diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-02-22 14:09:52 +1300 |
---|---|---|
committer | Joseph Sutton <jsutton@samba.org> | 2022-03-01 22:34:34 +0000 |
commit | f2ca9c5db7e1bb20cfc6705633b48c32b1496334 (patch) | |
tree | 4592bf46fa5483c0fd32c18bec8249597ccbe54d /third_party | |
parent | 51569b3152a952d07fddaa3a70d60c920618c704 (diff) | |
download | samba-f2ca9c5db7e1bb20cfc6705633b48c32b1496334.tar.gz |
third_party/heimdal_build: Add source files to build
This is an adaptation to Heimdal:
commit be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico@twosigma.com>
Date: Wed Dec 22 17:01:12 2021 -0600
gsskrb5: Add simple name attributes support
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'third_party')
-rw-r--r-- | third_party/heimdal_build/wscript_build | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build index cf7c2b9a342..76e88bc103e 100644 --- a/third_party/heimdal_build/wscript_build +++ b/third_party/heimdal_build/wscript_build @@ -549,6 +549,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"): lib/gssapi/krb5/inquire_names_for_mech.c lib/gssapi/krb5/indicate_mechs.c lib/gssapi/krb5/inquire_sec_context_by_oid.c + lib/gssapi/krb5/name_attrs.c lib/gssapi/krb5/export_sec_context.c lib/gssapi/krb5/import_sec_context.c lib/gssapi/krb5/duplicate_name.c @@ -658,6 +659,8 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"): lib/gssapi/mech/gss_release_name.c lib/gssapi/mech/gss_set_cred_option.c lib/gssapi/mech/gss_pseudo_random.c + lib/gssapi/mech/gss_authorize_localname.c + lib/gssapi/mech/gss_get_name_attribute.c lib/gssapi/mech/gssspi_exchange_meta_data.c lib/gssapi/mech/gssspi_query_mechanism_info.c lib/gssapi/mech/gssspi_query_meta_data.c |