Linux: allow linking directly with Kerberos instead of using dlopen.

dlopen is still the default for Google Chrome. This option
is intended for Linux distro packagers.

BUG=92689

Review URL: http://codereview.chromium.org/7655046

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97925 0039d316-1c4b-4281-b951-d872f2087c98

13 files changed, 48 insertions, 911 deletions

diff --git a/build/install-build-deps.sh b/build/install-build-deps.sh
index 18d7bc4..d11bb6e 100755
--- a/build/install-build-deps.sh
+++ b/build/install-build-deps.sh
@@ -105,10 +105,10 @@ dev_list="apache2.2-bin bison fakeroot flex g++ gperf language-pack-fr
           libapache2-mod-php5 libasound2-dev libbz2-dev libcairo2-dev
           libcups2-dev libdbus-glib-1-dev libgconf2-dev
           libgl1-mesa-dev libglu1-mesa-dev libglib2.0-dev libgnome-keyring-dev
-          libgtk2.0-dev libjpeg62-dev libnspr4-dev libnss3-dev libpam0g-dev
-          libsctp-dev libsqlite3-dev libxslt1-dev libxss-dev libxtst-dev
-          mesa-common-dev msttcorefonts patch perl libwww-perl php5-cgi
-          pkg-config python python-dev rpm subversion ttf-dejavu-core
+          libgtk2.0-dev libjpeg62-dev libkrb5-dev libnspr4-dev libnss3-dev
+          libpam0g-dev libsctp-dev libsqlite3-dev libxslt1-dev libxss-dev
+          libxtst-dev mesa-common-dev msttcorefonts patch perl libwww-perl
+          php5-cgi pkg-config python python-dev rpm subversion ttf-dejavu-core
           ttf-kochi-gothic ttf-kochi-mincho wdiff libcurl4-gnutls-dev
           ttf-indic-fonts ttf-thai-tlwg
           $chromeos_dev_list"
diff --git a/net/http/http_auth_gssapi_posix.cc b/net/http/http_auth_gssapi_posix.cc
index 25ee910..cc27e70 100644
--- a/net/http/http_auth_gssapi_posix.cc
+++ b/net/http/http_auth_gssapi_posix.cc
@@ -17,6 +17,7 @@
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 
+#if defined(DLOPEN_KERBEROS)
 // These are defined for the GSSAPI library:
 // Paraphrasing the comments from gssapi.h:
 // "The implementation must reserve static storage for a
@@ -62,6 +63,7 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &GSS_C_NT_HOSTBASED_SERVICE_X_VAL;
 gss_OID GSS_C_NT_HOSTBASED_SERVICE = &GSS_C_NT_HOSTBASED_SERVICE_VAL;
 gss_OID GSS_C_NT_ANONYMOUS = &GSS_C_NT_ANONYMOUS_VAL;
 gss_OID GSS_C_NT_EXPORT_NAME = &GSS_C_NT_EXPORT_NAME_VAL;
+#endif  // defined(DLOPEN_KERBEROS)
 
 namespace net {
 
@@ -410,9 +412,11 @@ bool GSSAPISharedLibrary::Init() {
 
 bool GSSAPISharedLibrary::InitImpl() {
   DCHECK(!initialized_);
+#if defined(DLOPEN_KERBEROS)
   gssapi_library_ = LoadSharedLibrary();
   if (gssapi_library_ == NULL)
     return false;
+#endif  // defined(DLOPEN_KERBEROS)
   initialized_ = true;
   return true;
 }
@@ -459,17 +463,20 @@ base::NativeLibrary GSSAPISharedLibrary::LoadSharedLibrary() {
   return NULL;
 }
 
