
+    gss_iov_buffer_desc *header, *trailer, *padding;
     gss_cfx_wrap_token token, ttoken;
     u_char token_flags;
 …
         return GSS_S_DEFECTIVE_TOKEN;
+    padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    if (padding != NULL && padding->buffer.length != 0) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
     trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+    if (major_status != GSS_S_COMPLETE) {
+            return major_status;
+    }
     token = (gss_cfx_wrap_token)header->buffer.value;
 …
             size_t gsshsize = k5hsize + sizeof(*token);
-            if (IS_DCE_STYLE(ctx))
-                gsstsize += ec;
-            gsshsize += gsstsize;
             if (rrc != gsstsize) {
                 major_status = GSS_S_DEFECTIVE_TOKEN;
                 goto failure;
+            }
+            if (IS_DCE_STYLE(ctx))
+                gsstsize += ec;
+            gsshsize += gsstsize;
             if (header->buffer.length != gsshsize) {
                 major_status = GSS_S_DEFECTIVE_TOKEN;
 …
             switch (GSS_IOV_BUFFER_TYPE(iov[j].type)) {
             case GSS_IOV_BUFFER_TYPE_DATA:
-            case GSS_IOV_BUFFER_TYPE_PADDING:
                 data[i].flags = KRB5_CRYPTO_TYPE_DATA;
                 break;
 …
         */
         data[i].flags = KRB5_CRYPTO_TYPE_DATA;
         if (trailer)
+        if (trailer) {
             data[i].data.data = trailer->buffer.value;
+        else
+            data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize - k5tsize - sizeof(*token);
+        data[i].data.length = sizeof(*token);
+        ttoken = (gss_cfx_wrap_token)data[i].data.data;
+        } else {
+            data[i].data.data = ((uint8_t *)header->buffer.value) +
+                header->buffer.length - k5hsize - k5tsize - ec- sizeof(*token);
+        }
+        data[i].data.length = ec + sizeof(*token);
+        ttoken = (gss_cfx_wrap_token)(((uint8_t *)data[i].data.data) + ec);
         i++;
         /* Kerberos trailer comes after the gss trailer */
         data[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
         data[i].data.data = ((uint8_t *)data[i-1].data.data) + sizeof(*token);
+        data[i].data.data = ((uint8_t *)data[i-1].data.data) + ec + sizeof(*token);
         data[i].data.length = k5tsize;
         i++;
 …
         /* Check the integrity of the header */
         if (memcmp(ttoken, token, sizeof(*token)) != 0) {
+        if (ct_memcmp(ttoken, token, sizeof(*token)) != 0) {
             major_status = GSS_S_BAD_MIC;
             goto failure;
+        }
     } else {
+        /* Check RRC */
+        if (rrc != 0) {
+        size_t gsstsize = ec;
+        size_t gsshsize = sizeof(*token);
+        if (trailer == NULL) {
+            /* Check RRC */
+            if (rrc != gsstsize) {
+               *minor_status = EINVAL;
+               major_status = GSS_S_FAILURE;
+               goto failure;
+            }
+            gsshsize += gsstsize;
+            gsstsize = 0;
+        } else if (trailer->buffer.length != gsstsize) {
+            major_status = GSS_S_DEFECTIVE_TOKEN;
+            goto failure;
+        } else if (rrc != 0) {
+            /* Check RRC */
             *minor_status = EINVAL;
             major_status = GSS_S_FAILURE;
 …
+        }
+        if (trailer == NULL) {
+            *minor_status = EINVAL;
+            major_status = GSS_S_FAILURE;
+            goto failure;
+        }
+        if (trailer->buffer.length != ec) {
+            *minor_status = EINVAL;
+            major_status = GSS_S_FAILURE;
+        if (header->buffer.length != gsshsize) {
+            major_status = GSS_S_DEFECTIVE_TOKEN;
             goto failure;
+        }
 …
             switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
             case GSS_IOV_BUFFER_TYPE_DATA:
-            case GSS_IOV_BUFFER_TYPE_PADDING:
                 data[i].flags = KRB5_CRYPTO_TYPE_DATA;
                 break;
 …
         data[i].flags = KRB5_CRYPTO_TYPE_DATA;
         data[i].data.data = header->buffer.value;
         data[i].data.length = header->buffer.length;
+        data[i].data.length = sizeof(*token);
         i++;
         data[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+        data[i].data.data = trailer->buffer.value;
+        data[i].data.length = trailer->buffer.length;
+        if (trailer) {
+                data[i].data.data = trailer->buffer.value;
+        } else {
+                data[i].data.data = (uint8_t *)header->buffer.value +
+                                     sizeof(*token);
+        }
+        data[i].data.length = ec;
         i++;
 …
                             int iov_count)
+{
+    OM_uint32 major_status;
     size_t size;
     int i;
+    size_t *padding = NULL;
+    gss_iov_buffer_desc *header = NULL;
+    gss_iov_buffer_desc *padding = NULL;
+    gss_iov_buffer_desc *trailer = NULL;
+    size_t gsshsize = 0;
+    size_t gsstsize = 0;
+    size_t k5hsize = 0;
+    size_t k5tsize = 0;
     GSSAPI_KRB5_INIT (&context);
 …
             break;
         case GSS_IOV_BUFFER_TYPE_HEADER:
             *minor_status = krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER, &iov[i].buffer.length);
             if (*minor_status)
+            if (header != NULL) {
+                *minor_status = 0;
                 return GSS_S_FAILURE;
+            }
+            header = &iov[i];
             break;
         case GSS_IOV_BUFFER_TYPE_TRAILER:
             *minor_status = krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER, &iov[i].buffer.length);
             if (*minor_status)
+            if (trailer != NULL) {
+                *minor_status = 0;
                 return GSS_S_FAILURE;
+            }
+            trailer = &iov[i];
             break;
         case GSS_IOV_BUFFER_TYPE_PADDING:
 …
                 return GSS_S_FAILURE;
+            }
             padding = &iov[i].buffer.length;
+            padding = &iov[i];
             break;
         case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
 …
+        }
+    }
+    major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer);
+    if (major_status != GSS_S_COMPLETE) {
+            return major_status;
+    }
+    if (conf_req_flag) {
+        size_t k5psize = 0;
+        size_t k5pbase = 0;
+        size_t k5bsize = 0;
+        size_t ec = 0;
+        size += sizeof(gss_cfx_wrap_token_desc);
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_HEADER,
+                                           &k5hsize);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_TRAILER,
+                                           &k5tsize);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_PADDING,
+                                           &k5pbase);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        if (k5pbase > 1) {
+            k5psize = k5pbase - (size % k5pbase);
+        } else {
+            k5psize = 0;
+        }
+        if (k5psize == 0 && IS_DCE_STYLE(ctx)) {
+            *minor_status = krb5_crypto_getblocksize(context, ctx->crypto,
+                                                     &k5bsize);
+            if (*minor_status)
+                return GSS_S_FAILURE;
+            ec = k5bsize;
+        } else {
+            ec = k5psize;
+        }
+        gsshsize = sizeof(gss_cfx_wrap_token_desc) + k5hsize;
+        gsstsize = sizeof(gss_cfx_wrap_token_desc) + ec + k5tsize;
+    } else {
+        *minor_status = krb5_crypto_length(context, ctx->crypto,
+                                           KRB5_CRYPTO_TYPE_CHECKSUM,
+                                           &k5tsize);
+        if (*minor_status)
+            return GSS_S_FAILURE;
+        gsshsize = sizeof(gss_cfx_wrap_token_desc);
+        gsstsize = k5tsize;
+    }
+    if (trailer != NULL) {
+        trailer->buffer.length = gsstsize;
+    } else {
+        gsshsize += gsstsize;
+    }
+    header->buffer.length = gsshsize;
     if (padding) {
+        size_t pad;
+        krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_PADDING, &pad);
+        if (pad > 1) {
+            *padding = pad - (size % pad);
+            if (*padding == pad)
+                *padding = 0;
+        } else
+            *padding = 0;
+        /* padding is done via EC and is contained in the header or trailer */
+        padding->buffer.length = 0;
+    }
+    if (conf_state) {
+        *conf_state = conf_req_flag;
+    }
 …
         /* Check the integrity of the header */
         if (memcmp(p, token, sizeof(*token)) != 0) {
+        if (ct_memcmp(p, token, sizeof(*token)) != 0) {
             krb5_data_free(&data);
             return GSS_S_BAD_MIC;
 …
+    }
     if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) {
+    if (ct_memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) {
         return GSS_S_DEFECTIVE_TOKEN;
+    }

trunk/server/source4/heimdal/lib/gssapi/krb5/compare_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_compare_name
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_compare_name
37	37	(OM_uint32 * minor_status,
38	38	const gss_name_t name1,

trunk/server/source4/heimdal/lib/gssapi/krb5/context_time.c

r414	r745
63	63
64	64
65		OM_uint32 _gsskrb5_context_time
	65	OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time
66	66	(OM_uint32 * minor_status,
67	67	const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/creds.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_export_cred(OM_uint32 *minor_status,
                      gss_cred_id_t cred_handle,
 …
+}
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_import_cred(OM_uint32 * minor_status,
                      gss_buffer_t cred_token,
 …
     *cred_handle = (gss_cred_id_t)handle;
     return GSS_S_COMPLETE;
+}

trunk/server/source4/heimdal/lib/gssapi/krb5/decapsulate.c

-              r414
+              r745
     if (mech_len != mech->length)
         return GSS_S_BAD_MECH;
     if (memcmp(p,
                mech->elements,
                mech->length) != 0)
+    if (ct_memcmp(p,
+                  mech->elements,
+                  mech->length) != 0)
         return GSS_S_BAD_MECH;
     p += mech_len;
 …
         return GSS_S_DEFECTIVE_TOKEN;
     if (memcmp (*str, type, 2) != 0)
+    if (ct_memcmp (*str, type, 2) != 0)
         return GSS_S_DEFECTIVE_TOKEN;
     *str += 2;

trunk/server/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_delete_sec_context(OM_uint32 * minor_status,
                             gss_ctx_id_t * context_handle,
 …
     krb5_auth_con_free (context, ctx->auth_context);
+    krb5_auth_con_free (context, ctx->deleg_auth_context);
     if (ctx->kcred)
         krb5_free_creds(context, ctx->kcred);

trunk/server/source4/heimdal/lib/gssapi/krb5/display_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_display_name
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_name
37	37	(OM_uint32 * minor_status,
38	38	const gss_name_t input_name,

trunk/server/source4/heimdal/lib/gssapi/krb5/display_status.c

-              r414
+              r745
     va_list args;
     char *str;
+    int e;
     if (_gsskrb5_init (&context) != 0)
 …
     va_start(args, fmt);
     vasprintf(&str, fmt, args);
+    e = vasprintf(&str, fmt, args);
     va_end(args);
     if (str) {
+    if (e >= 0 && str) {
         krb5_set_error_message(context, ret, "%s", str);
         free(str);
 …
+}
 OM_uint32 _gsskrb5_display_status
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_status
 (OM_uint32              *minor_status,
  OM_uint32               status_value,
 …
+{
     krb5_context context;
+    char *buf;
+    char *buf = NULL;
+    int e = 0;
     GSSAPI_KRB5_INIT (&context);
 …
     if (status_type == GSS_C_GSS_CODE) {
         if (GSS_SUPPLEMENTARY_INFO(status_value))
             asprintf(&buf, "%s",
                      supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
+            e = asprintf(&buf, "%s",
+                         supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
         else
             asprintf (&buf, "%s %s",
                       calling_error(GSS_CALLING_ERROR(status_value)),
                       routine_error(GSS_ROUTINE_ERROR(status_value)));
+            e = asprintf (&buf, "%s %s",
+                          calling_error(GSS_CALLING_ERROR(status_value)),
+                          routine_error(GSS_ROUTINE_ERROR(status_value)));
     } else if (status_type == GSS_C_MECH_CODE) {
         const char *buf2 = krb5_get_error_message(context, status_value);
 …
             krb5_free_error_message(context, buf2);
         } else {
             asprintf(&buf, "unknown mech error-code %u",
                      (unsigned)status_value);
+            e = asprintf(&buf, "unknown mech error-code %u",
+                         (unsigned)status_value);
+        }
     } else {
 …
+    }
     if (buf == NULL) {
+    if (e < 0 || buf == NULL) {
         *minor_status = ENOMEM;
         return GSS_S_FAILURE;

trunk/server/source4/heimdal/lib/gssapi/krb5/duplicate_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_duplicate_name (
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_duplicate_name (
37	37	OM_uint32 * minor_status,
38	38	const gss_name_t src_name,

trunk/server/source4/heimdal/lib/gssapi/krb5/export_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_export_name
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_export_name
37	37	(OM_uint32 * minor_status,
38	38	const gss_name_t input_name,

trunk/server/source4/heimdal/lib/gssapi/krb5/export_sec_context.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32
	36	OM_uint32 GSSAPI_CALLCONV
37	37	_gsskrb5_export_sec_context (
38	38	OM_uint32 * minor_status,

