Load samba-3.6.2 into branches/samba/upstream.upstream/3.6.2

git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@3992 fc4039ab-9d04-0410-8cac-899223bdd6b0

1 files changed, 112 insertions, 262 deletions

diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c
index fc835bd845..d6f14a48f7 100644
--- a/source4/heimdal/lib/gssapi/krb5/external.c
+++ b/source4/heimdal/lib/gssapi/krb5/external.c
@@ -46,12 +46,9 @@
  * to that gss_OID_desc.
  */
 
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME =
-    &gss_c_nt_user_name_oid_desc;
-
 /*
  * The implementation must reserve static storage for a
  * gss_OID_desc object containing the value
@@ -64,12 +61,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME =
  * initialized to point to that gss_OID_desc.
  */
 
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME =
-    &gss_c_nt_machine_uid_name_oid_desc;
-
 /*
  * The implementation must reserve static storage for a
  * gss_OID_desc object containing the value
@@ -82,12 +76,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME =
  * initialized to point to that gss_OID_desc.
  */
 
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME =
-    &gss_c_nt_string_uid_name_oid_desc;
-
 /*
  * The implementation must reserve static storage for a
  * gss_OID_desc object containing the value
@@ -106,12 +97,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME =
  * implementations
  */
 
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
     {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X =
-    &gss_c_nt_hostbased_service_x_oid_desc;
-
 /*
  * The implementation must reserve static storage for a
  * gss_OID_desc object containing the value
@@ -123,12 +111,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X =
  * GSS_C_NT_HOSTBASED_SERVICE should be initialized
  * to point to that gss_OID_desc.
  */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE =
-    &gss_c_nt_hostbased_service_oid_desc;
-
 /*
  * The implementation must reserve static storage for a
  * gss_OID_desc object containing the value
@@ -140,12 +125,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE =
  * to that gss_OID_desc.
  */
 
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
     {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS =
-    &gss_c_nt_anonymous_oid_desc;
-
 /*
  * The implementation must reserve static storage for a
  * gss_OID_desc object containing the value
@@ -157,12 +139,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS =
  * to that gss_OID_desc.
  */
 
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
     {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME =
-    &gss_c_nt_export_name_oid_desc;
-
 /*
  *   This name form shall be represented by the Object Identifier {iso(1)
  *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
@@ -170,72 +149,9 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME =
  *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
  */
 
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_PRINCIPAL_NAME =
-    &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_USER_NAME =
-    &gss_c_nt_user_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_MACHINE_UID_NAME =
-    &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_STRING_UID_NAME =
-    &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
- *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
- *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-    {5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM =
-    &gss_krb5_mechanism_oid_desc;
-
 /*
  * draft-ietf-cat-iakerb-09, IAKERB:
  *   The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
@@ -249,183 +165,107 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM =
  *   iakerbMinimumMessagesProtocol(2)}.
  */
 
-static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE  __gss_iakerb_proxy_mechanism_oid_desc =
     {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_PROXY_MECHANISM =
-    &gss_iakerb_proxy_mechanism_oid_desc;
-
-static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
+gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
     {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
 
-gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_MIN_MSG_MECHANISM =
-    &gss_iakerb_min_msg_mechanism_oid_desc;
-
-/*
- *
- */
-
-static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
-    {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_C_PEER_HAS_UPDATED_SPNEGO =
-    &gss_c_peer_has_updated_spnego_oid_desc;
-
-/*
- * 1.2.752.43.13 Heimdal GSS-API Extentions
- */
-
-/* 1.2.752.43.13.1 */
-static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COPY_CCACHE_X =
-    &gss_krb5_copy_ccache_x_oid_desc;
-
-/* 1.2.752.43.13.2 */
-static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TKT_FLAGS_X =
-    &gss_krb5_get_tkt_flags_x_oid_desc;
-
-/* 1.2.752.43.13.3 */
-static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X =
-    &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
-
-/* 1.2.752.43.13.4 */
-static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COMPAT_DES3_MIC_X =
-    &gss_krb5_compat_des3_mic_x_oid_desc;
-
-/* 1.2.752.43.13.5 */
-static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X =
-    &gss_krb5_register_acceptor_identity_x_desc;
-
-/* 1.2.752.43.13.6 */
-static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_X =
-    &gss_krb5_export_lucid_context_x_desc;
-
-/* 1.2.752.43.13.6.1 */
-static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
-    {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X =
-    &gss_krb5_export_lucid_context_v1_x_desc;
-
-/* 1.2.752.43.13.7 */
-static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DNS_CANONICALIZE_X =
-    &gss_krb5_set_dns_canonicalize_x_desc;
-
-/* 1.2.752.43.13.8 */
-static gss_OID_desc gss_krb5_get_subkey_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SUBKEY_X =
-    &gss_krb5_get_subkey_x_desc;
-
-/* 1.2.752.43.13.9 */
-static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_INITIATOR_SUBKEY_X =
-    &gss_krb5_get_initiator_subkey_x_desc;
-
-/* 1.2.752.43.13.10 */
-static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_ACCEPTOR_SUBKEY_X =
-    &gss_krb5_get_acceptor_subkey_x_desc;
-
-/* 1.2.752.43.13.11 */
-static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SEND_TO_KDC_X =
-    &gss_krb5_send_to_kdc_x_desc;
-
-/* 1.2.752.43.13.12 */
-static gss_OID_desc gss_krb5_get_authtime_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_AUTHTIME_X =
-    &gss_krb5_get_authtime_x_desc;
-
-/* 1.2.752.43.13.13 */
-static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SERVICE_KEYBLOCK_X =
-    &gss_krb5_get_service_keyblock_x_desc;
-
-/* 1.2.752.43.13.14 */
-static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X =
-    &gss_krb5_set_allowable_enctypes_x_desc;
-
-/* 1.2.752.43.13.15 */
-static gss_OID_desc gss_krb5_set_default_realm_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DEFAULT_REALM_X =
-    &gss_krb5_set_default_realm_x_desc;
-
-/* 1.2.752.43.13.16 */
-static gss_OID_desc gss_krb5_ccache_name_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_CCACHE_NAME_X =
-    &gss_krb5_ccache_name_x_desc;
-
-/* 1.2.752.43.13.17 */
-static gss_OID_desc gss_krb5_set_time_offset_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_TIME_OFFSET_X =
-    &gss_krb5_set_time_offset_x_desc;
-
-/* 1.2.752.43.13.18 */
-static gss_OID_desc gss_krb5_get_time_offset_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X =
-    &gss_krb5_get_time_offset_x_desc;
-
-/* 1.2.752.43.13.19 */
-static gss_OID_desc gss_krb5_plugin_register_x_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")};
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_PLUGIN_REGISTER_X =
-    &gss_krb5_plugin_register_x_desc;
-
-/* 1.2.752.43.14.1 */
-static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
-    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
-
-gss_OID GSSAPI_LIB_VARIABLE GSS_SASL_DIGEST_MD5_MECHANISM =
-    &gss_sasl_digest_md5_mechanism_desc;
-
 /*
  * Context for krb5 calls.
  */
 
+static gss_mo_desc krb5_mo[] = {
+    {
+	GSS_C_MA_SASL_MECH_NAME,
+	GSS_MO_MA,
+	"SASL mech name",
+	"GS2-KRB5",
+	_gss_mo_get_ctx_as_string,
+	NULL
+    },
+    {
+	GSS_C_MA_MECH_NAME,
+	GSS_MO_MA,
+	"Mechanism name",
+	"KRB5",
+	_gss_mo_get_ctx_as_string,
+	NULL
+    },
+    {
+	GSS_C_MA_MECH_DESCRIPTION,
+	GSS_MO_MA,
+	"Mechanism description",
+	"Heimdal Kerberos 5 mech",
+	_gss_mo_get_ctx_as_string,
+	NULL
+    },
+    {
+	GSS_C_MA_MECH_CONCRETE,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_ITOK_FRAMED,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_AUTH_INIT,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_AUTH_TARG,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_AUTH_INIT_ANON,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_DELEG_CRED,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_INTEG_PROT,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_CONF_PROT,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_MIC,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_WRAP,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_PROT_READY,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_REPLAY_DET,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_OOS_DET,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_CBINDINGS,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_PFS,
+	GSS_MO_MA
+    },
+    {
+	GSS_C_MA_CTX_TRANS,
+	GSS_MO_MA
+    }
+};
+
 /*
  *
  */
@@ -434,6 +274,7 @@ static gssapi_mech_interface_desc krb5_mech = {
     GMI_VERSION,
     "kerberos 5",
     {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
+    0,
     _gsskrb5_acquire_cred,
     _gsskrb5_release_cred,
     _gsskrb5_init_sec_context,
@@ -473,7 +314,16 @@ static gssapi_mech_interface_desc krb5_mech = {
     _gk_wrap_iov_length,
     _gsskrb5_store_cred,
     _gsskrb5_export_cred,
-    _gsskrb5_import_cred
+    _gsskrb5_import_cred,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    krb5_mo,
+    sizeof(krb5_mo) / sizeof(krb5_mo[0])
 };
 
 gssapi_mech_interface