+#if defined(DLOPEN_KERBEROS)
 #define BIND(lib, x)                                                    \
+  DCHECK(lib);                                                          \
   gss_##x##_type x = reinterpret_cast<gss_##x##_type>(                  \
       base::GetFunctionPointerFromNativeLibrary(lib, "gss_" #x));       \
   if (x == NULL) {                                                      \
     LOG(WARNING) << "Unable to bind function \"" << "gss_" #x << "\"";  \
     return false;                                                       \
   }
+#else
+#define BIND(lib, x) gss_##x##_type x = gss_##x
+#endif
 
 bool GSSAPISharedLibrary::BindMethods(base::NativeLibrary lib) {
-  DCHECK(lib != NULL);
-
   BIND(lib, import_name);
   BIND(lib, release_name);
   BIND(lib, release_buffer);
diff --git a/net/http/http_auth_gssapi_posix.h b/net/http/http_auth_gssapi_posix.h
index b1b1227..8e8a114 100644
--- a/net/http/http_auth_gssapi_posix.h
+++ b/net/http/http_auth_gssapi_posix.h
@@ -6,6 +6,8 @@
 #define NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_
 #pragma once
 
+#include <gssapi.h>
+
 #include <string>
 
 #include "base/gtest_prod_util.h"
@@ -14,9 +16,6 @@
 #include "net/base/net_export.h"
 #include "net/http/http_auth.h"
 
-#define GSS_USE_FUNCTION_POINTERS
-#include "net/third_party/gssapi/gssapi.h"
-
 namespace net {
 
 NET_EXPORT_PRIVATE extern gss_OID CHROME_GSS_C_NT_HOSTBASED_SERVICE_X;
@@ -168,6 +167,16 @@ class NET_EXPORT_PRIVATE GSSAPISharedLibrary : public GSSAPILibrary {
       int* open);
 
  private:
+  typedef typeof(&gss_import_name) gss_import_name_type;
+  typedef typeof(&gss_release_name) gss_release_name_type;
+  typedef typeof(&gss_release_buffer) gss_release_buffer_type;
+  typedef typeof(&gss_display_name) gss_display_name_type;
+  typedef typeof(&gss_display_status) gss_display_status_type;
+  typedef typeof(&gss_init_sec_context) gss_init_sec_context_type;
+  typedef typeof(&gss_wrap_size_limit) gss_wrap_size_limit_type;
+  typedef typeof(&gss_delete_sec_context) gss_delete_sec_context_type;
+  typedef typeof(&gss_inquire_context) gss_inquire_context_type;
+
   FRIEND_TEST_ALL_PREFIXES(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup);
 
   bool InitImpl();
diff --git a/net/http/http_auth_gssapi_posix_unittest.cc b/net/http/http_auth_gssapi_posix_unittest.cc
index f4270e1..f536ee8 100644
--- a/net/http/http_auth_gssapi_posix_unittest.cc
+++ b/net/http/http_auth_gssapi_posix_unittest.cc
@@ -81,11 +81,13 @@ TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) {
   EXPECT_TRUE(gssapi.get()->Init());
 }
 
+#if defined(DLOPEN_KERBEROS)
 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPILoadCustomLibrary) {
   scoped_ptr<GSSAPILibrary> gssapi(
       new GSSAPISharedLibrary("/this/library/does/not/exist"));
   EXPECT_FALSE(gssapi.get()->Init());
 }
+#endif  // defined(DLOPEN_KERBEROS)
 
 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPICycle) {
   scoped_ptr<test::MockGSSAPILibrary> mock_library(new test::MockGSSAPILibrary);
diff --git a/net/http/http_auth_handler_factory.cc b/net/http/http_auth_handler_factory.cc
index fcf2e45..6a6b574 100644
--- a/net/http/http_auth_handler_factory.cc
+++ b/net/http/http_auth_handler_factory.cc
@@ -10,10 +10,11 @@
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_basic.h"
 #include "net/http/http_auth_handler_digest.h"
+#include "net/http/http_auth_handler_ntlm.h"
+
 #if defined(USE_KERBEROS)
 #include "net/http/http_auth_handler_negotiate.h"
 #endif
-#include "net/http/http_auth_handler_ntlm.h"
 
 namespace net {
 
diff --git a/net/http/http_auth_handler_negotiate_unittest.cc b/net/http/http_auth_handler_negotiate_unittest.cc
index 1d3de4e..63eab92 100644
--- a/net/http/http_auth_handler_negotiate_unittest.cc
+++ b/net/http/http_auth_handler_negotiate_unittest.cc
@@ -15,7 +15,6 @@
 #include "net/http/mock_sspi_library_win.h"
 #elif defined(OS_POSIX)
 #include "net/http/mock_gssapi_library_posix.h"
-#include "net/third_party/gssapi/gssapi.h"
 #endif
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
@@ -26,7 +25,6 @@ typedef net::MockSSPILibrary MockAuthLibrary;
 typedef net::test::MockGSSAPILibrary MockAuthLibrary;
 #endif
 
