git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 51569b3)
third_party/heimdal_build: Add source files to build
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 22 Feb 2022 01:09:52 +0000 (14:09 +1300)
committerJoseph Sutton <jsutton@samba.org>
Tue, 1 Mar 2022 22:34:34 +0000 (22:34 +0000)
This is an adaptation to Heimdal:

commit be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico@twosigma.com>
Date:   Wed Dec 22 17:01:12 2021 -0600

    gsskrb5: Add simple name attributes support

    This adds Kerberos mechanism support for:

     - composite principal name export/import
     - getting rudimentary name attributes from GSS names using
       gss_get_name_attribute():
        - all (raw) authorization data from the Ticket
        - all (raw) authorization data from the Authenticator
        - transit path
        - realm
        - component count
        - each component
     - gss_inquire_name()
     - gss_display_name_ext() (just for the hostbased service name type
                               though)

    The test exercises almost all of the functionality, except for:

     - getting the PAC
     - getting authz-data from the Authenticator
     - getting the transit path

    TBD (much) later:

     - amend test_context to do minimal name attribute checks as well
     - gss_set_name_attribute() (to request authz-data)
     - gss_delete_name_attribute()
     - getting specific authorization data elements via URN fragments (as
       opposed to all of them)
     - parsing the PAC, extracting SIDs (each one as a separate value)
     - some configurable local policy (?)
     - plugin interface for additional local policy

NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
third_party/heimdal_build/wscript_build patch | blob | history

diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build
index cf7c2b9a34281c93939f1930129c17d472a64c03..76e88bc103e0bc5e3ca55870db9a451bf1186d17 100644 (file)
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -549,6 +549,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
         lib/gssapi/krb5/inquire_names_for_mech.c
         lib/gssapi/krb5/indicate_mechs.c
         lib/gssapi/krb5/inquire_sec_context_by_oid.c
+        lib/gssapi/krb5/name_attrs.c
         lib/gssapi/krb5/export_sec_context.c
         lib/gssapi/krb5/import_sec_context.c
         lib/gssapi/krb5/duplicate_name.c
@@ -658,6 +659,8 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
         lib/gssapi/mech/gss_release_name.c
         lib/gssapi/mech/gss_set_cred_option.c
         lib/gssapi/mech/gss_pseudo_random.c
+        lib/gssapi/mech/gss_authorize_localname.c
+        lib/gssapi/mech/gss_get_name_attribute.c
         lib/gssapi/mech/gssspi_exchange_meta_data.c
         lib/gssapi/mech/gssspi_query_mechanism_info.c
         lib/gssapi/mech/gssspi_query_meta_data.c
Samba Shared Repository