trunk/server/source4/heimdal/lib/gssapi/krb5/external.c

-              r414
+              r745
  */
 static gss_OID_desc gss_c_nt_user_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME =
-    &gss_c_nt_user_name_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME =
-    &gss_c_nt_machine_uid_name_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME =
-    &gss_c_nt_string_uid_name_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
     {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X =
-    &gss_c_nt_hostbased_service_x_oid_desc;
 /*
 …
  * to point to that gss_OID_desc.
  */
 static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE =
-    &gss_c_nt_hostbased_service_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_c_nt_anonymous_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
     {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS =
-    &gss_c_nt_anonymous_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_c_nt_export_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
     {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME =
-    &gss_c_nt_export_name_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_PRINCIPAL_NAME =
-    &gss_krb5_nt_principal_name_oid_desc;
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_USER_NAME =
-    &gss_c_nt_user_name_oid_desc;
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_MACHINE_UID_NAME =
-    &gss_c_nt_machine_uid_name_oid_desc;
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_STRING_UID_NAME =
-    &gss_c_nt_string_uid_name_oid_desc;
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
+ *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
+ *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
+ *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-#if 0 /* This is the old OID */
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-    {5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
-#endif
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM =
-    &gss_krb5_mechanism_oid_desc;
 /*
 …
  */
 static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE  __gss_iakerb_proxy_mechanism_oid_desc =
     {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
+gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_PROXY_MECHANISM =
+    &gss_iakerb_proxy_mechanism_oid_desc;
+static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
     {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
-gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_MIN_MSG_MECHANISM =
-    &gss_iakerb_min_msg_mechanism_oid_desc;
-/*
+ *
- */
-static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
-    {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_PEER_HAS_UPDATED_SPNEGO =
-    &gss_c_peer_has_updated_spnego_oid_desc;
-/*
- * 1.2.752.43.13 Heimdal GSS-API Extentions
- */
-/* 1.2.752.43.13.1 */
-static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COPY_CCACHE_X =
-    &gss_krb5_copy_ccache_x_oid_desc;
-/* 1.2.752.43.13.2 */
-static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TKT_FLAGS_X =
-    &gss_krb5_get_tkt_flags_x_oid_desc;
-/* 1.2.752.43.13.3 */
-static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X =
-    &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
-/* 1.2.752.43.13.4 */
-static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COMPAT_DES3_MIC_X =
-    &gss_krb5_compat_des3_mic_x_oid_desc;
-/* 1.2.752.43.13.5 */
-static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X =
-    &gss_krb5_register_acceptor_identity_x_desc;
-/* 1.2.752.43.13.6 */
-static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_X =
-    &gss_krb5_export_lucid_context_x_desc;
-/* 1.2.752.43.13.6.1 */
-static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
-    {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X =
-    &gss_krb5_export_lucid_context_v1_x_desc;
-/* 1.2.752.43.13.7 */
-static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DNS_CANONICALIZE_X =
-    &gss_krb5_set_dns_canonicalize_x_desc;
-/* 1.2.752.43.13.8 */
-static gss_OID_desc gss_krb5_get_subkey_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SUBKEY_X =
-    &gss_krb5_get_subkey_x_desc;
-/* 1.2.752.43.13.9 */
-static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_INITIATOR_SUBKEY_X =
-    &gss_krb5_get_initiator_subkey_x_desc;
-/* 1.2.752.43.13.10 */
-static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_ACCEPTOR_SUBKEY_X =
-    &gss_krb5_get_acceptor_subkey_x_desc;
-/* 1.2.752.43.13.11 */
-static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SEND_TO_KDC_X =
-    &gss_krb5_send_to_kdc_x_desc;
-/* 1.2.752.43.13.12 */
-static gss_OID_desc gss_krb5_get_authtime_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_AUTHTIME_X =
-    &gss_krb5_get_authtime_x_desc;
-/* 1.2.752.43.13.13 */
-static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SERVICE_KEYBLOCK_X =
-    &gss_krb5_get_service_keyblock_x_desc;
-/* 1.2.752.43.13.14 */
-static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X =
-    &gss_krb5_set_allowable_enctypes_x_desc;
-/* 1.2.752.43.13.15 */
-static gss_OID_desc gss_krb5_set_default_realm_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DEFAULT_REALM_X =
-    &gss_krb5_set_default_realm_x_desc;
-/* 1.2.752.43.13.16 */
-static gss_OID_desc gss_krb5_ccache_name_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_CCACHE_NAME_X =
-    &gss_krb5_ccache_name_x_desc;
-/* 1.2.752.43.13.17 */
-static gss_OID_desc gss_krb5_set_time_offset_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_TIME_OFFSET_X =
-    &gss_krb5_set_time_offset_x_desc;
-/* 1.2.752.43.13.18 */
-static gss_OID_desc gss_krb5_get_time_offset_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X =
-    &gss_krb5_get_time_offset_x_desc;
-/* 1.2.752.43.13.19 */
-static gss_OID_desc gss_krb5_plugin_register_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")};
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_PLUGIN_REGISTER_X =
-    &gss_krb5_plugin_register_x_desc;
-/* 1.2.752.43.14.1 */
-static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
-gss_OID GSSAPI_LIB_VARIABLE GSS_SASL_DIGEST_MD5_MECHANISM =
-    &gss_sasl_digest_md5_mechanism_desc;
 /*
  * Context for krb5 calls.
  */
+static gss_mo_desc krb5_mo[] = {
+    {
+        GSS_C_MA_SASL_MECH_NAME,
+        GSS_MO_MA,
+        "SASL mech name",
+        "GS2-KRB5",
+        _gss_mo_get_ctx_as_string,
+        NULL
+    },
+    {
+        GSS_C_MA_MECH_NAME,
+        GSS_MO_MA,
+        "Mechanism name",
+        "KRB5",
+        _gss_mo_get_ctx_as_string,
+        NULL
+    },
+    {
+        GSS_C_MA_MECH_DESCRIPTION,
+        GSS_MO_MA,
+        "Mechanism description",
+        "Heimdal Kerberos 5 mech",
+        _gss_mo_get_ctx_as_string,
+        NULL
+    },
+    {
+        GSS_C_MA_MECH_CONCRETE,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_ITOK_FRAMED,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_AUTH_INIT,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_AUTH_TARG,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_AUTH_INIT_ANON,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_DELEG_CRED,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_INTEG_PROT,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_CONF_PROT,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_MIC,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_WRAP,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_PROT_READY,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_REPLAY_DET,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_OOS_DET,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_CBINDINGS,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_PFS,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_CTX_TRANS,
+        GSS_MO_MA
+    }
+};
 /*
 …
     "kerberos 5",
     {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
+,
     _gsskrb5_acquire_cred,
     _gsskrb5_release_cred,
 …
     _gsskrb5_store_cred,
     _gsskrb5_export_cred,
+    _gsskrb5_import_cred
+    _gsskrb5_import_cred,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    krb5_mo,
+    sizeof(krb5_mo) / sizeof(krb5_mo[0])
 };

trunk/server/source4/heimdal/lib/gssapi/krb5/get_mic.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
+#ifdef HEIM_WEAK_CRYPTO
 static OM_uint32
 mic_des
 …
+{
   u_char *p;
   MD5_CTX md5;
+  EVP_MD_CTX *md5;
   u_char hash[16];
   DES_key_schedule schedule;
+  EVP_CIPHER_CTX des_ctx;
   DES_cblock deskey;
   DES_cblock zero;
 …
   /* checksum */
+  MD5_Init (&md5);
+  MD5_Update (&md5, p - 24, 8);
+  MD5_Update (&md5, message_buffer->value, message_buffer->length);
+  MD5_Final (hash, &md5);
+  md5 = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(md5, EVP_md5(), NULL);
+  EVP_DigestUpdate(md5, p - 24, 8);
+  EVP_DigestUpdate(md5, message_buffer->value, message_buffer->length);
+  EVP_DigestFinal_ex(md5, hash, NULL);
+  EVP_MD_CTX_destroy(md5);
   memset (&zero, 0, sizeof(zero));
 …
 );
+  DES_set_key_unchecked (&deskey, &schedule);
+  DES_cbc_encrypt ((void *)p, (void *)p, 8,
+                   &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
+  EVP_CIPHER_CTX_init(&des_ctx);
+  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
+  EVP_Cipher(&des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_cleanup(&des_ctx);
   krb5_auth_con_setlocalseqnumber (context,
 …
   return GSS_S_COMPLETE;
+}
+#endif
 static OM_uint32
 …
+}
 OM_uint32 _gsskrb5_get_mic
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
   switch (keytype) {
   case KEYTYPE_DES :
+#ifdef HEIM_WEAK_CRYPTO
       ret = mic_des (minor_status, ctx, context, qop_req,
                      message_buffer, message_token, key);
+#else
+      ret = GSS_S_FAILURE;
+#endif
       break;
   case KEYTYPE_DES3 :

trunk/server/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h

-              r414
+              r745
 typedef struct gsskrb5_ctx {
   struct krb5_auth_context_data *auth_context;
+  struct krb5_auth_context_data *deleg_auth_context;
   krb5_principal source, target;
 #define IS_DCE_STYLE(ctx) (((ctx)->flags & GSS_C_DCE_STYLE) != 0)
 …
 extern HEIMDAL_MUTEX gssapi_keytab_mutex;
-struct gssapi_thr_context {
-    HEIMDAL_MUTEX mutex;
-    char *error_string;
-};
 /*
  * Prototypes

trunk/server/source4/heimdal/lib/gssapi/krb5/import_name.c

-              r414
+              r745
+}
 OM_uint32 _gsskrb5_import_name
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_name
            (OM_uint32 * minor_status,
             const gss_buffer_t input_name_buffer,
 …
                                       input_name_buffer,
                                       output_name);
     else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
+    else if (input_name_type == GSS_C_NO_OID
              || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
              || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))

trunk/server/source4/heimdal/lib/gssapi/krb5/import_sec_context.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_import_sec_context (
     OM_uint32 * minor_status,
 …
     krb5_storage_free (sp);
+    _gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0);
     *context_handle = (gss_ctx_id_t)ctx;

trunk/server/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_indicate_mechs
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_indicate_mechs
37	37	(OM_uint32 * minor_status,
38	38	gss_OID_set * mech_set