-
 namespace net {
 
 class HttpAuthHandlerNegotiateTest : public PlatformTest {
@@ -345,6 +343,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, NoKerberosCredentials) {
   EXPECT_EQ(ERR_MISSING_AUTH_CREDENTIALS, callback.WaitForResult());
 }
 
+#if defined(DLOPEN_KERBEROS)
 TEST_F(HttpAuthHandlerNegotiateTest, MissingGSSAPI) {
   scoped_ptr<HostResolver> host_resolver(new MockHostResolver());
   MockAllowURLSecurityManager url_security_manager;
@@ -366,6 +365,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, MissingGSSAPI) {
   EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
   EXPECT_TRUE(generic_handler.get() == NULL);
 }
+#endif  // defined(DLOPEN_KERBEROS)
 
 #endif  // defined(OS_POSIX)
 
diff --git a/net/http/mock_gssapi_library_posix.cc b/net/http/mock_gssapi_library_posix.cc
index 5ae4721..6d44729 100644
--- a/net/http/mock_gssapi_library_posix.cc
+++ b/net/http/mock_gssapi_library_posix.cc
@@ -7,7 +7,6 @@
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
-#include "net/third_party/gssapi/gssapi.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -279,7 +278,7 @@ OM_uint32 MockGSSAPILibrary::import_name(
   // Save the data.
   output->name = BufferToString(input_name_buffer);
   CopyOid(&output->name_type, input_name_type);
-  *output_name = output;
+  *output_name = reinterpret_cast<gss_name_t>(output);
 
   return GSS_S_COMPLETE;
 }
diff --git a/net/http/mock_gssapi_library_posix.h b/net/http/mock_gssapi_library_posix.h
index aad5de8..4109f9c 100644
--- a/net/http/mock_gssapi_library_posix.h
+++ b/net/http/mock_gssapi_library_posix.h
@@ -6,12 +6,13 @@
 #define NET_HTTP_MOCK_GSSAPI_LIBRARY_POSIX_H_
 #pragma once
 
+#include <gssapi.h>
+
 #include <list>
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "net/http/http_auth_gssapi_posix.h"
-#include "net/third_party/gssapi/gssapi.h"
 
 namespace net {
 
diff --git a/net/net.gyp b/net/net.gyp
index fb55d21..8f43b69 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -7,6 +7,7 @@
     'chromium_code': 1,
 
