mirror of
https://github.com/opnsense/src.git
synced 2026-06-24 16:09:24 -04:00
e3ac01e18e
Without this patch, the kgssapi uses detailed knowledge of the internal context structure for Heimdal (up to vers 1.5). It also does four upcalls to the gssd daemon to establish a server side RPCSEC_GSS context. This patch adds support for three new upcalls: gss_init_sec_context_lucid_v1() gss_accept_sec_context_lucid_v1() gss_supports_lucid() These are used to determine if the gssd can do the upcalls and uses them to avoid needing detailed Heimdal knowledge if they are supported. gss_init_sec_context_lucid_v1() and gss_accept_sec_context_lucid_v1() return the information needed to complete the RPCSEC_GSS context. They use gss_krb5_export_lucid_sec_context() to acquire the information from the libraries. (MIT Kerberos supports this and I believe newer versions of Heimdal does, as well). This avoids the need for detailed knowledge about MIT's internals and replaces the 2 or 4 (initiator or acceptor) upcalls with a single upcall to create the RPCSEC_GSS context. The old Heimdal (up to 1.5) support is left intact, but should be removed whenever Heimdal 1.5 is removed from /usr/src. It also modifies the Makefile so that the gssd is only built when MK_KERBEROS_SUPPORT != "no", since it is useless without Kerberos. Reviewed by: cy Differeential Revision: https://reviews.freebsd.org/D51731 Differeential Revision: https://reviews.freebsd.org/D51733 |
||
|---|---|---|
| .. | ||
| krb5 | ||
| gss_accept_sec_context.c | ||
| gss_acquire_cred.c | ||
| gss_add_oid_set_member.c | ||
| gss_canonicalize_name.c | ||
| gss_create_empty_oid_set.c | ||
| gss_delete_sec_context.c | ||
| gss_display_status.c | ||
| gss_export_name.c | ||
| gss_get_mic.c | ||
| gss_impl.c | ||
| gss_import_name.c | ||
| gss_init_sec_context.c | ||
| gss_ip_to_dns.c | ||
| gss_names.c | ||
| gss_pname_to_uid.c | ||
| gss_release_buffer.c | ||
| gss_release_cred.c | ||
| gss_release_name.c | ||
| gss_release_oid_set.c | ||
| gss_set_cred_option.c | ||
| gss_test_oid_set_member.c | ||
| gss_unwrap.c | ||
| gss_verify_mic.c | ||
| gss_wrap.c | ||
| gss_wrap_size_limit.c | ||
| gssapi.h | ||
| gssapi_impl.h | ||
| gssd.x | ||
| gssd_prot.c | ||
| kgss_if.m | ||