trunk/server/source4/heimdal/lib/gssapi/krb5/init_sec_context.c

-              r414
+              r745
+    }
     ctx->auth_context           = NULL;
+    ctx->deleg_auth_context     = NULL;
     ctx->source                 = NULL;
     ctx->target                 = NULL;
 …
+    }
+    kret = krb5_auth_con_init (context, &ctx->deleg_auth_context);
+    if (kret) {
+        *minor_status = kret;
+        krb5_auth_con_free(context, ctx->auth_context);
+        HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+        return GSS_S_FAILURE;
+    }
     kret = set_addresses(context, ctx->auth_context, input_chan_bindings);
     if (kret) {
         *minor_status = kret;
+        krb5_auth_con_free(context, ctx->auth_context);
+        krb5_auth_con_free(context, ctx->deleg_auth_context);
         HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+        return GSS_S_BAD_BINDINGS;
+    }
+    kret = set_addresses(context, ctx->deleg_auth_context, input_chan_bindings);
+    if (kret) {
+        *minor_status = kret;
         krb5_auth_con_free(context, ctx->auth_context);
+        krb5_auth_con_free(context, ctx->deleg_auth_context);
+        HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
         return GSS_S_BAD_BINDINGS;
 …
     krb5_auth_con_addflags(context,
                            ctx->auth_context,
+                           KRB5_AUTH_CONTEXT_DO_SEQUENCE |
+                           KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED,
+                           NULL);
+    /*
+     * We need a sequence number
+     */
+    krb5_auth_con_addflags(context,
+                           ctx->deleg_auth_context,
                            KRB5_AUTH_CONTEXT_DO_SEQUENCE |
                            KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED,
 …
         int use_dns,
         OM_uint32 time_req,
+        OM_uint32 * time_rec,
+        krb5_creds ** cred)
+        OM_uint32 * time_rec)
+{
     OM_uint32 ret;
 …
     OM_uint32 lifetime_rec;
-    *cred = NULL;
     if (ctx->target) {
         krb5_free_principal(context, ctx->target);
         ctx->target = NULL;
+    }
+    if (ctx->kcred) {
+        krb5_free_creds(context, ctx->kcred);
+        ctx->kcred = NULL;
+    }
 …
                                 ccache,
                                 &this_cred,
                                 cred);
+                                &ctx->kcred);
     if (kret) {
         *minor_status = kret;
 …
+    }
     ctx->lifetime = (*cred)->times.endtime;
+    ctx->lifetime = ctx->kcred->times.endtime;
     ret = _gsskrb5_lifetime_left(minor_status, context,
 …
     ctx->ccache = NULL;
     krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
+    krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
     _gsskrb5i_is_cfx(context, ctx, 0);
 …
         goto out;
+    kret = krb5_build_principal(context,
+                                &creds.server,
+                                strlen(creds.client->realm),
+                                creds.client->realm,
+                                KRB5_TGS_NAME,
+                                creds.client->realm,
+                                NULL);
+    kret = krb5_make_principal(context,
+                               &creds.server,
+                               creds.client->realm,
+                               KRB5_TGS_NAME,
+                               creds.client->realm,
+                               NULL);
     if (kret)
         goto out;
 …
     ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
                             ctx, name, 0, time_req,
                             time_rec, &ctx->kcred);
+                            time_rec);
     if (ret && allow_dns)
         ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
                                 ctx, name, 1, time_req,
                                 time_rec, &ctx->kcred);
+                                time_rec);
     if (ret)
         goto failure;
 …
     if (flagmask & GSS_C_DELEG_FLAG) {
         do_delegation (context,
                        ctx->auth_context,
+                       ctx->deleg_auth_context,
                        ctx->ccache, ctx->kcred, ctx->target,
                        &fwd_data, flagmask, &flags);
 …
+    }
     kret = krb5_build_authenticator (context,
+    kret = _krb5_build_authenticator(context,
                                      ctx->auth_context,
                                      enctype,
                                      ctx->kcred,
                                      &cksum,
-                                     NULL,
                                      &authenticator,
                                      KRB5_KU_AP_REQ_AUTH);
 …
     return ret;
+}
+static krb5_error_code
+handle_error_packet(krb5_context context,
+                    gsskrb5_ctx ctx,
+                    krb5_data indata)
+{
+    krb5_error_code kret;
+    KRB_ERROR error;
+    kret = krb5_rd_error(context, &indata, &error);
+    if (kret == 0) {
+        kret = krb5_error_from_rd_error(context, &error, NULL);
+        /* save the time skrew for this host */
+        if (kret == KRB5KRB_AP_ERR_SKEW) {
+            krb5_data timedata;
+            unsigned char p[4];
+            int32_t t = error.stime - time(NULL);
+            p[0] = (t >> 24) & 0xFF;
+            p[1] = (t >> 16) & 0xFF;
+            p[2] = (t >> 8)  & 0xFF;
+            p[3] = (t >> 0)  & 0xFF;
+            timedata.data = p;
+            timedata.length = sizeof(p);
+            krb5_cc_set_config(context, ctx->ccache, ctx->target,
+                               "time-offset", &timedata);
+            if ((ctx->more_flags & RETRIED) == 0)
+                 ctx->state = INITIATOR_RESTART;
+            ctx->more_flags |= RETRIED;
+        }
+        free_KRB_ERROR (&error);
+    }
+    return kret;
+}
 …
         indata.length   = input_token->length;
         indata.data     = input_token->value;
+        kret = krb5_rd_rep(context,
+                           ctx->auth_context,
+                           &indata,
+                           &repl);
+        if (kret) {
+            ret = _gsskrb5_decapsulate(minor_status,
+                                       input_token,
+                                       &indata,
+                                       "\x03\x00",
+                                       GSS_KRB5_MECHANISM);
+            if (ret == GSS_S_COMPLETE) {
+                *minor_status = handle_error_packet(context, ctx, indata);
+            } else {
+                *minor_status = kret;
+            }
+            return GSS_S_FAILURE;
+        }
     } else {
         ret = _gsskrb5_decapsulate (minor_status,
 …
                                         GSS_KRB5_MECHANISM);
             if (ret == GSS_S_COMPLETE) {
+                KRB_ERROR error;
+                kret = krb5_rd_error(context, &indata, &error);
+                if (kret == 0) {
+                    kret = krb5_error_from_rd_error(context, &error, NULL);
+                    /* save the time skrew for this host */
+                    if (kret == KRB5KRB_AP_ERR_SKEW) {
+                        krb5_data timedata;
+                        unsigned char p[4];
+                        int32_t t = error.stime - time(NULL);
+                        p[0] = (t >> 24) & 0xFF;
+                        p[1] = (t >> 16) & 0xFF;
+                        p[2] = (t >> 8)  & 0xFF;
+                        p[3] = (t >> 0)  & 0xFF;
+                        timedata.data = p;
+                        timedata.length = sizeof(p);
+                        krb5_cc_set_config(context, ctx->ccache, ctx->target,
+                                           "time-offset", &timedata);
+                        if ((ctx->more_flags & RETRIED) == 0)
+                            ctx->state = INITIATOR_RESTART;
+                        ctx->more_flags |= RETRIED;
+                    }
+                    free_KRB_ERROR (&error);
+                }
+                *minor_status = kret;
+                *minor_status = handle_error_packet(context, ctx, indata);
                 return GSS_S_FAILURE;
+            }
-            return ret;
+        }
+    }
     kret = krb5_rd_rep (context,
                         ctx->auth_context,
                         &indata,
                         &repl);
+    if (kret) {
         *minor_status = kret;
+        return GSS_S_FAILURE;
+    }
+        kret = krb5_rd_rep (context,
+                            ctx->auth_context,
+                            &indata,
+                            &repl);
+        if (kret) {
+            *minor_status = kret;
+            return GSS_S_FAILURE;
+        }
+    }
     krb5_free_ap_rep_enc_part (context,
                                repl);
 …
          */
         krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
+        krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
         krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
         krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);
 …
  */
 OM_uint32 _gsskrb5_init_sec_context
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
 (OM_uint32 * minor_status,
  const gss_cred_id_t cred_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_context.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_inquire_context (
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_context (
37	37	OM_uint32 * minor_status,
38	38	const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_cred.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_inquire_cred
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
37	37	(OM_uint32 * minor_status,
38	38	const gss_cred_id_t cred_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_inquire_cred_by_mech (
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_mech (
37	37	OM_uint32 * minor_status,
38	38	const gss_cred_id_t cred_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c

r414	r745
33	33	#include "gsskrb5_locl.h"
34	34
35		OM_uint32 _gsskrb5_inquire_cred_by_oid
	35	OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_oid
36	36	(OM_uint32 * minor_status,
37	37	const gss_cred_id_t cred_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_inquire_mechs_for_name (
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_mechs_for_name (
37	37	OM_uint32 * minor_status,
38	38	const gss_name_t input_name,

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
 static gss_OID *name_list[] = {
     &GSS_C_NT_HOSTBASED_SERVICE,
     &GSS_C_NT_USER_NAME,
     &GSS_KRB5_NT_PRINCIPAL_NAME,
     &GSS_C_NT_EXPORT_NAME,
+static gss_OID name_list[] = {
+    GSS_C_NT_HOSTBASED_SERVICE,
+    GSS_C_NT_USER_NAME,
+    GSS_KRB5_NT_PRINCIPAL_NAME,
+    GSS_C_NT_EXPORT_NAME,
     NULL
 };
 OM_uint32 _gsskrb5_inquire_names_for_mech (
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_names_for_mech (
             OM_uint32 * minor_status,
             const gss_OID mechanism,
 …
     for (i = 0; name_list[i] != NULL; i++) {
         ret = gss_add_oid_set_member(minor_status,
                                      *(name_list[i]),
+                                     name_list[i],
                                      name_types);
         if (ret != GSS_S_COMPLETE)

trunk/server/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c

-              r414
+              r745
     ret = krb5_store_uint32(sp, (uint32_t)number);
     if (ret) goto out;
     krb5_auth_getremoteseqnumber (context,
                                   context_handle->auth_context,
                                   &number);
+    krb5_auth_con_getremoteseqnumber (context,
+                                      context_handle->auth_context,
+                                      &number);
     ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
     if (ret) goto out;
 …
  */
 OM_uint32 _gsskrb5_inquire_sec_context_by_oid
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid
            (OM_uint32 *minor_status,
             const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/prf.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_pseudo_random(OM_uint32 *minor_status,
                        gss_ctx_id_t context_handle,
 …
         num++;
+    }
+    free(input.data);
     krb5_crypto_destroy(context, crypto);

trunk/server/source4/heimdal/lib/gssapi/krb5/process_context_token.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_process_context_token (
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
37	37	OM_uint32 *minor_status,
38	38	const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/release_cred.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_release_cred
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_release_cred
37	37	(OM_uint32 * minor_status,
38	38	gss_cred_id_t * cred_handle

trunk/server/source4/heimdal/lib/gssapi/krb5/release_name.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32 _gsskrb5_release_name
	36	OM_uint32 GSSAPI_CALLCONV _gsskrb5_release_name
37	37	(OM_uint32 * minor_status,
38	38	gss_name_t * input_name

trunk/server/source4/heimdal/lib/gssapi/krb5/set_cred_option.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
-/* 1.2.752.43.13.17 */
-static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
-gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X = &gss_krb5_cred_no_ci_flags_x_oid_desc;
-/* 1.2.752.43.13.18 */
-static gss_OID_desc gss_krb5_import_cred_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
-gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
 static OM_uint32
 …
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_set_cred_option
            (OM_uint32 *minor_status,

trunk/server/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c

r414	r745
99	99	}
100	100
101		OM_uint32
	101	OM_uint32 GSSAPI_CALLCONV
102	102	_gsskrb5_set_sec_context_option
103	103	(OM_uint32 *minor_status,

trunk/server/source4/heimdal/lib/gssapi/krb5/store_cred.c

r414	r745
34	34	#include "gsskrb5_locl.h"
35	35
36		OM_uint32
	36	OM_uint32 GSSAPI_CALLCONV
37	37	_gsskrb5_store_cred(OM_uint32 *minor_status,
38	38	gss_cred_id_t input_cred_handle,

trunk/server/source4/heimdal/lib/gssapi/krb5/unwrap.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
+#ifdef HEIM_WEAK_CRYPTO
 static OM_uint32
 unwrap_des
 …
   u_char *p, *seq;
   size_t len;
   MD5_CTX md5;
+  EVP_MD_CTX *md5;
   u_char hash[16];
+  EVP_CIPHER_CTX des_ctx;
   DES_key_schedule schedule;
   DES_cblock deskey;
 …
       for (i = 0; i < sizeof(deskey); ++i)
           deskey[i] ^= 0xf0;
+      DES_set_key_unchecked (&deskey, &schedule);
+      memset (&zero, 0, sizeof(zero));
+      DES_cbc_encrypt ((void *)p,
+                       (void *)p,
+                       input_message_buffer->length - len,
+                       &schedule,
+                       &zero,
+                       DES_DECRYPT);
+      memset (deskey, 0, sizeof(deskey));
+      EVP_CIPHER_CTX_init(&des_ctx);
+      EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0);
+      EVP_Cipher(&des_ctx, p, p, input_message_buffer->length - len);
+      EVP_CIPHER_CTX_cleanup(&des_ctx);
       memset (&schedule, 0, sizeof(schedule));
+  }
 …
+  }
+  MD5_Init (&md5);
+  MD5_Update (&md5, p - 24, 8);
+  MD5_Update (&md5, p, input_message_buffer->length - len);
+  MD5_Final (hash, &md5);
+  md5 = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(md5, EVP_md5(), NULL);
+  EVP_DigestUpdate(md5, p - 24, 8);
+  EVP_DigestUpdate(md5, p, input_message_buffer->length - len);
+  EVP_DigestFinal_ex(md5, hash, NULL);
+  EVP_MD_CTX_destroy(md5);
   memset (&zero, 0, sizeof(zero));
 …
   DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
                  &schedule, &zero);
   if (memcmp (p - 8, hash, 8) != 0)
+  if (ct_memcmp (p - 8, hash, 8) != 0)
     return GSS_S_BAD_MIC;
 …
   p -= 16;
+  DES_set_key_unchecked (&deskey, &schedule);
+  DES_cbc_encrypt ((void *)p, (void *)p, 8,
+                   &schedule, (DES_cblock *)hash, DES_DECRYPT);
+  EVP_CIPHER_CTX_init(&des_ctx);
+  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
+  EVP_Cipher(&des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_cleanup(&des_ctx);
   memset (deskey, 0, sizeof(deskey));
 …
   if (context_handle->more_flags & LOCAL)
       cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+      cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4);
   else
       cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+      cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4);
   if (cmp != 0) {
 …
   return GSS_S_COMPLETE;
+}
+#endif
 static OM_uint32
 …
     return GSS_S_BAD_SIG;
   p += 2;
   if (memcmp (p, "\x02\x00", 2) == 0) {
+  if (ct_memcmp (p, "\x02\x00", 2) == 0) {
     cstate = 1;
   } else if (memcmp (p, "\xff\xff", 2) == 0) {
+  } else if (ct_memcmp (p, "\xff\xff", 2) == 0) {
     cstate = 0;
   } else
 …
   if(conf_state != NULL)
     *conf_state = cstate;
   if (memcmp (p, "\xff\xff", 2) != 0)
+  if (ct_memcmp (p, "\xff\xff", 2) != 0)
     return GSS_S_DEFECTIVE_TOKEN;
   p += 2;
 …
   if (context_handle->more_flags & LOCAL)
       cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+      cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4);
   else
       cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+      cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4);
   krb5_data_free (&seq_data);
 …
+}
 OM_uint32 _gsskrb5_unwrap
+OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
   switch (keytype) {
   case KEYTYPE_DES :
+#ifdef HEIM_WEAK_CRYPTO
       ret = unwrap_des (minor_status, ctx,
                         input_message_buffer, output_message_buffer,
                         conf_state, qop_state, key);
+#else
+      ret = GSS_S_FAILURE;
+#endif
       break;
   case KEYTYPE_DES3 :