     'use_kerberos%': 1,
+    'linux_link_kerberos%': 0,
   },
   'targets': [
     {
@@ -710,6 +711,19 @@
           'defines': [
             'USE_KERBEROS',
           ],
+          'conditions': [
+            ['linux_link_kerberos==1', {
+              'link_settings': {
+                'ldflags': [
+                  '<!@(krb5-config --libs gssapi)',
+                ],
+              },
+            }, { # linux_link_kerberos==0
+              'defines': [
+                'DLOPEN_KERBEROS',
+              ],
+            }],
+          ],
         }, { # use_kerberos == 0
           'sources!': [
             'http/http_auth_gssapi_posix.cc',
diff --git a/net/third_party/gssapi/LICENSE b/net/third_party/gssapi/LICENSE
deleted file mode 100644
index cac53b2..0000000
--- a/net/third_party/gssapi/LICENSE
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright 1993 by OpenVision Technologies, Inc.
-
-Permission to use, copy, modify, distribute, and sell this software
-and its documentation for any purpose is hereby granted without fee,
-provided that the above copyright notice appears in all copies and
-that both that copyright notice and this permission notice appear in
-supporting documentation, and that the name of OpenVision not be used
-in advertising or publicity pertaining to distribution of the software
-without specific, written prior permission. OpenVision makes no
-representations about the suitability of this software for any
-purpose.  It is provided "as is" without express or implied warranty.
-
-OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
-INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
-EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
-USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
diff --git a/net/third_party/gssapi/README.chromium b/net/third_party/gssapi/README.chromium
deleted file mode 100644
index 5261c72..0000000
--- a/net/third_party/gssapi/README.chromium
+++ /dev/null
@@ -1,18 +0,0 @@
-Name: gssapi
-URL: https://hg.mozilla.org/mozilla-central/file/05f3c68e73c9/extensions/auth/gssapi.h
-InfoURL: http://web.mit.edu/Kerberos/krb5-1.7/krb5-1.7.1/doc/krb5-install.html
-Version: krb5-1.8.1
-License: OpenVision Technologies
-
-Description:
-This is Chromium's copy of the Mozilla gssapi header.
-
-Originally obtained from Mozilla's Mercurial repository
-on 11 May 2010.
-
-The LICENSE from the header has been copied here.
-
-Local Modifications:
-There are no local changes to the code itself.
-
-A gssapi.gyp file has been added for building with Chromium.
diff --git a/net/third_party/gssapi/gssapi.gyp b/net/third_party/gssapi/gssapi.gyp
deleted file mode 100644
index 35a2a73..0000000
--- a/net/third_party/gssapi/gssapi.gyp
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright (c) 2010 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
-  'targets': [
-    {
-      'target_name': 'gssapi',
-      'type': 'none',
-      'sources': [
-        'gssapi.h',
-      ],
-    },
-  ],
-}
diff --git a/net/third_party/gssapi/gssapi.h b/net/third_party/gssapi/gssapi.h
deleted file mode 100644
index 45e5020..0000000
--- a/net/third_party/gssapi/gssapi.h
+++ /dev/null
@@ -1,844 +0,0 @@
-/*
- * Copied from Firefox source extensions/auth/gssapi.h
- */
-
-/* ***** BEGIN LICENSE BLOCK *****
- * Copyright 1993 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- ****** END LICENSE BLOCK ***** */
-
-#ifndef GSSAPI_H_
-#define GSSAPI_H_
-
-/*
- * Also define _GSSAPI_H_ as that is what the Kerberos 5 code defines and
- * what header files on some systems look for.
- */
-#define _GSSAPI_H_
-
-/*
- * On Mac OS X, Kerberos/Kerberos.h is used to gain access to certain
- * system-specific Kerberos functions, but on 10.4, that file also brings
- * in other headers that conflict with this one.
- */
-#define _GSSAPI_GENERIC_H_
-#define _GSSAPI_KRB5_H_
-
-/*
- * Define windows specific needed parameters.
- */
-
-#ifndef GSS_CALLCONV
-#if defined(_WIN32)
-#define GSS_CALLCONV __stdcall
-#define GSS_CALLCONV_C __cdecl
-#else
-#define GSS_CALLCONV
-#define GSS_CALLCONV_C
-#endif
-#endif /* GSS_CALLCONV */
-
-#ifdef GSS_USE_FUNCTION_POINTERS
-#ifdef _WIN32
-#undef GSS_CALLCONV
-#define GSS_CALLCONV
-#define GSS_FUNC(f) (__stdcall *f##_type)
-#else
-#define GSS_FUNC(f) (*f##_type)
-#endif
-#define GSS_MAKE_TYPEDEF typedef
-#else
-#define GSS_FUNC(f) f
-#define GSS_MAKE_TYPEDEF
-#endif
-
-/*
- * First, include stddef.h to get size_t defined.
- */
-#include <stddef.h>
-
