kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upc

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.

This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()

These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.

gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).

This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.

The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.

It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.

Reviewed by: cy
Differeential Revision: https://reviews.freebsd.org/D51731
Differeential Revision: https://reviews.freebsd.org/D51733

show more ...

gssapi,krb5: Replace libgssapi with the MIT version

lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed

gssapi,krb5: Replace libgssapi with the MIT version

lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed results in broken buildworld (gssd) and ports that will not
build without modifications to support the MIT gssapi in an alternate
location.

73ed0c7992fd removed the MIT GSSAPI headers from /usr/include. Apps using
MIT KRB5 gssapi functions and structures will fail to build without this
patch.

This patch includes a temporary patch to usr.sbin/gssd to allow it
to build with this patch. rmacklem@ has a patch for this and for
kgssapi that uses this patch to resolve kgssapi issues for NFS with
Kerberos.

This patch is an updated version of D51661 to allow it to build following
additional patchs to the tree.

This should have been implmented with 7e35117eb07f.

Fixes: 7e35117eb07f, 73ed0c7992fd
Differential Revision: https://reviews.freebsd.org/D51661

show more ...

Revert "kgssapi: Fix the kgssapi so that it can use MIT Kerberos"

This broke the build and will have to wait for cy@'s commit.

This reverts commit 554651ebf1c1798fa8fb2560cab761ac3d219555.

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upc

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.

This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()

These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.

gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).

This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.

The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.

It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.

Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51731
Differential Revision: https://reviews.freebsd.org/D51733

show more ...

gssd: move to a new package

It's reasonable to want to install gssd without the Kerberos utilities
(e.g., if using security/krb5 from ports), so move gssd to its own
package to allow this.

Reviewed

gssd: move to a new package

It's reasonable to want to install gssd without the Kerberos utilities
(e.g., if using security/krb5 from ports), so move gssd to its own
package to allow this.

Reviewed by: manu, cy
Differential Revision: https://reviews.freebsd.org/D51486

show more ...

gssd: Add support for MIT KRB5

Fix gssd build when building with MIT KRB5.

krb5_get_init_creds_opt_set_default_flags() is not an MIT KRB5 function.
It is also not needed to resolve the default keyt

gssd: Add support for MIT KRB5

Fix gssd build when building with MIT KRB5.

krb5_get_init_creds_opt_set_default_flags() is not an MIT KRB5 function.
It is also not needed to resolve the default keytable.

Sponsored by: The FreeBSD Foundation
Reviewed by: rmacklem
Differential revision: https://reviews.freebsd.org/D50810

show more ...

Remove residual blank line at start of Makefile

This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

pkgbase: Create a FreeBSD-kerberos package

This allows users to install or not kerberos related utilities
and libs.

Differential Revision: https://reviews.freebsd.org/D31801

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upc

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.

This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()

These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.

gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).

This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.

The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.

It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.

Reviewed by: cy
Differeential Revision: https://reviews.freebsd.org/D51731
Differeential Revision: https://reviews.freebsd.org/D51733

show more ...

gssapi,krb5: Replace libgssapi with the MIT version

lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed

gssapi,krb5: Replace libgssapi with the MIT version

lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed results in broken buildworld (gssd) and ports that will not
build without modifications to support the MIT gssapi in an alternate
location.

73ed0c7992fd removed the MIT GSSAPI headers from /usr/include. Apps using
MIT KRB5 gssapi functions and structures will fail to build without this
patch.

This patch includes a temporary patch to usr.sbin/gssd to allow it
to build with this patch. rmacklem@ has a patch for this and for
kgssapi that uses this patch to resolve kgssapi issues for NFS with
Kerberos.

This patch is an updated version of D51661 to allow it to build following
additional patchs to the tree.

This should have been implmented with 7e35117eb07f.

Fixes: 7e35117eb07f, 73ed0c7992fd
Differential Revision: https://reviews.freebsd.org/D51661

show more ...

Revert "kgssapi: Fix the kgssapi so that it can use MIT Kerberos"

This broke the build and will have to wait for cy@'s commit.

This reverts commit 554651ebf1c1798fa8fb2560cab761ac3d219555.

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upc

kgssapi: Fix the kgssapi so that it can use MIT Kerberos

Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.

This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()

These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.

gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).

This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.

The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.

It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.

Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51731
Differential Revision: https://reviews.freebsd.org/D51733

show more ...

gssd: move to a new package

It's reasonable to want to install gssd without the Kerberos utilities
(e.g., if using security/krb5 from ports), so move gssd to its own
package to allow this.

Reviewed

gssd: move to a new package

It's reasonable to want to install gssd without the Kerberos utilities
(e.g., if using security/krb5 from ports), so move gssd to its own
package to allow this.

Reviewed by: manu, cy
Differential Revision: https://reviews.freebsd.org/D51486

show more ...

gssd: Add support for MIT KRB5

Fix gssd build when building with MIT KRB5.

krb5_get_init_creds_opt_set_default_flags() is not an MIT KRB5 function.
It is also not needed to resolve the default keyt

gssd: Add support for MIT KRB5

Fix gssd build when building with MIT KRB5.

krb5_get_init_creds_opt_set_default_flags() is not an MIT KRB5 function.
It is also not needed to resolve the default keytable.

Sponsored by: The FreeBSD Foundation
Reviewed by: rmacklem
Differential revision: https://reviews.freebsd.org/D50810

show more ...

Remove residual blank line at start of Makefile

This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

pkgbase: Create a FreeBSD-kerberos package

This allows users to install or not kerberos related utilities
and libs.

Differential Revision: https://reviews.freebsd.org/D31801

usr.sbin: normalize paths using SRCTOP-relative paths or :H when possible

This simplifies make logic/output

MFC after: 1 month
Sponsored by: Dell EMC Isilon

Merge sync of head

Merge from head

Merge r278538 through r279514.

MFH: r278593-r278966

Sponsored by: The FreeBSD Foundation

Merge ^/head r278499 through r278755.

Add an auto-generated file to CLEANFILES.

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division