[bug-mailutils] [PATCH] GSS-API support for GNU GSSLib

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] [PATCH] GSS-API support for GNU GSSLib

From:	Simon Josefsson
Subject:	[bug-mailutils] [PATCH] GSS-API support for GNU GSSLib
Date:	Fri, 16 Jan 2004 12:06:21 +0100
User-agent:	Gnus/5.110002 (No Gnus v0.2) Emacs/21.3.50 (gnu/linux)

Thanks for applying the other patches.  This one is a bit longer, but
it fixes a few problems in the GSS-API support, making it possible to
use GNU GSSLib.  Incidentally, it probably also make it support
Heimdal, which I believe didn't work before because the code
unconditionally used gssapi/gssapi.h which is MIT specific (Heimdal
has gssapi.h, GNU GSS has gss.h).  It also fixes the code to use the
RFC compliant GSS_C_NT_HOSTBASED_SERVICE instead the MIT specific
obsolete gss_nt_service_name.

2004-01-16  Simon Josefsson  <address@hidden>

        * m4/gssapi.m4: Check for GNU GSS
        <http://www.gnu.org/software/gss/>.  Check if
        GSS_C_NT_HOSTBASED_SERVICE is declared, and fall back to
        gss_nt_service_name if not.

        * imap4d/auth_gss.c: Fix GSS-API #include's, for GNU GSS support.
        (imap4d_gss_userok): Hide in #ifndef WITH_GSS (it uses krb5.h
        specific functions).
        (auth_gssapi): Use GSS_C_NT_HOSTBASED_SERVICE instead of
        gss_nt_service_name.
        (auth_gssapi): Use gss_userok if GNU GSS is used, otherwise call
        imap4d_gss_userok.

Index: m4/gssapi.m4
===================================================================
RCS file: /cvsroot/mailutils/mailutils/m4/gssapi.m4,v
retrieving revision 1.6
diff -u -p -r1.6 gssapi.m4
--- m4/gssapi.m4        26 Dec 2003 16:22:25 -0000      1.6
+++ m4/gssapi.m4        16 Jan 2004 11:02:37 -0000
@@ -4,7 +4,9 @@ dnl MU_CHECK_GSSAPI(PREFIX)
 dnl Search for a GSSAPI implementation in the standard locations plus PREFIX,
 dnl if it is set and not "yes".
 dnl Defines GSSAPI_CFLAGS and GSSAPI_LIBS if found.
-dnl Defines GSSAPI_IMPL to "Heimdal", "MIT", or "OldMIT", or "none" if not 
found
+dnl Defines GSSAPI_IMPL to "GSS", "Heimdal", "MIT", or "OldMIT", or
+dnl "none" if not found
+
 AC_DEFUN([MU_CHECK_GSSAPI],
 [
  if test "x$mu_cv_lib_gssapi_libs" = x; then
@@ -18,7 +20,25 @@ AC_DEFUN([MU_CHECK_GSSAPI],
     krb5_path="$PATH"
   fi
   AC_PATH_PROG(KRB5CFGPATH, krb5-config, none, $krb5_path)
-  if test "$KRB5CFGPATH" != "none"; then
+  AC_CHECK_HEADER(gss.h, [wantgss=yes], [wantgss=no])
+  if test $wantgss != no; then
+    save_LIBS=$LIBS
+    AC_CHECK_LIB(gss, gss_check_version, [GSSAPI_LIBS=-lgss], [wantgss=no])
+    if test $wantgss != no; then
+      LIBS="$LIBS $GSSAPI_LIBS"
+      AC_TRY_RUN([
+#include <gss.h>
+int main() { return gss_check_version ("0.0.9") == (char*) 0; }],
+                 [:],
+                 [wantgss=no],
+                 [wantgss=no])
+    fi
+    LIBS=$save_LIBS
+  fi
+  if test $wantgss != no; then
+    GSSAPI_IMPL="GSS"
+    AC_DEFINE(WITH_GSS,1,[Define if mailutils is using GSS library for GSSAPI])
+  elif test "$KRB5CFGPATH" != "none"; then
     GSSAPI_CFLAGS="$CPPFLAGS `$KRB5CFGPATH --cflags gssapi`"
     GSSAPI_LIBS="`$KRB5CFGPATH --libs gssapi`"
     GSSAPI_IMPL="Heimdal"
@@ -66,6 +86,30 @@ AC_DEFUN([MU_CHECK_GSSAPI],
     LDFLAGS="$saved_LDFLAGS"
     LIBS="$saved_LIBS"
   fi
+
+  saved_CPPFLAGS="$CPPFLAGS"
+  CPPFLAGS="$CPPFLAGS $GSSAPI_CFLAGS"
+  AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h gssapi/gssapi_generic.h)
+  AC_CHECK_DECL(GSS_C_NT_HOSTBASED_SERVICE,, [
+                AC_DEFINE(GSS_C_NT_HOSTBASED_SERVICE,
+                          gss_nt_service_name,
+                          [Work around buggy MIT library])],[
+#ifdef WITH_GSS
+# include <gss.h>
+#else
+# ifdef HAVE_GSSAPI_H
+#  include <gssapi.h>
+# else
+#  ifdef HAVE_GSSAPI_GSSAPI_H
+#   include <gssapi/gssapi.h>
+#  endif
+#  ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
+#   include <gssapi/gssapi_generic.h>
+#  endif
+# endif
+#endif
+])    
+  CPPFLAGS="$saved_CPPFLAGS"
 