-/*
- * Configure set the following
- */
-
-#ifndef SIZEOF_LONG
-#undef SIZEOF_LONG
-#endif
-#ifndef SIZEOF_SHORT
-#undef SIZEOF_SHORT
-#endif
-
-#ifndef EXTERN_C_BEGIN
-#ifdef __cplusplus
-#define EXTERN_C_BEGIN extern "C" {
-#define EXTERN_C_END }
-#else
-#define EXTERN_C_BEGIN
-#define EXTERN_C_END
-#endif
-#endif
-
-EXTERN_C_BEGIN
-
-/*
- * If the platform supports the xom.h header file, it should be
- * included here.
- */
-/* #include <xom.h> */
-
-
-/*
- * Now define the three implementation-dependent types.
- */
-
-typedef void * gss_name_t ;
-typedef void * gss_ctx_id_t ;
-typedef void * gss_cred_id_t ;
-
-
-/*
- * The following type must be defined as the smallest natural
- * unsigned integer supported by the platform that has at least
- * 32 bits of precision.
- */
-
-#if SIZEOF_LONG == 4
-typedef unsigned long gss_uint32;
-#elif SIZEOF_SHORT == 4
-typedef unsigned short gss_uint32;
-#else
-typedef unsigned int gss_uint32;
-#endif
-
-#ifdef OM_STRING
-
-/*
- * We have included the xom.h header file.  Verify that OM_uint32
- * is defined correctly.
- */
-
-#if sizeof(gss_uint32) != sizeof(OM_uint32)
-#error Incompatible definition of OM_uint32 from xom.h
-#endif
-
-typedef OM_object_identifier gss_OID_desc, *gss_OID;
-
-#else /* !OM_STRING */
-
-/*
- * We can't use X/Open definitions, so roll our own.
- */
-typedef gss_uint32 OM_uint32;
-typedef struct gss_OID_desc_struct {
-  OM_uint32 length;
-  void *elements;
-} gss_OID_desc, *gss_OID;
-
-#endif /* !OM_STRING */
-
-typedef struct gss_OID_set_desc_struct  {
-  size_t     count;
-  gss_OID    elements;
-} gss_OID_set_desc, *gss_OID_set;
-
-
-/*
- * For now, define a QOP-type as an OM_uint32
- */
-typedef OM_uint32 gss_qop_t;
-
-typedef int gss_cred_usage_t;
-
-
-typedef struct gss_buffer_desc_struct {
-  size_t length;
-  void *value;
-} gss_buffer_desc, *gss_buffer_t;
-
-typedef struct gss_channel_bindings_struct {
-  OM_uint32 initiator_addrtype;
-  gss_buffer_desc initiator_address;
-  OM_uint32 acceptor_addrtype;
-  gss_buffer_desc acceptor_address;
-  gss_buffer_desc application_data;
-} *gss_channel_bindings_t;
-
-
-/*
- * Flag bits for context-level services.
- */
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_SEQUENCE_FLAG 8
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-#define GSS_C_ANON_FLAG 64
-#define GSS_C_PROT_READY_FLAG 128
-#define GSS_C_TRANS_FLAG 256
-
-/*
- * Credential usage options
- */
-#define GSS_C_BOTH 0
-#define GSS_C_INITIATE 1
-#define GSS_C_ACCEPT 2
-
-/*
- * Status code types for gss_display_status
- */
-#define GSS_C_GSS_CODE 1
-#define GSS_C_MECH_CODE 2
-
-/*
- * The constant definitions for channel-bindings address families
- */
-#define GSS_C_AF_UNSPEC     0
-#define GSS_C_AF_LOCAL      1
-#define GSS_C_AF_INET       2
-#define GSS_C_AF_IMPLINK    3
-#define GSS_C_AF_PUP        4
-#define GSS_C_AF_CHAOS      5
-#define GSS_C_AF_NS         6
-#define GSS_C_AF_NBS        7
-#define GSS_C_AF_ECMA       8
-#define GSS_C_AF_DATAKIT    9
-#define GSS_C_AF_CCITT      10
-#define GSS_C_AF_SNA        11
-#define GSS_C_AF_DECnet     12
-#define GSS_C_AF_DLI        13
-#define GSS_C_AF_LAT        14
-#define GSS_C_AF_HYLINK     15
-#define GSS_C_AF_APPLETALK  16
-#define GSS_C_AF_BSC        17
-#define GSS_C_AF_DSS        18
-#define GSS_C_AF_OSI        19
-#define GSS_C_AF_X25        21
-
-#define GSS_C_AF_NULLADDR   255
-
-/*
- * Various Null values
- */
-#define GSS_C_NO_NAME ((gss_name_t) 0)
-#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NO_OID ((gss_OID) 0)
-#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-#define GSS_C_EMPTY_BUFFER {0, NULL}
-
-/*
- * Some alternate names for a couple of the above
- * values.  These are defined for V1 compatibility.
- */
-#define GSS_C_NULL_OID GSS_C_NO_OID
-#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-/*
- * Define the default Quality of Protection for per-message
- * services.  Note that an implementation that offers multiple
- * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
- * (as done here) to mean "default protection", or to a specific
- * explicit QOP value.  However, a value of 0 should always be
- * interpreted by a GSSAPI implementation as a request for the
- * default protection level.
- */
-#define GSS_C_QOP_DEFAULT 0
-
-/*
- * Expiration time of 2^32-1 seconds means infinite lifetime for a
- * credential or security context
- */
-#define GSS_C_INDEFINITE 0xfffffffful
