[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-mailutils] [PATCH] Support for new GSS library, and GSS standard c
From: |
Simon Josefsson |
Subject: |
[bug-mailutils] [PATCH] Support for new GSS library, and GSS standard compliance fix. |
Date: |
Sat, 28 Jun 2003 22:44:47 +0200 |
User-agent: |
Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) |
This make Mailutils support GSS (see <http://josefsson.org/gss/>),
besides the existing MIT Kerberos 5 and Heimdal support.
It also makes the GSS code use a RFC compliant identifier, instead of
an MIT-specific legacy one (MIT and Heimdal support the legacy stuff,
but GSS will not, and using the RFC identifier in Mailutils seems
better).
Thanks.
2003-06-28 Simon Josefsson <address@hidden>
* m4/gssapi.m4: Check for GSS. Define GSS_C_NT_HOSTBASED_SERVICE
as gss_nt_service_name if it doesn't exist, for MIT Kerberos 5.
* imap4d/auth_gss.c: Support GSS.
(imap4d_gss_userok): Simply compare auth name with authz name.
(auth_gssapi): Use the RFC standard GSS_C_NT_HOSTBASED_SERVICE
instead of MIT-specific gss_nt_service_name.
Index: m4/gssapi.m4
===================================================================
RCS file: /cvsroot/mailutils/mailutils/m4/gssapi.m4,v
retrieving revision 1.5
diff -u -p -r1.5 gssapi.m4
--- m4/gssapi.m4 13 Jan 2003 15:07:20 -0000 1.5
+++ m4/gssapi.m4 28 Jun 2003 19:38:48 -0000
@@ -4,7 +4,9 @@ dnl MU_CHECK_GSSAPI(PREFIX)
dnl Search for a GSSAPI implementation in the standard locations plus PREFIX,
dnl if it is set and not "yes".
dnl Defines GSSAPI_CFLAGS and GSSAPI_LIBS if found.
-dnl Defines GSSAPI_IMPL to "Heimdal", "MIT", or "OldMIT", or "none" if not
found
+dnl Defines GSSAPI_IMPL to "GSS", "Heimdal", "MIT", or "OldMIT", or
+dnl "none" if not found
+
AC_DEFUN(MU_CHECK_GSSAPI,
[
if test "x$mu_cv_lib_gssapi_libs" = x; then
@@ -18,7 +20,25 @@ AC_DEFUN(MU_CHECK_GSSAPI,
krb5_path="$PATH"
fi
AC_PATH_PROG(KRB5CFGPATH, krb5-config, none, $krb5_path)
- if test "$KRB5CFGPATH" != "none"; then
+ AC_CHECK_HEADER(gss.h, [wantgss=yes], [wantgss=no])
+ if test $wantgss != no; then
+ save_LIBS=$LIBS
+ AC_CHECK_LIB(gss, gss_check_version, [GSSAPI_LIBS=-lgss], [wantgss=no])
+ if test $wantgss != no; then
+ LIBS="$LIBS $GSSAPI_LIBS"
+ AC_TRY_RUN([
+#include <gss.h>
+int main() { return gss_check_version ("0.0.2") == (char*) 0; }],
+ [:],
+ [wantgss=no],
+ [wantgss=no])
+ fi
+ LIBS=$save_LIBS
+ fi
+ if test $wantgss != no; then
+ GSSAPI_IMPL="GSS"
+ AC_DEFINE(WITH_GSS,1,[Define if mailutils is using GSS library for GSSAPI])
+ elif test "$KRB5CFGPATH" != "none"; then
GSSAPI_CFLAGS="$CPPFLAGS `$KRB5CFGPATH --cflags gssapi`"
GSSAPI_LIBS="`$KRB5CFGPATH --libs gssapi`"
GSSAPI_IMPL="Heimdal"
@@ -62,6 +82,13 @@ AC_DEFUN(MU_CHECK_GSSAPI,
,, -lkrb5 -lcrypto -lcom_err)
fi
+ AC_CHECK_DECL(GSS_C_NT_HOSTBASED_SERVICE,,
+ [AC_DEFINE(GSS_C_NT_HOSTBASED_SERVICE,
+ gss_nt_service_name,
+ [Work around buggy MIT library])],[
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+])
CPPFLAGS="$saved_CPPFLAGS"
LDFLAGS="$saved_LDFLAGS"
LIBS="$saved_LIBS"
Index: imap4d/auth_gss.c
===================================================================
RCS file: /cvsroot/mailutils/mailutils/imap4d/auth_gss.c,v
retrieving revision 1.9
diff -u -p -r1.9 auth_gss.c
--- imap4d/auth_gss.c 26 May 2003 09:57:45 -0000 1.9
+++ imap4d/auth_gss.c 28 Jun 2003 19:38:48 -0000
@@ -23,9 +23,13 @@
#include <netinet/in.h>
+#ifdef WITH_GSS
+#include <gss.h>
+#else
#include <krb5.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_generic.h>
+#endif
#define GSS_AUTH_P_NONE 1
#define GSS_AUTH_P_INTEGRITY 2
@@ -64,6 +68,10 @@ display_status (char *msg, OM_uint32 maj
static int
imap4d_gss_userok (gss_buffer_t client_name, char *name)
{
+#ifdef WITH_GSS
+ return (strlen(name) == client_name->length &&
+ memcmp(name, client_name->value, client_name->length) == 0) ? 0 : 1;
+#else
int rc = -1;
krb5_principal p;
krb5_context kcontext;
@@ -78,6 +86,7 @@ imap4d_gss_userok (gss_buffer_t client_n
rc = 1;
krb5_free_principal (kcontext, p);
return rc;
+#endif
}
static int
@@ -112,7 +121,7 @@ auth_gssapi (struct imap4d_command *comm
tokbuf.value = tmp;
tokbuf.length = strlen (tokbuf.value) + 1;
maj_stat = gss_import_name (&min_stat, &tokbuf,
- gss_nt_service_name, &server_name);
+ GSS_C_NT_HOSTBASED_SERVICE, &server_name);
if (maj_stat != GSS_S_COMPLETE)
{
display_status ("import name", maj_stat, min_stat);
- [bug-mailutils] [PATCH] Support for new GSS library, and GSS standard compliance fix.,
Simon Josefsson <=