From f2ca9c5db7e1bb20cfc6705633b48c32b1496334 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 22 Feb 2022 14:09:52 +1300
Subject: third_party/heimdal_build: Add source files to build

This is an adaptation to Heimdal:

commit be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico@twosigma.com>
Date:   Wed Dec 22 17:01:12 2021 -0600

    gsskrb5: Add simple name attributes support

    This adds Kerberos mechanism support for:

     - composite principal name export/import
     - getting rudimentary name attributes from GSS names using
       gss_get_name_attribute():
        - all (raw) authorization data from the Ticket
        - all (raw) authorization data from the Authenticator
        - transit path
        - realm
        - component count
        - each component
     - gss_inquire_name()
     - gss_display_name_ext() (just for the hostbased service name type
                               though)

    The test exercises almost all of the functionality, except for:

     - getting the PAC
     - getting authz-data from the Authenticator
     - getting the transit path

    TBD (much) later:

     - amend test_context to do minimal name attribute checks as well
     - gss_set_name_attribute() (to request authz-data)
     - gss_delete_name_attribute()
     - getting specific authorization data elements via URN fragments (as
       opposed to all of them)
     - parsing the PAC, extracting SIDs (each one as a separate value)
     - some configurable local policy (?)
     - plugin interface for additional local policy

NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 third_party/heimdal_build/wscript_build | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'third_party')

diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build
index cf7c2b9a342..76e88bc103e 100644
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -549,6 +549,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
         lib/gssapi/krb5/inquire_names_for_mech.c
         lib/gssapi/krb5/indicate_mechs.c
         lib/gssapi/krb5/inquire_sec_context_by_oid.c
+        lib/gssapi/krb5/name_attrs.c
         lib/gssapi/krb5/export_sec_context.c
         lib/gssapi/krb5/import_sec_context.c
         lib/gssapi/krb5/duplicate_name.c
@@ -658,6 +659,8 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
         lib/gssapi/mech/gss_release_name.c
         lib/gssapi/mech/gss_set_cred_option.c
         lib/gssapi/mech/gss_pseudo_random.c
+        lib/gssapi/mech/gss_authorize_localname.c
+        lib/gssapi/mech/gss_get_name_attribute.c
         lib/gssapi/mech/gssspi_exchange_meta_data.c
         lib/gssapi/mech/gssspi_query_mechanism_info.c
         lib/gssapi/mech/gssspi_query_meta_data.c
-- 
cgit v1.2.1