Drop server_realm from heimdal_gssapi

[exim.git] / src / src / auths / heimdal_gssapi.c

diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c
index 29d148b125d02d7a313f1803dfb00c018da811d0..9021509dd9f6650249b2b358c000f1c02e693ab8 100644 (file)
--- a/src/src/auths/heimdal_gssapi.c
+++ b/src/src/auths/heimdal_gssapi.c
@@ -9,7 +9,7 @@
    Author: Phil Pennock <pdp@exim.org> */
 /* Copyright (c) Phil Pennock 2012 */
 
-/* Interface to Heimdal SASL library for GSSAPI authentication. */
+/* Interface to Heimdal library for GSSAPI authentication. */
 
 /* Naming and rationale
 
@@ -34,8 +34,9 @@ Without rename, we could add an option for GS2 support in the future.
 * heimdal sources and man-pages, plus http://www.h5l.org/manual/
 * FreeBSD man-pages (very informative!)
 * http://www.ggf.org/documents/GFD.24.pdf confirming GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
-  semantics, that found by browsing Heimdal source to find how to set the keytab
-
+  semantics, that found by browsing Heimdal source to find how to set the keytab; however,
+  after multiple attempts I failed to get that to work and instead switched to
+  gsskrb5_register_acceptor_identity().
 */
 
 #include "../exim.h"
@@ -51,9 +52,6 @@ static void dummy(int x) { dummy(x-1); }
 /* for the _init debugging */
 #include <krb5.h>
 
-/* Because __gss_krb5_register_acceptor_identity_x_oid_desc is internal */
-#include <roken.h>
-
 #include "heimdal_gssapi.h"
 
 /* Authenticator-specific options. */
@@ -62,8 +60,6 @@ optionlist auth_heimdal_gssapi_options[] = {
       (void *)(offsetof(auth_heimdal_gssapi_options_block, server_hostname)) },
   { "server_keytab",        opt_stringptr,
       (void *)(offsetof(auth_heimdal_gssapi_options_block, server_keytab)) },
-  { "server_realm",         opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_realm)) },
   { "server_service",       opt_stringptr,
       (void *)(offsetof(auth_heimdal_gssapi_options_block, server_service)) }
 };
@@ -75,7 +71,6 @@ int auth_heimdal_gssapi_options_count =
 auth_heimdal_gssapi_options_block auth_heimdal_gssapi_option_defaults = {
   US"$primary_hostname",    /* server_hostname */
   NULL,                     /* server_keytab */
-  NULL,                     /* server_realm */
   US"smtp",                 /* server_service */
 };
 
@@ -99,8 +94,8 @@ static int
 enable consistency checks to be done, or anything else that needs
 to be set up. */
 
-/* Heimdal provides a GSSAPI extension method (via an OID) for setting the
-keytab; in the init, we mostly just use raw krb5 methods so that we can report
+/* Heimdal provides a GSSAPI extension method for setting the keytab;
+in the init, we mostly just use raw krb5 methods so that we can report
 the keytab contents, for -D+auth debugging. */
 
 void
@@ -313,6 +308,7 @@ auth_heimdal_gssapi_server(auth_instance *ablock, uschar *initial_data)
             error_out = auth_get_data(&from_client, US"", 0);
             if (error_out != OK)
               goto ERROR_OUT;
+            handled_empty_ir = TRUE;
             continue;
           }
         }
@@ -369,7 +365,7 @@ auth_heimdal_gssapi_server(auth_instance *ablock, uschar *initial_data)
         0x02 Integrity protection
         0x04 Confidentiality protection
 
-        The remaining three octets are the maximum buffer size for wrappe
+        The remaining three octets are the maximum buffer size for wrapped
         content. */
         sasl_config[0] = 0x01;  /* Exim does not wrap/unwrap SASL layers after auth */
         gbufdesc.value = (void *) sasl_config;