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_USER_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSSAPI
- * implementations
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_ANONYMOUS;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-/* Major status codes */
-
-#define GSS_S_COMPLETE 0
-
-/*
- * Some "helper" definitions to make the status code macros obvious.
- */
-#define GSS_C_CALLING_ERROR_OFFSET 24
-#define GSS_C_ROUTINE_ERROR_OFFSET 16
-#define GSS_C_SUPPLEMENTARY_OFFSET 0
-#define GSS_C_CALLING_ERROR_MASK 0377ul
-#define GSS_C_ROUTINE_ERROR_MASK 0377ul
-#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-/*
- * The macros that test status codes for error conditions.
- * Note that the GSS_ERROR() macro has changed slightly from
- * the V1 GSSAPI so that it now evaluates its argument
- * only once.
- */
-#define GSS_CALLING_ERROR(x) \
-(x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-#define GSS_ROUTINE_ERROR(x) \
-     (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-#define GSS_SUPPLEMENTARY_INFO(x) \
-     (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-#define GSS_ERROR(x) \
-     (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-           (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-/*
- * Now the actual status code definitions
- */
-
-/*
- * Calling errors:
- */
-#define GSS_S_CALL_INACCESSIBLE_READ \
-     (1ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_INACCESSIBLE_WRITE \
-     (2ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_BAD_STRUCTURE \
-     (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-/*
- * Routine errors:
- */
-#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_MIC GSS_S_BAD_SIG
-#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-/*
- * Supplementary info bits:
- */
-#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-/*
- * Finally, function prototypes for the GSS-API routines.
- */
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_acquire_cred)
-(OM_uint32 *,             /*  minor_status */
- const gss_name_t,        /* desired_name */
- OM_uint32,               /* time_req */
- const gss_OID_set,       /* desired_mechs */
- gss_cred_usage_t,        /* cred_usage */
- gss_cred_id_t *,         /* output_cred_handle */
- gss_OID_set *,           /* actual_mechs */
- OM_uint32 *              /* time_rec */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_release_cred)
-(OM_uint32 *,             /* minor_status */
- gss_cred_id_t *          /* cred_handle */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_init_sec_context)
-(OM_uint32 *,             /* minor_status */
- const gss_cred_id_t,     /* initiator_cred_handle */
- gss_ctx_id_t *,          /* context_handle */
- const gss_name_t,        /* target_name */
- const gss_OID,           /* mech_type */
- OM_uint32,               /* req_flags */
- OM_uint32,               /* time_req */
- const gss_channel_bindings_t, /* input_chan_bindings */
- const gss_buffer_t,      /* input_token */
- gss_OID *,               /* actual_mech_type */
- gss_buffer_t,            /* output_token */
- OM_uint32 *,             /* ret_flags */
- OM_uint32 *              /* time_rec */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_accept_sec_context)
-(OM_uint32 *,             /* minor_status */
- gss_ctx_id_t *,          /* context_handle */
- const gss_cred_id_t,     /* acceptor_cred_handle */
- const gss_buffer_t,      /* input_token_buffer */
- const gss_channel_bindings_t, /* input_chan_bindings */
- gss_name_t *,            /* src_name */
- gss_OID *,               /* mech_type */
- gss_buffer_t,            /* output_token */
- OM_uint32 *,             /* ret_flags */
- OM_uint32 *,             /* time_rec */
- gss_cred_id_t *          /* delegated_cred_handle */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_process_context_token)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- const gss_buffer_t       /* token_buffer */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_delete_sec_context)
-(OM_uint32 *,             /* minor_status */
- gss_ctx_id_t *,          /* context_handle */
- gss_buffer_t             /* output_token */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_context_time)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- OM_uint32 *              /* time_rec */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_get_mic)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- gss_qop_t,               /* qop_req */
- const gss_buffer_t,      /* message_buffer */