trunk/server/source4/heimdal/lib/gssapi/krb5/verify_mic.c

-              r414
+              r745
 #include "gsskrb5_locl.h"
+#ifdef HEIM_WEAK_CRYPTO
 static OM_uint32
 …
+{
   u_char *p;
   MD5_CTX md5;
+  EVP_MD_CTX *md5;
   u_char hash[16], *seq;
   DES_key_schedule schedule;
+  EVP_CIPHER_CTX des_ctx;
   DES_cblock zero;
   DES_cblock deskey;
 …
   /* verify checksum */
+  MD5_Init (&md5);
+  MD5_Update (&md5, p - 24, 8);
+  MD5_Update (&md5, message_buffer->value,
+             message_buffer->length);
+  MD5_Final (hash, &md5);
+  md5 = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(md5, EVP_md5(), NULL);
+  EVP_DigestUpdate(md5, p - 24, 8);
+  EVP_DigestUpdate(md5, message_buffer->value, message_buffer->length);
+  EVP_DigestFinal_ex(md5, hash, NULL);
+  EVP_MD_CTX_destroy(md5);
   memset (&zero, 0, sizeof(zero));
 …
   DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
                  &schedule, &zero);
   if (memcmp (p - 8, hash, 8) != 0) {
+  if (ct_memcmp (p - 8, hash, 8) != 0) {
     memset (deskey, 0, sizeof(deskey));
     memset (&schedule, 0, sizeof(schedule));
 …
   p -= 16;
+  DES_set_key_unchecked (&deskey, &schedule);
+  DES_cbc_encrypt ((void *)p, (void *)p, 8,
+                   &schedule, (DES_cblock *)hash, DES_DECRYPT);
+  EVP_CIPHER_CTX_init(&des_ctx);
+  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
+  EVP_Cipher(&des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_cleanup(&des_ctx);
   memset (deskey, 0, sizeof(deskey));
 …
   if (context_handle->more_flags & LOCAL)
       cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+      cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4);
   else
       cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+      cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4);
   if (cmp != 0) {
 …
   return GSS_S_COMPLETE;
+}
+#endif
 static OM_uint32
 …
   if (context_handle->more_flags & LOCAL)
       cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+      cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4);
   else
       cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+      cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4);
   krb5_data_free (&seq_data);
 …
     switch (keytype) {
     case KEYTYPE_DES :
+#ifdef HEIM_WEAK_CRYPTO
         ret = verify_mic_des (minor_status, ctx, context,
                               message_buffer, token_buffer, qop_state, key,
                               type);
+#else
+      ret = GSS_S_FAILURE;
+#endif
         break;
     case KEYTYPE_DES3 :
 …
+}
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_verify_mic
            (OM_uint32 * minor_status,

trunk/server/source4/heimdal/lib/gssapi/krb5/wrap.c

-              r414
+              r745
+}
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gsskrb5_wrap_size_limit (
             OM_uint32 * minor_status,
 …
   switch (keytype) {
   case KEYTYPE_DES :
+#ifdef HEIM_WEAK_CRYPTO
       ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
+#else
+      ret = GSS_S_FAILURE;
+#endif
       break;
   case KEYTYPE_ARCFOUR:
 …
   return ret;
+}
+#ifdef HEIM_WEAK_CRYPTO
 static OM_uint32
 …
+{
   u_char *p;
   MD5_CTX md5;
+  EVP_MD_CTX *md5;
   u_char hash[16];
   DES_key_schedule schedule;
+  EVP_CIPHER_CTX des_ctx;
   DES_cblock deskey;
   DES_cblock zero;
 …
   /* checksum */
+  MD5_Init (&md5);
+  MD5_Update (&md5, p - 24, 8);
+  MD5_Update (&md5, p, datalen);
+  MD5_Final (hash, &md5);
+  md5 = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(md5, EVP_md5(), NULL);
+  EVP_DigestUpdate(md5, p - 24, 8);
+  EVP_DigestUpdate(md5, p, datalen);
+  EVP_DigestFinal_ex(md5, hash, NULL);
+  EVP_MD_CTX_destroy(md5);
   memset (&zero, 0, sizeof(zero));
 …
 );
+  DES_set_key_unchecked (&deskey, &schedule);
+  DES_cbc_encrypt ((void *)p, (void *)p, 8,
+                   &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
+  EVP_CIPHER_CTX_init(&des_ctx);
+  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
+  EVP_Cipher(&des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_cleanup(&des_ctx);
   krb5_auth_con_setlocalseqnumber (context,
 …
       for (i = 0; i < sizeof(deskey); ++i)
           deskey[i] ^= 0xf0;
+      DES_set_key_unchecked (&deskey, &schedule);
+      memset (&zero, 0, sizeof(zero));
+      DES_cbc_encrypt ((void *)p,
+                       (void *)p,
+                       datalen,
+                       &schedule,
+                       &zero,
+                       DES_ENCRYPT);
+      EVP_CIPHER_CTX_init(&des_ctx);
+      EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1);
+      EVP_Cipher(&des_ctx, p, p, datalen);
+      EVP_CIPHER_CTX_cleanup(&des_ctx);
+  }
   memset (deskey, 0, sizeof(deskey));
 …
   return GSS_S_COMPLETE;
+}
+#endif
 static OM_uint32
 …
+}
+OM_uint32 _gsskrb5_wrap
+OM_uint32 GSSAPI_CALLCONV
+_gsskrb5_wrap
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
   switch (keytype) {
   case KEYTYPE_DES :
+#ifdef HEIM_WEAK_CRYPTO
       ret = wrap_des (minor_status, ctx, context, conf_req_flag,
                       qop_req, input_message_buffer, conf_state,
                       output_message_buffer, key);
+#else
+      ret = GSS_S_FAILURE;
+#endif
       break;
   case KEYTYPE_DES3 :

trunk/server/source4/heimdal/lib/gssapi/mech/context.c

-              r414
+              r745
 #include "mech_locl.h"
 #include "heim_threads.h"
-RCSID("$Id$");
 struct mg_thread_ctx {
 …
         if (value != mg->maj_stat || mg->maj_error.length == 0)
             break;
         string->value = malloc(mg->maj_error.length);
+        string->value = malloc(mg->maj_error.length + 1);
         string->length = mg->maj_error.length;
         memcpy(string->value, mg->maj_error.value, mg->maj_error.length);
+        ((char *) string->value)[string->length] = '\0';
         return GSS_S_COMPLETE;
+    }
 …
         if (value != mg->min_stat || mg->min_error.length == 0)
             break;
         string->value = malloc(mg->min_error.length);
+        string->value = malloc(mg->min_error.length + 1);
         string->length = mg->min_error.length;
         memcpy(string->value, mg->min_error.value, mg->min_error.length);
+        ((char *) string->value)[string->length] = '\0';
         return GSS_S_COMPLETE;
+    }

trunk/server/source4/heimdal/lib/gssapi/mech/cred.h

-              r414
+              r745
 struct _gss_mechanism_cred {
         SLIST_ENTRY(_gss_mechanism_cred) gmc_link;
+        HEIM_SLIST_ENTRY(_gss_mechanism_cred) gmc_link;
         gssapi_mech_interface   gmc_mech;       /* mechanism ops for MC */
         gss_OID                 gmc_mech_oid;   /* mechanism oid for MC */
         gss_cred_id_t           gmc_cred;       /* underlying MC */
 };
 SLIST_HEAD(_gss_mechanism_cred_list, _gss_mechanism_cred);
+HEIM_SLIST_HEAD(_gss_mechanism_cred_list, _gss_mechanism_cred);
 struct _gss_cred {

trunk/server/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 static OM_uint32
 …
+OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_accept_sec_context(OM_uint32 *minor_status,
     gss_ctx_id_t *context_handle,
     const gss_cred_id_t acceptor_cred_handle,
 …
         gss_cred_id_t acceptor_mc, delegated_mc;
         gss_name_t src_mn;
+        gss_OID mech_ret_type = NULL;
         *minor_status = 0;
 …
         if (cred) {
                 SLIST_FOREACH(mc, &cred->gc_mc, gmc_link)
+                HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link)
                         if (mc->gmc_mech == m)
                                 break;
 …
             input_chan_bindings,
             &src_mn,
             mech_type,
+            &mech_ret_type,
             output_token,
             &mech_ret_flags,
 …
+        }
+        if (mech_type)
+            *mech_type = mech_ret_type;
         if (src_name && src_mn) {
                 /*
 …
                 if (!delegated_cred_handle) {
                         m->gm_release_cred(minor_status, &delegated_mc);
+                        if (ret_flags)
+                                *ret_flags &= ~GSS_C_DELEG_FLAG;
+                        mech_ret_flags &=
+                            ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
+                } else if (gss_oid_equal(mech_ret_type, &m->gm_mech_oid) == 0) {
+                        /*
+                         * If the returned mech_type is not the same
+                         * as the mech, assume its pseudo mech type
+                         * and the returned type is already a
+                         * mech-glue object
+                         */
+                        *delegated_cred_handle = delegated_mc;
                 } else if (delegated_mc) {
                         struct _gss_cred *dcred;
 …
                                 return (GSS_S_FAILURE);
+                        }
                         SLIST_INIT(&dcred->gc_mc);
+                        HEIM_SLIST_INIT(&dcred->gc_mc);
                         dmc = malloc(sizeof(struct _gss_mechanism_cred));
                         if (!dmc) {
 …
                         dmc->gmc_mech_oid = &m->gm_mech_oid;
                         dmc->gmc_cred = delegated_mc;
                         SLIST_INSERT_HEAD(&dcred->gc_mc, dmc, gmc_link);
+                        HEIM_SLIST_INSERT_HEAD(&dcred->gc_mc, dmc, gmc_link);
                         *delegated_cred_handle = (gss_cred_id_t) dcred;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_acquire_cred(OM_uint32 *minor_status,
     const gss_name_t desired_name,
 …
                 return (GSS_S_FAILURE);
+        }
         SLIST_INIT(&cred->gc_mc);
+        HEIM_SLIST_INIT(&cred->gc_mc);
         if (mechs == GSS_C_NO_OID_SET)
 …
+                }
                 SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
+                HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
+        }
 …
          * an error.
          */
         if (!SLIST_FIRST(&cred->gc_mc)) {
+        if (!HEIM_SLIST_FIRST(&cred->gc_mc)) {
                 free(cred);
                 if (actual_mechs)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_add_cred.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 static struct _gss_mechanism_cred *
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_add_cred(OM_uint32 *minor_status,
     const gss_cred_id_t input_cred_handle,
 …
                 return (GSS_S_FAILURE);
+        }
         SLIST_INIT(&new_cred->gc_mc);
+        HEIM_SLIST_INIT(&new_cred->gc_mc);
         /*
 …
         target_mc = 0;
         if (cred) {
                 SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+                HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                         if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) {
                                 target_mc = mc;
 …
                                 return (GSS_S_FAILURE);
+                        }
                         SLIST_INSERT_HEAD(&new_cred->gc_mc, copy_mc, gmc_link);
+                        HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, copy_mc, gmc_link);
+                }
+        }
 …
                 return (major_status);
+        }
         SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link);
+        HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link);
         *output_cred_handle = (gss_cred_id_t) new_cred;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+/**
+ * Add a oid to the oid set, function does not make a copy of the oid,
+ * so the pointer to member_oid needs to be stable for the whole time
+ * oid_set is used.
+ *
+ * If there is a duplicate member of the oid, the new member is not
+ * added to to the set.
+ *
+ * @param minor_status minor status code.
+ * @param member_oid member to add to the oid set
+ * @param oid_set oid set to add the member too
+ *
+ * @returns a gss_error code, see gss_display_status() about printing
+ *          the error code.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_add_oid_set_member (OM_uint32 * minor_status,
                         const gss_OID member_oid,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_aeap.c

-              r414
+              r745
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_wrap_iov(OM_uint32 * minor_status,
              gss_ctx_id_t  context_handle,
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_unwrap_iov(OM_uint32 *minor_status,
                gss_ctx_id_t context_handle,
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_wrap_iov_length(OM_uint32 * minor_status,
                     gss_ctx_id_t context_handle,
 …
 /**
  * Free all buffer allocated by gss_wrap_iov() or gss_unwrap_iov() by
  * looking at the GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED flag.
+ *
  * @ingroup gssapi
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+ * looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_iov_buffer(OM_uint32 *minor_status,
                        gss_iov_buffer_desc *iov,
 …
     for (i = 0; i < iov_count; i++) {
         if ((iov[i].type & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED) == 0)
+        if ((iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) == 0)
             continue;
         gss_release_buffer(&junk, &iov[i].buffer);
         iov[i].type &= ~GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED;
+        iov[i].type &= ~GSS_IOV_BUFFER_FLAG_ALLOCATED;
+    }
     return GSS_S_COMPLETE;
 …
  */
 static gss_OID_desc gss_c_attr_stream_sizes_desc =
+gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")};
+gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES =
+    &gss_c_attr_stream_sizes_desc;
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_context_query_attributes(OM_uint32 *minor_status,
+                             gss_OID attribute,
+                             const gss_ctx_id_t context_handle,
+                             const gss_OID attribute,
                              void *data,
                              size_t len)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_create_empty_buffer_set
            (OM_uint32 * minor_status,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_add_buffer_set_member
            (OM_uint32 * minor_status,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_buffer_set(OM_uint32 * minor_status,
                        gss_buffer_set_t *buffer_set)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 /**
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_canonicalize_name(OM_uint32 *minor_status,
     const gss_name_t input_name,
 …
+        }
         SLIST_INIT(&name->gn_mn);
+        HEIM_SLIST_INIT(&name->gn_mn);
         mn->gmn_mech = m;
         mn->gmn_mech_oid = &m->gm_mech_oid;
         mn->gmn_name = new_canonical_name;
         SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+        HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
         *output_name = (gss_name_t) name;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_compare_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_compare_name(OM_uint32 *minor_status,
     const gss_name_t name1_arg,
 …
                 struct _gss_mechanism_name *mn2;
                 SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
+                HEIM_SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
                         OM_uint32 major_status;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_context_time.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_context_time(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_create_empty_oid_set(OM_uint32 *minor_status,
     gss_OID_set *oid_set)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_cred.c