   mu_cv_lib_gssapi_cflags="$GSSAPI_CFLAGS"
   mu_cv_lib_gssapi_libs="$GSSAPI_LIBS"
Index: imap4d/auth_gss.c
===================================================================
RCS file: /cvsroot/mailutils/mailutils/imap4d/auth_gss.c,v
retrieving revision 1.9
diff -u -p -r1.9 auth_gss.c
--- imap4d/auth_gss.c   26 May 2003 09:57:45 -0000      1.9
+++ imap4d/auth_gss.c   16 Jan 2004 11:02:37 -0000
@@ -1,5 +1,5 @@
 /* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 1999, 2001, 2002, 2003 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 
    GNU Mailutils is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -23,9 +23,21 @@
 
 #include <netinet/in.h>
 
-#include <krb5.h>
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
+#ifdef WITH_GSS
+# include <gss.h>
+#else
+# include <krb5.h>
+# ifdef HAVE_GSSAPI_H
+#  include <gssapi.h>
+# else
+#  ifdef HAVE_GSSAPI_GSSAPI_H
+#   include <gssapi/gssapi.h>
+#  endif
+#  ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
+#   include <gssapi/gssapi_generic.h>
+#  endif
+# endif
+#endif
 
 #define GSS_AUTH_P_NONE      1
 #define GSS_AUTH_P_INTEGRITY 2
@@ -61,6 +73,7 @@ display_status (char *msg, OM_uint32 maj
   display_status_1 (msg, min_stat, GSS_C_MECH_CODE);
 }
 
+#ifndef WITH_GSS
 static int
 imap4d_gss_userok (gss_buffer_t client_name, char *name)
 {
@@ -79,6 +92,7 @@ imap4d_gss_userok (gss_buffer_t client_n
   krb5_free_principal (kcontext, p);
   return rc;
 }
+#endif
 
 static int
 auth_gssapi (struct imap4d_command *command,
@@ -98,6 +112,7 @@ auth_gssapi (struct imap4d_command *comm
   gss_qop_t quality;
   gss_name_t client;
   gss_buffer_desc client_name;
+  int baduser;
 
   /* Obtain server credentials. RFC 1732 states, that 
      "The server must issue a ready response with no data and pass the
@@ -112,7 +127,7 @@ auth_gssapi (struct imap4d_command *comm
   tokbuf.value = tmp;
   tokbuf.length = strlen (tokbuf.value) + 1;
   maj_stat = gss_import_name (&min_stat, &tokbuf,
-                             gss_nt_service_name, &server_name);
+                             GSS_C_NT_HOSTBASED_SERVICE, &server_name);
   if (maj_stat != GSS_S_COMPLETE)
     {
       display_status ("import name", maj_stat, min_stat);
@@ -257,7 +272,13 @@ auth_gssapi (struct imap4d_command *comm
       return RESP_NO;
     }
 
-  if (imap4d_gss_userok (&client_name, *username))
+#ifdef WITH_GSS
+  baduser = !gss_userok (client, *username);
+#else
+  baduser = imap4d_gss_userok (&client_name, *username);
+#endif
+
+  if (baduser)
     {
       syslog (LOG_NOTICE, _("GSSAPI user %s is NOT authorized as %s"),
              (char *) client_name.value, *username);

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-mailutils] [PATCH] GSS-API support for GNU GSSLib, Simon Josefsson <=
- Re: [bug-mailutils] [PATCH] GSS-API support for GNU GSSLib, Sergey Poznyakoff, 2004/01/22

Prev by Date: Re: [bug-mailutils] [PATCH] Broken base64 encoder in imap4d/util.c
Next by Date: [bug-mailutils] Re: build error
Previous by thread: [bug-mailutils] Mala Direta - Email - lista http://www.divulgamail.vze.com
Next by thread: Re: [bug-mailutils] [PATCH] GSS-API support for GNU GSSLib
Index(es):
- Date
- Thread