- gss_buffer_t             /* message_token */
- );
-
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_verify_mic)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- const gss_buffer_t,      /* message_buffer */
- const gss_buffer_t,      /* token_buffer */
- gss_qop_t *              /* qop_state */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_wrap)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- int,                     /* conf_req_flag */
- gss_qop_t,               /* qop_req */
- const gss_buffer_t,      /* input_message_buffer */
- int *,                   /* conf_state */
- gss_buffer_t             /* output_message_buffer */
- );
-
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_unwrap)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- const gss_buffer_t,      /* input_message_buffer */
- gss_buffer_t,            /* output_message_buffer */
- int *,                   /* conf_state */
- gss_qop_t *              /* qop_state */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_display_status)
-(OM_uint32 *,             /* minor_status */
- OM_uint32,               /* status_value */
- int,                     /* status_type */
- const gss_OID,           /* mech_type */
- OM_uint32 *,             /* message_context */
- gss_buffer_t             /* status_string */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_indicate_mechs)
-(OM_uint32 *,             /* minor_status */
- gss_OID_set *            /* mech_set */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_compare_name)
-(OM_uint32 *,             /* minor_status */
- const gss_name_t,        /* name1 */
- const gss_name_t,        /* name2 */
- int *                    /* name_equal */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_display_name)
-(OM_uint32 *,             /* minor_status */
- const gss_name_t,        /* input_name */
- gss_buffer_t,            /* output_name_buffer */
- gss_OID *                /* output_name_type */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_import_name)
-(OM_uint32 *,             /* minor_status */
- const gss_buffer_t,      /* input_name_buffer */
- const gss_OID,           /* input_name_type */
- gss_name_t *             /* output_name */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_export_name)
-(OM_uint32  *,            /* minor_status */
- const gss_name_t,        /* input_name */
- gss_buffer_t             /* exported_name */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_release_name)
-(OM_uint32 *,             /* minor_status */
- gss_name_t *             /* input_name */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_release_buffer)
-(OM_uint32 *,             /* minor_status */
- gss_buffer_t             /* buffer */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_release_oid_set)
-(OM_uint32 *,             /* minor_status */
- gss_OID_set *            /* set */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_inquire_cred)
-(OM_uint32 *,             /* minor_status */
- const gss_cred_id_t,     /* cred_handle */
- gss_name_t *,            /* name */
- OM_uint32 *,             /* lifetime */
- gss_cred_usage_t *,      /* cred_usage */
- gss_OID_set *            /* mechanisms */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_inquire_context)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- gss_name_t *,            /* src_name */
- gss_name_t *,            /* targ_name */
- OM_uint32 *,             /* lifetime_rec */
- gss_OID *,               /* mech_type */
- OM_uint32 *,             /* ctx_flags */
- int *,                   /* locally_initiated */
- int *                    /* open */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_wrap_size_limit)
-(OM_uint32 *,             /* minor_status */
- const gss_ctx_id_t,      /* context_handle */
- int,                     /* conf_req_flag */
- gss_qop_t,               /* qop_req */
- OM_uint32,               /* req_output_size */
- OM_uint32 *              /* max_input_size */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_add_cred)
-(OM_uint32 *,             /* minor_status */
- const gss_cred_id_t,     /* input_cred_handle */
- const gss_name_t,        /* desired_name */
- const gss_OID,           /* desired_mech */
- gss_cred_usage_t,        /* cred_usage */
- OM_uint32,               /* initiator_time_req */
- OM_uint32,               /* acceptor_time_req */
- gss_cred_id_t *,         /* output_cred_handle */