-              r414
+              r745
 */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_export_cred(OM_uint32 * minor_status,
                 gss_cred_id_t cred_handle,
 …
+    }
     SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+    HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
         if (mc->gmc_mech->gm_export_cred == NULL) {
             *minor_status = 0;
 …
+    }
     SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+    HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
         major = mc->gmc_mech->gm_export_cred(minor_status,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_import_cred(OM_uint32 * minor_status,
                 gss_buffer_t token,
 …
         return GSS_S_FAILURE;
+    }
     SLIST_INIT(&cred->gc_mc);
+    HEIM_SLIST_INIT(&cred->gc_mc);
     *cred_handle = (gss_cred_id_t)cred;
 …
         mc->gmc_cred = mcred;
         SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
+        HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
+    }
     krb5_storage_free(sp);
     sp = NULL;
     if (SLIST_EMPTY(&cred->gc_mc)) {
+    if (HEIM_SLIST_EMPTY(&cred->gc_mc)) {
         major = GSS_S_NO_CRED;
         goto out;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
 gss_decapsulate_token(gss_buffer_t input_token,
                       gss_OID oid,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_decapsulate_token(const gss_buffer_t input_token,
+                      const gss_OID oid,
                       gss_buffer_t output_token)
+{

trunk/server/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_delete_sec_context(OM_uint32 *minor_status,
     gss_ctx_id_t *context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_display_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_display_name(OM_uint32 *minor_status,
     const gss_name_t input_name,
 …
                 return (GSS_S_COMPLETE);
         } else {
                 SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
+                HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
                         major_status = mn->gmn_mech->gm_display_name(
                                 minor_status, mn->gmn_name,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_display_status.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 static const char *
 …
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_display_status(OM_uint32 *minor_status,
     OM_uint32 status_value,
 …
         switch (status_type) {
         case GSS_C_GSS_CODE: {
+                char *buf;
+                char *buf = NULL;
+                int e;
                 if (GSS_SUPPLEMENTARY_INFO(status_value))
                     asprintf(&buf, "%s", supplementary_error(
+                    e = asprintf(&buf, "%s", supplementary_error(
                         GSS_SUPPLEMENTARY_INFO(status_value)));
                 else
                     asprintf (&buf, "%s %s",
+                    e = asprintf (&buf, "%s %s",
                         calling_error(GSS_CALLING_ERROR(status_value)),
                         routine_error(GSS_ROUTINE_ERROR(status_value)));
                 if (buf == NULL)
+                if (e < 0 || buf == NULL)
                     break;
 …
                 OM_uint32 maj_junk, min_junk;
                 gss_buffer_desc oid;
+                char *buf;
+                char *buf = NULL;
+                int e;
                 maj_junk = gss_oid_to_str(&min_junk, mech_type, &oid);
 …
                     oid.length = 7;
+                }
                 asprintf (&buf, "unknown mech-code %lu for mech %.*s",
+                e = asprintf (&buf, "unknown mech-code %lu for mech %.*s",
                           (unsigned long)status_value,
                           (int)oid.length, (char *)oid.value);
 …
                     gss_release_buffer(&min_junk, &oid);
                 if (buf == NULL)
+                if (e < 0 || buf == NULL)
                     break;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_duplicate_name(OM_uint32 *minor_status,
     const gss_name_t src_name,
     gss_name_t *dest_name)
 …
                 new_name = (struct _gss_name *) *dest_name;
                 SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
+                HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
                     struct _gss_mechanism_name *mn2;
                     _gss_find_mn(minor_status, new_name,
 …
+                }
                 memset(new_name, 0, sizeof(struct _gss_name));
                 SLIST_INIT(&new_name->gn_mn);
+                HEIM_SLIST_INIT(&new_name->gn_mn);
                 *dest_name = (gss_name_t) new_name;
                 SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
+                HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
                         struct _gss_mechanism_name *new_mn;
 …
                                 continue;
+                        }
                         SLIST_INSERT_HEAD(&new_name->gn_mn, new_mn, gmn_link);
+                        HEIM_SLIST_INSERT_HEAD(&new_name->gn_mn, new_mn, gmn_link);
+                }

trunk/server/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 gss_duplicate_oid (
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_duplicate_oid (
         OM_uint32 *minor_status,
         gss_OID src_oid,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
 gss_encapsulate_token(gss_buffer_t input_token,
                       gss_OID oid,
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
+gss_encapsulate_token(const gss_buffer_t input_token,
+                      const gss_OID oid,
                       gss_buffer_t output_token)
+{

trunk/server/source4/heimdal/lib/gssapi/mech/gss_export_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_export_name(OM_uint32 *minor_status,
     const gss_name_t input_name,
 …
          * list.
          */
         mn = SLIST_FIRST(&name->gn_mn);
+        mn = HEIM_SLIST_FIRST(&name->gn_mn);
         if (!mn) {
                 *minor_status = 0;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_export_sec_context(OM_uint32 *minor_status,
     gss_ctx_id_t *context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_get_mic.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_get_mic(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_import_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 static OM_uint32
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+/**
+ * Import a name internal or mechanism name
+ *
+ * Type of name and their format:
+ * - GSS_C_NO_OID
+ * - GSS_C_NT_USER_NAME
+ * - GSS_C_NT_HOSTBASED_SERVICE
+ * - GSS_C_NT_EXPORT_NAME
+ * - GSS_C_NT_ANONYMOUS
+ * - GSS_KRB5_NT_PRINCIPAL_NAME
+ *
+ * For more information about @ref internalVSmechname.
+ *
+ * @param minor_status minor status code
+ * @param input_name_buffer import name buffer
+ * @param input_name_type type of the import name buffer
+ * @param output_name the resulting type, release with
+ *        gss_release_name(), independent of input_name
+ *
+ * @returns a gss_error code, see gss_display_status() about printing
+ *        the error code.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_import_name(OM_uint32 *minor_status,
     const gss_buffer_t input_name_buffer,
 …
+        }
         SLIST_INIT(&name->gn_mn);
+        HEIM_SLIST_INIT(&name->gn_mn);
         major_status = _gss_copy_oid(minor_status,
 …
          */
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 int present = 0;
 …
                 mn->gmn_mech = &m->gm_mech;
                 mn->gmn_mech_oid = &m->gm_mech_oid;
                 SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+                HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+        }
 …
          */
         mn = SLIST_FIRST(&name->gn_mn);
+        mn = HEIM_SLIST_FIRST(&name->gn_mn);
         if (!mn) {
                 *minor_status = 0;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_import_sec_context(OM_uint32 *minor_status,
     const gss_buffer_t interprocess_token,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_indicate_mechs(OM_uint32 *minor_status,
     gss_OID_set *mech_set)
 …
                 return (major_status);
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_indicate_mechs) {
                         major_status = m->gm_mech.gm_indicate_mechs(

trunk/server/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 static gss_cred_id_t
 …
                 return GSS_C_NO_CREDENTIAL;
         SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+        HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                 if (gss_oid_equal(mech_type, mc->gmc_mech_oid))
                         return mc->gmc_cred;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+/**
+ * As the initiator build a context with an acceptor.
+ *
+ * Returns in the major
+ * - GSS_S_COMPLETE - if the context if build
+ * - GSS_S_CONTINUE_NEEDED -  if the caller needs  to continue another
+ *      round of gss_i nit_sec_context
+ * - error code - any other error code
+ *
+ * @param minor_status minor status code.
+ *
+ * @param initiator_cred_handle the credential to use when building
+ *        the context, if GSS_C_NO_CREDENTIAL is passed, the default
+ *        credential for the mechanism will be used.
+ *
+ * @param context_handle a pointer to a context handle, will be
+ *        returned as long as there is not an error.
+ *
+ * @param target_name the target name of acceptor, created using
+ *        gss_import_name(). The name is can be of any name types the
+ *        mechanism supports, check supported name types with
+ *        gss_inquire_names_for_mech().
+ *
+ * @param input_mech_type mechanism type to use, if GSS_C_NO_OID is
+ *        used, Kerberos (GSS_KRB5_MECHANISM) will be tried. Other
+ *        available mechanism are listed in the @ref gssapi_mechs_intro
+ *        section.
+ *
+ * @param req_flags flags using when building the context, see @ref
+ *        gssapi_context_flags
+ *
+ * @param time_req time requested this context should be valid in
+ *        seconds, common used value is GSS_C_INDEFINITE
+ *
+ * @param input_chan_bindings Channel bindings used, if not exepected
+ *        otherwise, used GSS_C_NO_CHANNEL_BINDINGS
+ *
+ * @param input_token input token sent from the acceptor, for the
+ *        initial packet the buffer of { NULL, 0 } should be used.
+ *
+ * @param actual_mech_type the actual mech used, MUST NOT be freed
+ *        since it pointing to static memory.
+ *
+ * @param output_token if there is an output token, regardless of
+ *        complete, continue_needed, or error it should be sent to the
+ *        acceptor
+ *
+ * @param ret_flags return what flags was negotitated, caller should
+ *        check if they are accetable. For example, if
+ *        GSS_C_MUTUAL_FLAG was negotiated with the acceptor or not.
+ *
+ * @param time_rec amount of time this context is valid for
+ *
+ * @returns a gss_error code, see gss_display_status() about printing
+ *          the error code.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_init_sec_context(OM_uint32 * minor_status,
     const gss_cred_id_t initiator_cred_handle,
 …
          * If we have a cred, find the cred for this mechanism.
          */
+        cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type);
+        if (m->gm_flags & GM_USE_MG_CRED)
+                cred_handle = initiator_cred_handle;
+        else
+                cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type);
         major_status = m->gm_init_sec_context(minor_status,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_context(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 #define AUSAGE 1
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_cred(OM_uint32 *minor_status,
     const gss_cred_id_t cred_handle,
 …
                         return (GSS_S_FAILURE);
+                }
                 SLIST_INIT(&name->gn_mn);
+                HEIM_SLIST_INIT(&name->gn_mn);
         } else {
                 name = NULL;
 …
                 struct _gss_mechanism_cred *mc;
                 SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+                HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                         gss_name_t mc_name;
                         OM_uint32 mc_lifetime;
 …
                                 mn->gmn_mech_oid = mc->gmc_mech_oid;
                                 mn->gmn_name = mc_name;
                                 SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+                                HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
                         } else {
                                 mc->gmc_mech->gm_release_name(minor_status,
 …
+                }
         } else {
                 SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+                HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                         gss_name_t mc_name;
                         OM_uint32 mc_lifetime;
 …
                                 mn->gmn_mech_oid = &m->gm_mech_oid;
                                 mn->gmn_name = mc_name;
                                 SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+                                HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
                         } else if (mc_name) {
                                 m->gm_mech.gm_release_name(minor_status,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_cred_by_mech(OM_uint32 *minor_status,
     const gss_cred_id_t cred_handle,
 …
         if (cred_handle != GSS_C_NO_CREDENTIAL) {
                 struct _gss_cred *cred = (struct _gss_cred *) cred_handle;
                 SLIST_FOREACH(mcp, &cred->gc_mc, gmc_link)
+                HEIM_SLIST_FOREACH(mcp, &cred->gc_mc, gmc_link)
                         if (mcp->gmc_mech == m)
                                 break;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_cred_by_oid (OM_uint32 *minor_status,
                          const gss_cred_id_t cred_handle,
 …
                 return GSS_S_NO_CRED;
         SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+        HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                 gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET;
                 int i;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_mechs_for_name(OM_uint32 *minor_status,
     const gss_name_t input_name,
 …
          * the mechanism to the set.
          */
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 major_status = gss_inquire_names_for_mech(minor_status,
                     &m->gm_mech_oid, &name_types);

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_names_for_mech(OM_uint32 *minor_status,
     const gss_OID mechanism,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
                                 const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_krb5.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 #include <krb5.h>
 …
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_copy_ccache(OM_uint32 *minor_status,
                      gss_cred_id_t cred,
 …
     krb5_ccache id;
     OM_uint32 ret;
     char *str;
+    char *str = NULL;
     ret = gss_inquire_cred_by_oid(minor_status,
 …
                     (char *)data_set->elements[0].value);
     gss_release_buffer_set(minor_status, &data_set);
     if (kret == -1) {
+    if (kret < 0 || str == NULL) {
         *minor_status = ENOMEM;
         return GSS_S_FAILURE;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_import_cred(OM_uint32 *minor_status,
                      krb5_ccache id,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_register_acceptor_identity(const char *identity)
+{
 …
         buffer.length = strlen(identity);
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_set_sec_context_option == NULL)
                         continue;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 krb5_gss_register_acceptor_identity(const char *identity)
+{
 …
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_dns_canonicalize(int flag)
+{
 …
         buffer.length = sizeof(b);
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_set_sec_context_option == NULL)
                         continue;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
                                   gss_ctx_id_t *context_handle,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
+{
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
                                 gss_cred_id_t cred,
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
+{
 …
+    }
     SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+    HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
         if (m->gm_mech.gm_set_sec_context_option == NULL)
             continue;
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_ccache_name(OM_uint32 *minor_status,
                      const char *name,
 …
     buffer.length = strlen(name);
     SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+    HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
         if (m->gm_mech.gm_set_sec_context_option == NULL)
             continue;
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
                                           gss_ctx_id_t context_handle,
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
                                             gss_ctx_id_t context_handle,
 …
  */
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
                                  gss_ctx_id_t context_handle,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
                              gss_ctx_id_t context_handle,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_get_subkey(OM_uint32 *minor_status,
                    gss_ctx_id_t context_handle,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_default_realm(const char *realm)
+{
 …
         buffer.length = strlen(realm);
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_set_sec_context_option == NULL)
                         continue;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
                        gss_ctx_id_t context_handle,
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_set_time_offset(int offset)
+{
 …
         buffer.length = sizeof(o);
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_set_sec_context_option == NULL)
                         continue;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_get_time_offset(int *offset)
+{
 …
         buffer.length = sizeof(o);
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (m->gm_mech.gm_set_sec_context_option == NULL)
                         continue;
 …
+}
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *c)
+{
 …
     buffer.length = sizeof(*c);
     SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+    HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
         if (m->gm_mech.gm_set_sec_context_option == NULL)
             continue;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c