- gss_OID_set *,           /* actual_mechs */
- OM_uint32 *,             /* initiator_time_rec */
- OM_uint32 *              /* acceptor_time_rec */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_inquire_cred_by_mech)
-(OM_uint32 *,             /* minor_status */
- const gss_cred_id_t,     /* cred_handle */
- const gss_OID,           /* mech_type */
- gss_name_t *,            /* name */
- OM_uint32 *,             /* initiator_lifetime */
- OM_uint32 *,             /* acceptor_lifetime */
- gss_cred_usage_t *       /* cred_usage */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_export_sec_context)
-(OM_uint32 *,             /* minor_status */
- gss_ctx_id_t *,          /* context_handle */
- gss_buffer_t             /* interprocess_token */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_import_sec_context)
-(OM_uint32 *,             /* minor_status */
- const gss_buffer_t,      /* interprocess_token */
- gss_ctx_id_t *           /* context_handle */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_create_empty_oid_set)
-(OM_uint32 *,             /* minor_status */
- gss_OID_set *            /* oid_set */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_add_oid_set_member)
-(OM_uint32 *,             /* minor_status */
- const gss_OID,           /* member_oid */
- gss_OID_set *            /* oid_set */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_test_oid_set_member)
-(OM_uint32 *,             /* minor_status */
- const gss_OID,           /* member */
- const gss_OID_set,       /* set */
- int *                    /* present */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_inquire_names_for_mech)
-(OM_uint32 *,             /* minor_status */
- const gss_OID,           /* mechanism */
- gss_OID_set *            /* name_types */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_inquire_mechs_for_name)
-(OM_uint32 *,             /* minor_status */
- const gss_name_t,        /* input_name */
- gss_OID_set *            /* mech_types */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_canonicalize_name)
-(OM_uint32 *,             /* minor_status */
- const gss_name_t,        /* input_name */
- const gss_OID,           /* mech_type */
- gss_name_t *             /* output_name */
- );
-
-GSS_MAKE_TYPEDEF
-OM_uint32
-GSS_CALLCONV GSS_FUNC(gss_duplicate_name)
-(OM_uint32 *,             /* minor_status */
- const gss_name_t,        /* src_name */
- gss_name_t *             /* dest_name */
- );
-
-   /*
-    * The following routines are obsolete variants of gss_get_mic,
-    * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
-    * provided by GSSAPI V2 implementations for backwards
-    * compatibility with V1 applications.  Distinct entrypoints
-    * (as opposed to #defines) should be provided, both to allow
-    * GSSAPI V1 applications to link against GSSAPI V2 implementations,
-    * and to retain the slight parameter type differences between the
-    * obsolete versions of these routines and their current forms.
-    */
-
-   GSS_MAKE_TYPEDEF
-   OM_uint32
-   GSS_CALLCONV GSS_FUNC(gss_sign)
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               int,                /* qop_req */
-               gss_buffer_t,       /* message_buffer */
-               gss_buffer_t        /* message_token */
-              );
-
-
-   GSS_MAKE_TYPEDEF
-   OM_uint32
-   GSS_CALLCONV GSS_FUNC(gss_verify)
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               gss_buffer_t,       /* message_buffer */
-               gss_buffer_t,       /* token_buffer */
-               int *               /* qop_state */
-              );
-
-   GSS_MAKE_TYPEDEF
-   OM_uint32
-   GSS_CALLCONV GSS_FUNC(gss_seal)
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               int,                /* conf_req_flag */
-               int,                /* qop_req */
-               gss_buffer_t,       /* input_message_buffer */
-               int *,              /* conf_state */
-               gss_buffer_t        /* output_message_buffer */
-              );
-
-
-   GSS_MAKE_TYPEDEF
-   OM_uint32
-   GSS_CALLCONV GSS_FUNC(gss_unseal)
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               gss_buffer_t,       /* input_message_buffer */
-               gss_buffer_t,       /* output_message_buffer */
-               int *,              /* conf_state */
-               int *               /* qop_state */
-              );
-
-
-
-EXTERN_C_END
-
-#endif /* GSSAPI_H_ */
-