-              r414
+              r745
 #include "mech_locl.h"
 #include <heim_threads.h>
-RCSID("$Id$");
 #ifndef _PATH_GSS_MECH
 …
         return 0;
     m = malloc(sizeof(*m));
+    m = calloc(1, sizeof(*m));
     if (m == NULL)
         return 1;
+        return ENOMEM;
     m->gm_so = NULL;
     m->gm_mech = *mech;
 …
     /* pick up the oid sets of names */
     if (m->gm_mech.gm_inquire_names_for_mech) {
+    if (m->gm_mech.gm_inquire_names_for_mech)
         (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
             &m->gm_mech.gm_mech_oid, &m->gm_name_types);
+    } else {
+    if (m->gm_name_types == NULL)
         gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
+    }
+    SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
+    HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
     return 0;
+}
 …
         struct _gss_mech_switch *m;
         void            *so;
+        gss_OID_desc    mech_oid;
+        int             found;
         HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
         if (SLIST_FIRST(&_gss_mechs)) {
+        if (HEIM_SLIST_FIRST(&_gss_mechs)) {
                 HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
                 return;
 …
         while (fgets(buf, sizeof(buf), fp)) {
+                _gss_mo_init *mi;
                 if (*buf == '#')
                         continue;
 …
                         continue;
+                if (_gss_string_to_oid(oid, &mech_oid))
+                        continue;
+                /*
+                 * Check for duplicates, already loaded mechs.
+                 */
+                found = 0;
+                HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+                        if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
+                                found = 1;
+                                free(mech_oid.elements);
+                                break;
+                        }
+                }
+                if (found)
+                        continue;
 #ifndef RTLD_LOCAL
 #define RTLD_LOCAL 0
 #endif
+                so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
+#ifndef RTLD_GROUP
+#define RTLD_GROUP 0
+#endif
+                so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP);
                 if (!so) {
 /*                      fprintf(stderr, "dlopen: %s\n", dlerror()); */
+                        free(mech_oid.elements);
                         continue;
+                }
                 m = malloc(sizeof(*m));
+                if (!m)
+                if (!m) {
+                        free(mech_oid.elements);
                         break;
+                }
                 m->gm_so = so;
+                if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
+                        free(m);
+                        continue;
+                }
+                m->gm_mech.gm_mech_oid = mech_oid;
+                m->gm_mech.gm_flags = 0;
                 major_status = gss_add_oid_set_member(&minor_status,
 …
                 OPTSYM(unwrap_iov);
                 OPTSYM(wrap_iov_length);
+                SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
+                OPTSYM(display_name_ext);
+                OPTSYM(inquire_name);
+                OPTSYM(get_name_attribute);
+                OPTSYM(set_name_attribute);
+                OPTSYM(delete_name_attribute);
+                OPTSYM(export_name_composite);
+                mi = dlsym(so, "gss_mo_init");
+                if (mi != NULL) {
+                        major_status = mi(&minor_status,
+                                          &mech_oid,
+                                          &m->gm_mech.gm_mo,
+                                          &m->gm_mech.gm_mo_num);
+                        if (GSS_ERROR(major_status))
+                                goto bad;
+                }
+                HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
                 continue;
 …
 gssapi_mech_interface
 __gss_get_mechanism(gss_OID mech)
+__gss_get_mechanism(gss_const_OID mech)
+{
         struct _gss_mech_switch *m;
         _gss_load_mech();
         SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+        HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                 if (gss_oid_equal(&m->gm_mech.gm_mech_oid, mech))
                         return &m->gm_mech;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_names.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
 OM_uint32
 …
         *output_mn = NULL;
         SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
+        HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
                 if (gss_oid_equal(mech, mn->gmn_mech_oid))
                         break;
 …
                 mn->gmn_mech = m;
                 mn->gmn_mech_oid = &m->gm_mech_oid;
                 SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+                HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+        }
         *output_mn = mn;
 …
+        }
         SLIST_INIT(&name->gn_mn);
+        HEIM_SLIST_INIT(&name->gn_mn);
         mn->gmn_mech = m;
         mn->gmn_mech_oid = &m->gm_mech_oid;
         mn->gmn_name = new_mn;
         SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
+        HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
         return (name);

trunk/server/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+int GSSAPI_LIB_FUNCTION
+gss_oid_equal(const gss_OID a, const gss_OID b)
+/**
+ * Compare two GSS-API OIDs with each other.
+ *
+ * GSS_C_NO_OID matches nothing, not even it-self.
+ *
+ * @param a first oid to compare
+ * @param b second oid to compare
+ *
+ * @return non-zero when both oid are the same OID, zero when they are
+ *         not the same.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
+gss_oid_equal(gss_const_OID a, gss_const_OID b)
+{
     if (a == b)
+    if (a == b && a != GSS_C_NO_OID)
         return 1;
     if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
+{
 …
     return GSS_S_COMPLETE;
+}
+GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
+gss_oid_to_name(gss_const_OID oid)
+{
+    size_t i;
+    for (i = 0; _gss_ont_mech[i].oid; i++) {
+        if (gss_oid_equal(oid, _gss_ont_mech[i].oid))
+            return _gss_ont_mech[i].name;
+    }
+    return NULL;
+}
+GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
+gss_name_to_oid(const char *name)
+{
+    size_t i, partial = (size_t)-1;
+    for (i = 0; _gss_ont_mech[i].oid; i++) {
+        if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0)
+            return _gss_ont_mech[i].oid;
+        if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) {
+            if (partial != (size_t)-1)
+                return NULL;
+            partial = i;
+        }
+    }
+    if (partial != (size_t)-1)
+        return _gss_ont_mech[partial].oid;
+    return NULL;
+}

trunk/server/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_process_context_token(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_pseudo_random(OM_uint32 *minor_status,
                   gss_ctx_id_t context,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_buffer(OM_uint32 *minor_status,
                    gss_buffer_t buffer)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_release_cred.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+/**
+ * Release a credentials
+ *
+ * Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will
+ * return a GSS_S_COMPLETE error code. On return cred_handle is set ot
+ * GSS_C_NO_CREDENTIAL.
+ *
+ * Example:
+ *
+ * @code
+ * gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+ * major = gss_release_cred(&minor, &cred);
+ * @endcode
+ *
+ * @param minor_status minor status return code, mech specific
+ * @param cred_handle a pointer to the credential too release
+ *
+ * @return an gssapi error code
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
+{
 …
             return (GSS_S_COMPLETE);
         while (SLIST_FIRST(&cred->gc_mc)) {
                 mc = SLIST_FIRST(&cred->gc_mc);
                 SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link);
+        while (HEIM_SLIST_FIRST(&cred->gc_mc)) {
+                mc = HEIM_SLIST_FIRST(&cred->gc_mc);
+                HEIM_SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link);
                 mc->gmc_mech->gm_release_cred(minor_status, &mc->gmc_cred);
                 free(mc);

trunk/server/source4/heimdal/lib/gssapi/mech/gss_release_name.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+/**
+ * Free a name
+ *
+ * import_name can point to NULL or be NULL, or a pointer to a
+ * gss_name_t structure. If it was a pointer to gss_name_t, the
+ * pointer will be set to NULL on success and failure.
+ *
+ * @param minor_status minor status code
+ * @param input_name name to free
+ *
+ * @returns a gss_error code, see gss_display_status() about printing
+ *        the error code.
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_name(OM_uint32 *minor_status,
     gss_name_t *input_name)
 …
         if (name->gn_type.elements)
                 free(name->gn_type.elements);
         while (SLIST_FIRST(&name->gn_mn)) {
+        while (HEIM_SLIST_FIRST(&name->gn_mn)) {
                 struct _gss_mechanism_name *mn;
                 mn = SLIST_FIRST(&name->gn_mn);
                 SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link);
+                mn = HEIM_SLIST_FIRST(&name->gn_mn);
+                HEIM_SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link);
                 mn->gmn_mech->gm_release_name(minor_status,
                                               &mn->gmn_name);

trunk/server/source4/heimdal/lib/gssapi/mech/gss_release_oid.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
+{

trunk/server/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_release_oid_set(OM_uint32 *minor_status,
     gss_OID_set *set)

trunk/server/source4/heimdal/lib/gssapi/mech/gss_seal.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_seal(OM_uint32 *minor_status,
     gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_set_cred_option (OM_uint32 *minor_status,
                      gss_cred_id_t *cred_handle,
 …
                     return GSS_S_FAILURE;
                 SLIST_INIT(&cred->gc_mc);
+                HEIM_SLIST_INIT(&cred->gc_mc);
                 SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+                HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {
                         if (m->gm_mech.gm_set_cred_option == NULL)
 …
+                        }
                         one_ok = 1;
                         SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
+                        HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
+                }
                 *cred_handle = (gss_cred_id_t)cred;
 …
                 gssapi_mech_interface   m;
                 SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
+                HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
                         m = mc->gmc_mech;

trunk/server/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_set_sec_context_option (OM_uint32 *minor_status,
                             gss_ctx_id_t *context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_sign.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_sign(OM_uint32 *minor_status,
     gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_test_oid_set_member(OM_uint32 *minor_status,
     const gss_OID member,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_unseal.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_unseal(OM_uint32 *minor_status,
     gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_unwrap.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_unwrap(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_utils.c

r414	r745
28	28
29	29	#include "mech_locl.h"
30		~~RCSID("$Id$");~~
31	30
32	31	OM_uint32

trunk/server/source4/heimdal/lib/gssapi/mech/gss_verify.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_verify(OM_uint32 *minor_status,
     gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_verify_mic(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_wrap.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+/**
+ * Wrap a message using either confidentiality (encryption +
+ * signature) or sealing (signature).
+ *
+ * @param minor_status minor status code.
+ * @param context_handle context handle.
+ * @param conf_req_flag if non zero, confidentiality is requestd.
+ * @param qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in.
+ * @param input_message_buffer messages to wrap
+ * @param conf_state returns non zero if confidentiality was honoured.
+ * @param output_message_buffer the resulting buffer, release with gss_release_buffer().
+ *
+ * @ingroup gssapi
+ */
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_wrap(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c

-              r414
+              r745
 #include "mech_locl.h"
-RCSID("$Id$");
+OM_uint32 GSSAPI_LIB_FUNCTION
+GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
 gss_wrap_size_limit(OM_uint32 *minor_status,
     const gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/mech/mech_locl.h

-              r414
+              r745
 #define _mg_buffer_zero(buffer) \
+        do { (buffer)->value = NULL; (buffer)->length = 0; } while(0)
+        do {                                    \
+                if (buffer) {                   \
+                        (buffer)->value = NULL; \
+                        (buffer)->length = 0;   \
+                 }                              \
+        } while(0)
+#define _mg_oid_set_zero(oid_set) \
+        do {                                            \
+                if (oid_set) {                          \
+                        (oid_set)->elements = NULL;     \
+                        (oid_set)->count = 0;           \
+                 }                                      \
+        } while(0)

trunk/server/source4/heimdal/lib/gssapi/mech/mech_switch.h

-              r414
+              r745
 struct _gss_mech_switch {
         SLIST_ENTRY(_gss_mech_switch)   gm_link;
+        HEIM_SLIST_ENTRY(_gss_mech_switch)      gm_link;
         gss_OID_desc                    gm_mech_oid;
         gss_OID_set                     gm_name_types;
 …
         gssapi_mech_interface_desc      gm_mech;
 };
 SLIST_HEAD(_gss_mech_switch_list, _gss_mech_switch);
+HEIM_SLIST_HEAD(_gss_mech_switch_list, _gss_mech_switch);
 extern struct _gss_mech_switch_list _gss_mechs;
 extern gss_OID_set _gss_mech_oids;

trunk/server/source4/heimdal/lib/gssapi/mech/mechqueue.h

-              r414
+              r745
 #define _MECHQUEUE_H_
-#ifndef SLIST_HEAD
 /*
  * Singly-linked List definitions.
  */
 #define SLIST_HEAD(name, type)                                          \
+#define HEIM_SLIST_HEAD(name, type)                                             \
 struct name {                                                           \
         struct type *slh_first; /* first element */                     \
+}
 #define SLIST_HEAD_INITIALIZER(head)                                    \
+#define HEIM_SLIST_HEAD_INITIALIZER(head)                                       \
         { NULL }
 #define SLIST_ENTRY(type)                                               \
+#define HEIM_SLIST_ENTRY(type)                                          \
 struct {                                                                \
         struct type *sle_next;  /* next element */                      \
 …
  * Singly-linked List functions.
  */
 #define SLIST_INIT(head) do {                                           \
+#define HEIM_SLIST_INIT(head) do {                                              \
         (head)->slh_first = NULL;                                       \
 } while (/*CONSTCOND*/0)
 #define SLIST_INSERT_AFTER(slistelm, elm, field) do {                   \
+#define HEIM_SLIST_INSERT_AFTER(slistelm, elm, field) do {                      \
         (elm)->field.sle_next = (slistelm)->field.sle_next;             \
         (slistelm)->field.sle_next = (elm);                             \
 } while (/*CONSTCOND*/0)
 #define SLIST_INSERT_HEAD(head, elm, field) do {                        \
+#define HEIM_SLIST_INSERT_HEAD(head, elm, field) do {                   \
         (elm)->field.sle_next = (head)->slh_first;                      \
         (head)->slh_first = (elm);                                      \
 } while (/*CONSTCOND*/0)
 #define SLIST_REMOVE_HEAD(head, field) do {                             \
+#define HEIM_SLIST_REMOVE_HEAD(head, field) do {                                \
         (head)->slh_first = (head)->slh_first->field.sle_next;          \
 } while (/*CONSTCOND*/0)
 #define SLIST_REMOVE(head, elm, type, field) do {                       \
+#define HEIM_SLIST_REMOVE(head, elm, type, field) do {                  \
         if ((head)->slh_first == (elm)) {                               \
                 SLIST_REMOVE_HEAD((head), field);                       \
+                HEIM_SLIST_REMOVE_HEAD((head), field);                  \
         }                                                               \
         else {                                                          \
 …
 } while (/*CONSTCOND*/0)
 #define SLIST_FOREACH(var, head, field)                                 \
+#define HEIM_SLIST_FOREACH(var, head, field)                                    \
         for((var) = (head)->slh_first; (var); (var) = (var)->field.sle_next)
 …
  * Singly-linked List access methods.
  */
+#define SLIST_EMPTY(head)       ((head)->slh_first == NULL)
+#define SLIST_FIRST(head)       ((head)->slh_first)
+#define SLIST_NEXT(elm, field)  ((elm)->field.sle_next)
+#endif /* SLIST_HEAD */
+#define HEIM_SLIST_EMPTY(head)  ((head)->slh_first == NULL)
+#define HEIM_SLIST_FIRST(head)  ((head)->slh_first)
+#define HEIM_SLIST_NEXT(elm, field)     ((elm)->field.sle_next)
 #endif  /* !_MECHQUEUE_H_ */

trunk/server/source4/heimdal/lib/gssapi/mech/name.h

-              r414
+              r745
 struct _gss_mechanism_name {
         SLIST_ENTRY(_gss_mechanism_name) gmn_link;
+        HEIM_SLIST_ENTRY(_gss_mechanism_name) gmn_link;
         gssapi_mech_interface   gmn_mech;       /* mechanism ops for MN */
         gss_OID                 gmn_mech_oid;   /* mechanism oid for MN */
         gss_name_t              gmn_name;       /* underlying MN */
 };
 SLIST_HEAD(_gss_mechanism_name_list, _gss_mechanism_name);
+HEIM_SLIST_HEAD(_gss_mechanism_name_list, _gss_mechanism_name);
 struct _gss_name {

trunk/server/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c

-              r414
+              r745
 #include "spnego_locl.h"
-RCSID("$Id$");
 static OM_uint32
 send_reject (OM_uint32 *minor_status,
 …
                 return GSS_S_FAILURE;
+            }
+            asprintf(&str, "host@%s", hostname);
+            i = asprintf(&str, "host@%s", hostname);
+            if (i < 0 || str == NULL) {
+                *minor_status = ENOMEM;
+                return GSS_S_FAILURE;
+            }
             host = str;
+        }
 …
 static OM_uint32
+static OM_uint32 GSSAPI_CALLCONV
 acceptor_start
            (OM_uint32 * minor_status,
 …
     gss_OID preferred_mech_type = GSS_C_NO_OID;
     gssspnego_ctx ctx;
-    gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
     int get_mic = 0;
     int first_ok = 0;
 …
     if (ret == 0 && ni->mechToken != NULL) {
-        gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
-        gss_cred_id_t mech_cred;
         gss_buffer_desc ibuf;
 …
         mech_input_token = &ibuf;
-        if (acceptor_cred != NULL)
-            mech_cred = acceptor_cred->negotiated_cred_id;
-        else
-            mech_cred = GSS_C_NO_CREDENTIAL;
         if (ctx->mech_src_name != GSS_C_NO_NAME)
             gss_release_name(&junk, &ctx->mech_src_name);
 …
         ret = gss_accept_sec_context(minor_status,
                                      &ctx->negotiated_ctx_id,
                                      mech_cred,
+                                     acceptor_cred_handle,
                                      mech_input_token,
                                      input_chan_bindings,
 …
                                      &ctx->mech_flags,
                                      &ctx->mech_time_rec,
+                                     &mech_delegated_cred);
+        if (mech_delegated_cred && delegated_cred_handle) {
+            _gss_spnego_alloc_cred(&junk,
+                                   mech_delegated_cred,
+                                   delegated_cred_handle);
+        } else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
+            gss_release_cred(&junk, &mech_delegated_cred);
+                                     delegated_cred_handle);
         if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
             ctx->preferred_mech_type = preferred_mech_type;
-            ctx->negotiated_mech_type = preferred_mech_type;
             if (ret == GSS_S_COMPLETE)
                 ctx->open = 1;
 …
         ctx->preferred_mech_type = preferred_mech_type;
-        ctx->negotiated_mech_type = preferred_mech_type;
+    }
 …
 static OM_uint32
+static OM_uint32 GSSAPI_CALLCONV
 acceptor_continue
            (OM_uint32 * minor_status,
 …
+           )
+{
     OM_uint32 ret, ret2, minor, junk;
+    OM_uint32 ret, ret2, minor;
     NegotiationToken nt;
     size_t nt_len;
 …
     gss_buffer_desc mech_buf;
     gssspnego_ctx ctx;
-    gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
     mech_buf.value = NULL;
 …
         if (mech_input_token != GSS_C_NO_BUFFER) {
-            gss_cred_id_t mech_cred;
-            gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
-            if (acceptor_cred != NULL)
-                mech_cred = acceptor_cred->negotiated_cred_id;
-            else
-                mech_cred = GSS_C_NO_CREDENTIAL;
             if (ctx->mech_src_name != GSS_C_NO_NAME)
 …
             ret = gss_accept_sec_context(&minor,
                                          &ctx->negotiated_ctx_id,
                                          mech_cred,
+                                         acceptor_cred_handle,
                                          mech_input_token,
                                          input_chan_bindings,
 …
                                          &ctx->mech_flags,
                                          &ctx->mech_time_rec,
+                                         &mech_delegated_cred);
+            if (mech_delegated_cred && delegated_cred_handle) {
+                _gss_spnego_alloc_cred(&junk,
+                                       mech_delegated_cred,
+                                       delegated_cred_handle);
+            } else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL)
+                gss_release_cred(&junk, &mech_delegated_cred);
+                                         delegated_cred_handle);
             if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
 …
+}
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_accept_sec_context
            (OM_uint32 * minor_status,

trunk/server/source4/heimdal/lib/gssapi/spnego/compat.c

-              r414
+              r745
 #include "spnego_locl.h"
-RCSID("$Id$");
 /*
  * Apparently Microsoft got the OID wrong, and used
 …
  * Allocate a SPNEGO context handle
  */
+OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
+                                         gss_ctx_id_t *context_handle)
+OM_uint32 GSSAPI_CALLCONV
+_gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
+                               gss_ctx_id_t *context_handle)
+{
     gssspnego_ctx ctx;
 …
  * the lock before this is called.
  */
 OM_uint32 _gss_spnego_internal_delete_sec_context
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_internal_delete_sec_context
            (OM_uint32 *minor_status,
             gss_ctx_id_t *context_handle,
 …
     free(ctx);
-    *context_handle = NULL;
     return ret;
 …
  */
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
                                  gssspnego_ctx ctx,
 …
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
                                    gss_name_t target_name,
                                    OM_uint32 (*func)(gss_name_t, gss_OID),
                                    int includeMSCompatOID,
                                    const gssspnego_cred cred_handle,
+                                   const gss_cred_id_t cred_handle,
                                    MechTypeList *mechtypelist,
                                    gss_OID *preferred_mech)
 …
     mechtypelist->val = NULL;
     if (cred_handle != NULL) {
+    if (cred_handle) {
         ret = gss_inquire_cred(minor_status,
                                cred_handle->negotiated_cred_id,
+                               cred_handle,
                                NULL,
                                NULL,

trunk/server/source4/heimdal/lib/gssapi/spnego/context_stubs.c

-              r414
+              r745
 #include "spnego_locl.h"
-RCSID("$Id$");
 static OM_uint32
 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
 …
 OM_uint32 _gss_spnego_process_context_token
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_process_context_token
            (OM_uint32 *minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_delete_sec_context
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_delete_sec_context
            (OM_uint32 *minor_status,
             gss_ctx_id_t *context_handle,
 …
+}
 OM_uint32 _gss_spnego_context_time
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_context_time
            (OM_uint32 *minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_get_mic
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic
            (OM_uint32 *minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_verify_mic
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_wrap
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_unwrap
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_compare_name
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name
            (OM_uint32 *minor_status,
             const gss_name_t name1,
 …
+}
 OM_uint32 _gss_spnego_display_name
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name
            (OM_uint32 * minor_status,
             const gss_name_t input_name,
 …
+}
 OM_uint32 _gss_spnego_import_name
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_name
            (OM_uint32 * minor_status,
             const gss_buffer_t name_buffer,
 …
+}
 OM_uint32 _gss_spnego_export_name
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name
            (OM_uint32  * minor_status,
             const gss_name_t input_name,
 …
+}
 OM_uint32 _gss_spnego_release_name
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name
            (OM_uint32 * minor_status,
             gss_name_t * input_name
 …
+}
 OM_uint32 _gss_spnego_inquire_context (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
             OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_wrap_size_limit (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit (
             OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_export_sec_context (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_sec_context (
             OM_uint32 * minor_status,
             gss_ctx_id_t * context_handle,
 …
+}
 OM_uint32 _gss_spnego_import_sec_context (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context (
             OM_uint32 * minor_status,
             const gss_buffer_t interprocess_token,
 …
+}
 OM_uint32 _gss_spnego_inquire_names_for_mech (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech (
             OM_uint32 * minor_status,
             const gss_OID mechanism,
 …
+}
 OM_uint32 _gss_spnego_inquire_mechs_for_name (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_mechs_for_name (
             OM_uint32 * minor_status,
             const gss_name_t input_name,
 …
+}
 OM_uint32 _gss_spnego_canonicalize_name (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_canonicalize_name (
             OM_uint32 * minor_status,
             const gss_name_t input_name,
 …
+}
 OM_uint32 _gss_spnego_duplicate_name (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_duplicate_name (
             OM_uint32 * minor_status,
             const gss_name_t src_name,
 …
+}
+OM_uint32 GSSAPI_CALLCONV
+_gss_spnego_wrap_iov(OM_uint32 * minor_status,
+                     gss_ctx_id_t  context_handle,
+                     int conf_req_flag,
+                     gss_qop_t qop_req,
+                     int * conf_state,
+                     gss_iov_buffer_desc *iov,
+                     int iov_count)
+{
+    gssspnego_ctx ctx = (gssspnego_ctx)context_handle;
+    *minor_status = 0;
+    if (ctx == NULL || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+    return gss_wrap_iov(minor_status, ctx->negotiated_ctx_id,
+                        conf_req_flag, qop_req, conf_state,
+                        iov, iov_count);
+}
+OM_uint32 GSSAPI_CALLCONV
+_gss_spnego_unwrap_iov(OM_uint32 *minor_status,
+                       gss_ctx_id_t context_handle,
+                       int *conf_state,
+                       gss_qop_t *qop_state,
+                       gss_iov_buffer_desc *iov,
+                       int iov_count)
+{
+    gssspnego_ctx ctx = (gssspnego_ctx)context_handle;
+    *minor_status = 0;
+    if (ctx == NULL || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+    return gss_unwrap_iov(minor_status,
+                          ctx->negotiated_ctx_id,
+                          conf_state, qop_state,
+                          iov, iov_count);
+}
+OM_uint32 GSSAPI_CALLCONV
+_gss_spnego_wrap_iov_length(OM_uint32 * minor_status,
+                            gss_ctx_id_t context_handle,
+                            int conf_req_flag,
+                            gss_qop_t qop_req,
+                            int *conf_state,
+                            gss_iov_buffer_desc *iov,
+                            int iov_count)
+{
+    gssspnego_ctx ctx = (gssspnego_ctx)context_handle;
+    *minor_status = 0;
+    if (ctx == NULL || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+    return gss_wrap_iov_length(minor_status, ctx->negotiated_ctx_id,
+                               conf_req_flag, qop_req, conf_state,
+                               iov, iov_count);
+}
 #if 0
+OM_uint32 _gss_spnego_unwrap_ex
+           (OM_uint32 * minor_status,
+            const gss_ctx_id_t context_handle,
+            const gss_buffer_t token_header_buffer,
+            const gss_buffer_t associated_data_buffer,
+            const gss_buffer_t input_message_buffer,
+            gss_buffer_t output_message_buffer,
+            int * conf_state,
+            gss_qop_t * qop_state)
+{
+    gssspnego_ctx ctx;
+    *minor_status = 0;
+    if (context_handle == GSS_C_NO_CONTEXT) {
+        return GSS_S_NO_CONTEXT;
+    }
+    ctx = (gssspnego_ctx)context_handle;
+    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+        return GSS_S_NO_CONTEXT;
+    }
+    return gss_unwrap_ex(minor_status,
+                         ctx->negotiated_ctx_id,
+                         token_header_buffer,
+                         associated_data_buffer,
+                         input_message_buffer,
+                         output_message_buffer,
+                         conf_state,
+                         qop_state);
+}
+OM_uint32 _gss_spnego_wrap_ex
+           (OM_uint32 * minor_status,
+            const gss_ctx_id_t context_handle,
+            int conf_req_flag,
+            gss_qop_t qop_req,
+            const gss_buffer_t associated_data_buffer,
+            const gss_buffer_t input_message_buffer,
+            int * conf_state,
+            gss_buffer_t output_token_buffer,
+            gss_buffer_t output_message_buffer
+           )
+{
+    gssspnego_ctx ctx;
+    *minor_status = 0;
+    if (context_handle == GSS_C_NO_CONTEXT) {
+        return GSS_S_NO_CONTEXT;
+    }
+    ctx = (gssspnego_ctx)context_handle;
+    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+        return GSS_S_NO_CONTEXT;
+    }
+    if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
+        associated_data_buffer->length != input_message_buffer->length) {
+        *minor_status = EINVAL;
+        return GSS_S_BAD_QOP;
+    }
+    return gss_wrap_ex(minor_status,
+                       ctx->negotiated_ctx_id,
+                       conf_req_flag,
+                       qop_req,
+                       associated_data_buffer,
+                       input_message_buffer,
+                       conf_state,
+                       output_token_buffer,
+                       output_message_buffer);
+}
+OM_uint32 _gss_spnego_complete_auth_token
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_complete_auth_token
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
 #endif
 OM_uint32 _gss_spnego_inquire_sec_context_by_oid
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_sec_context_by_oid
            (OM_uint32 * minor_status,
             const gss_ctx_id_t context_handle,
 …
+}
 OM_uint32 _gss_spnego_set_sec_context_option
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_set_sec_context_option
            (OM_uint32 * minor_status,
             gss_ctx_id_t * context_handle,
 …
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_pseudo_random(OM_uint32 *minor_status,
                           gss_ctx_id_t context_handle,

trunk/server/source4/heimdal/lib/gssapi/spnego/cred_stubs.c

-              r414
+              r745
 #include "spnego_locl.h"
+RCSID("$Id$");
+OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
+{
-    gssspnego_cred cred;
     OM_uint32 ret;
     *minor_status = 0;
     if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
         return GSS_S_COMPLETE;
+    }
+    cred = (gssspnego_cred)*cred_handle;
+    ret = gss_release_cred(minor_status, &cred->negotiated_cred_id);
+    free(cred);
+    ret = gss_release_cred(minor_status, cred_handle);
     *cred_handle = GSS_C_NO_CREDENTIAL;
     return ret;
+}
-OM_uint32
-_gss_spnego_alloc_cred(OM_uint32 *minor_status,
-                       gss_cred_id_t mech_cred_handle,
-                       gss_cred_id_t *cred_handle)
+{
-    gssspnego_cred cred;
-    if (*cred_handle != GSS_C_NO_CREDENTIAL) {
-        *minor_status = EINVAL;
-        return GSS_S_FAILURE;
+    }
-    cred = calloc(1, sizeof(*cred));
-    if (cred == NULL) {
-        *cred_handle = GSS_C_NO_CREDENTIAL;
-        *minor_status = ENOMEM;
-        return GSS_S_FAILURE;
+    }
-    cred->negotiated_cred_id = mech_cred_handle;
-    *cred_handle = (gss_cred_id_t)cred;
-    return GSS_S_COMPLETE;
+}
 …
  * more functionality.
  */
 OM_uint32 _gss_spnego_acquire_cred
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
 (OM_uint32 *minor_status,
  const gss_name_t desired_name,
 …
     gss_OID_set mechs;
     int i, j;
-    gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
-    gssspnego_cred cred;
     *output_cred_handle = GSS_C_NO_CREDENTIAL;
 …
     actual_desired_mechs.count = j;
-    ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
-                                 &cred_handle);
-    if (ret != GSS_S_COMPLETE)
-        goto out;
-    cred = (gssspnego_cred)cred_handle;
     ret = gss_acquire_cred(minor_status, name,
                            time_req, &actual_desired_mechs,
                            cred_usage,
                            &cred->negotiated_cred_id,
+                           output_cred_handle,
                            actual_mechs, time_rec);
     if (ret != GSS_S_COMPLETE)
         goto out;
-    *output_cred_handle = cred_handle;
 out:
 …
+    }
     if (ret != GSS_S_COMPLETE) {
         _gss_spnego_release_cred(&tmp, &cred_handle);
+    }
     return ret;
+}
 OM_uint32 _gss_spnego_inquire_cred
+        _gss_spnego_release_cred(&tmp, output_cred_handle);
+    }
+    return ret;
+}
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
            (OM_uint32 * minor_status,
             const gss_cred_id_t cred_handle,
 …
+           )
+{
-    gssspnego_cred cred;
     spnego_name sname = NULL;
     OM_uint32 ret;
 …
+    }
-    cred = (gssspnego_cred)cred_handle;
     ret = gss_inquire_cred(minor_status,
                            cred->negotiated_cred_id,
+                           cred_handle,
                            sname ? &sname->mech : NULL,
                            lifetime,
 …
+}
+OM_uint32 _gss_spnego_add_cred (
+            OM_uint32 * minor_status,
+            const gss_cred_id_t input_cred_handle,
+            const gss_name_t desired_name,
+            const gss_OID desired_mech,
+            gss_cred_usage_t cred_usage,
+            OM_uint32 initiator_time_req,
+            OM_uint32 acceptor_time_req,
+            gss_cred_id_t * output_cred_handle,
+            gss_OID_set * actual_mechs,
+            OM_uint32 * initiator_time_rec,
+            OM_uint32 * acceptor_time_rec
+           )
+{
+    gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
+    OM_uint32 ret, tmp;
+    gssspnego_cred input_cred, output_cred;
+    *output_cred_handle = GSS_C_NO_CREDENTIAL;
+    ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
+                                 &spnego_output_cred_handle);
+    if (ret)
+        return ret;
+    input_cred = (gssspnego_cred)input_cred_handle;
+    output_cred = (gssspnego_cred)spnego_output_cred_handle;
+    ret = gss_add_cred(minor_status,
+                       input_cred->negotiated_cred_id,
+                       desired_name,
+                       desired_mech,
+                       cred_usage,
+                       initiator_time_req,
+                       acceptor_time_req,
+                       &output_cred->negotiated_cred_id,
+                       actual_mechs,
+                       initiator_time_rec,
+                       acceptor_time_rec);
+    if (ret) {
+        _gss_spnego_release_cred(&tmp, &spnego_output_cred_handle);
+        return ret;
+    }
+    *output_cred_handle = spnego_output_cred_handle;
+    return GSS_S_COMPLETE;
+}
+OM_uint32 _gss_spnego_inquire_cred_by_mech (
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
             OM_uint32 * minor_status,
             const gss_cred_id_t cred_handle,
 …
+           )
+{
-    gssspnego_cred cred;
     spnego_name sname = NULL;
     OM_uint32 ret;
 …
+    }
-    cred = (gssspnego_cred)cred_handle;
     ret = gss_inquire_cred_by_mech(minor_status,
                                    cred->negotiated_cred_id,
+                                   cred_handle,
                                    mech_type,
                                    sname ? &sname->mech : NULL,
 …
+}
 OM_uint32 _gss_spnego_inquire_cred_by_oid
+OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
            (OM_uint32 * minor_status,
             const gss_cred_id_t cred_handle,
 …
             gss_buffer_set_t *data_set)
+{
-    gssspnego_cred cred;
     OM_uint32 ret;
 …
         return GSS_S_NO_CRED;
+    }
-    cred = (gssspnego_cred)cred_handle;
     ret = gss_inquire_cred_by_oid(minor_status,
                                   cred->negotiated_cred_id,
+                                  cred_handle,
                                   desired_object,
                                   data_set);
 …
+}
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_set_cred_option (OM_uint32 *minor_status,
                              gss_cred_id_t *cred_handle,
 …
                              const gss_buffer_t value)
+{
-    gssspnego_cred cred;
     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
         *minor_status = 0;
 …
+    }
-    cred = (gssspnego_cred)*cred_handle;
     return gss_set_cred_option(minor_status,
                               &cred->negotiated_cred_id,
+                              cred_handle,
                               object,
                               value);
 …
 OM_uint32
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_export_cred (OM_uint32 *minor_status,
                          gss_cred_id_t cred_handle,
                          gss_buffer_t value)
+{
+    gssspnego_cred cred = (gssspnego_cred)cred_handle;
+    return gss_export_cred(minor_status, cred->negotiated_cred_id, value);
+}
+OM_uint32
+    return gss_export_cred(minor_status, cred_handle, value);
+}
+OM_uint32 GSSAPI_CALLCONV
 _gss_spnego_import_cred (OM_uint32 *minor_status,
                          gss_buffer_t value,
                          gss_cred_id_t *cred_handle)
+{
+    gssspnego_cred cred;
+    OM_uint32 major;
+    *cred_handle = GSS_C_NO_CREDENTIAL;
+    cred = calloc(1, sizeof(*cred));
+    if (cred == NULL) {
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    major = gss_import_cred(minor_status, value, &cred->negotiated_cred_id);
+    if (major == GSS_S_COMPLETE)
+        *cred_handle = (gss_cred_id_t)cred;
+    else
+        free(cred);
+    return major;
+}
+    return gss_import_cred(minor_status, value, cred_handle);
+}

trunk/server/source4/heimdal/lib/gssapi/spnego/external.c

-              r414
+              r745
 #include <gssapi_mech.h>
-RCSID("$Id$");
 /*
  * RFC2478, SPNEGO:
 …
  */
+static gss_mo_desc spnego_mo[] = {
+    {
+        GSS_C_MA_SASL_MECH_NAME,
+        GSS_MO_MA,
+        "SASL mech name",
+        "SPNEGO",
+        _gss_mo_get_ctx_as_string,
+        NULL
+    },
+    {
+        GSS_C_MA_MECH_NAME,
+        GSS_MO_MA,
+        "Mechanism name",
+        "SPNEGO",
+        _gss_mo_get_ctx_as_string,
+        NULL
+    },
+    {
+        GSS_C_MA_MECH_DESCRIPTION,
+        GSS_MO_MA,
+        "Mechanism description",
+        "Heimdal SPNEGO Mechanism",
+        _gss_mo_get_ctx_as_string,
+        NULL
+    },
+    {
+        GSS_C_MA_MECH_NEGO,
+        GSS_MO_MA
+    },
+    {
+        GSS_C_MA_MECH_PSEUDO,
+        GSS_MO_MA
+    }
+};
 static gssapi_mech_interface_desc spnego_mech = {
     GMI_VERSION,
     "spnego",
     {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
+,
     _gss_spnego_acquire_cred,
     _gss_spnego_release_cred,
 …
     _gss_spnego_inquire_context,
     _gss_spnego_wrap_size_limit,
     _gss_spnego_add_cred,
+    gss_add_cred,
     _gss_spnego_inquire_cred_by_mech,
     _gss_spnego_export_sec_context,
 …
     _gss_spnego_set_cred_option,
     _gss_spnego_pseudo_random,
+    _gss_spnego_wrap_iov,
+    _gss_spnego_unwrap_iov,
+    _gss_spnego_wrap_iov_length,
+    NULL,
+    _gss_spnego_export_cred,
+    _gss_spnego_import_cred,
     NULL,
     NULL,
     NULL,
     NULL,
+    _gss_spnego_export_cred,
+    _gss_spnego_import_cred
+    NULL,
+    NULL,
+    NULL,
+    spnego_mo,
+    sizeof(spnego_mo) / sizeof(spnego_mo[0])
 };
 …
         return &spnego_mech;
+}
-static gss_OID_desc _gss_spnego_mechanism_desc =
-    {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
-gss_OID GSS_SPNEGO_MECHANISM = &_gss_spnego_mechanism_desc;

trunk/server/source4/heimdal/lib/gssapi/spnego/init_sec_context.c

-              r414
+              r745
 #include "spnego_locl.h"
-RCSID("$Id$");
 /*
  * Is target_name an sane target for `mechÂŽ.
 …
 spnego_initial
            (OM_uint32 * minor_status,
             gssspnego_cred cred,
+            gss_cred_id_t cred,
             gss_ctx_id_t * context_handle,
             const gss_name_t target_name,
 …
     /* generate optimistic token */
     sub = gss_init_sec_context(&minor,
+                               (cred != NULL) ? cred->negotiated_cred_id :
+                                  GSS_C_NO_CREDENTIAL,
+                               cred,
                                &ctx->negotiated_ctx_id,
                                ctx->target_name,
 …
 spnego_reply
            (OM_uint32 * minor_status,
             const gssspnego_cred cred,
+            const gss_cred_id_t cred,
             gss_ctx_id_t * context_handle,
             const gss_name_t target_name,
 …
            was requested explicitly */
         ret = gss_init_sec_context(&minor,
+                                   (cred != NULL) ? cred->negotiated_cred_id :
+                                       GSS_C_NO_CREDENTIAL,
+                                   cred,
                                    &ctx->negotiated_ctx_id,
                                    ctx->target_name,
 …
+}
+OM_uint32 _gss_spnego_init_sec_context
+OM_uint32 GSSAPI_CALLCONV
+_gss_spnego_init_sec_context
            (OM_uint32 * minor_status,
             const gss_cred_id_t initiator_cred_handle,
 …
+           )
+{
-    gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
     if (*context_handle == GSS_C_NO_CONTEXT)
         return spnego_initial (minor_status,
                                cred,
+                               initiator_cred_handle,
                                context_handle,
                                target_name,
 …
     else
         return spnego_reply (minor_status,
                              cred,
+                             initiator_cred_handle,
                              context_handle,
                              target_name,

trunk/server/source4/heimdal/lib/gssapi/spnego/spnego_locl.h

-              r414
+              r745
 #endif
+#include <roken.h>
 #ifdef HAVE_PTHREAD_H
 #include <pthread.h>
 …
 #include <der.h>
-#include <roken.h>
 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-typedef struct {
-        gss_cred_id_t           negotiated_cred_id;
-} *gssspnego_cred;
 typedef struct {

Context Navigation

Legend:

Download in other formats: