Add a new extensible GSS-API layer which can support GSS-API plugins,

similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)

1 files changed, 210 insertions, 0 deletions

diff --git a/lib/libgssapi/gss_display_status.3 b/lib/libgssapi/gss_display_status.3
new file mode 100644
index 0000000..58ded92
--- /dev/null
+++ b/lib/libgssapi/gss_display_status.3
@@ -0,0 +1,210 @@
+.\" -*- nroff -*-
+.\"
+.\" Copyright (c) 2005 Doug Rabson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	$FreeBSD$
+.\"
+.\" Copyright (C) The Internet Society (2000).  All Rights Reserved.
+.\"
+.\" This document and translations of it may be copied and furnished to
+.\" others, and derivative works that comment on or otherwise explain it
+.\" or assist in its implementation may be prepared, copied, published
+.\" and distributed, in whole or in part, without restriction of any
+.\" kind, provided that the above copyright notice and this paragraph are
+.\" included on all such copies and derivative works.  However, this
+.\" document itself may not be modified in any way, such as by removing
+.\" the copyright notice or references to the Internet Society or other
+.\" Internet organizations, except as needed for the purpose of
+.\" developing Internet standards in which case the procedures for
+.\" copyrights defined in the Internet Standards process must be
+.\" followed, or as required to translate it into languages other than
+.\" English.
+.\"
+.\" The limited permissions granted above are perpetual and will not be
+.\" revoked by the Internet Society or its successors or assigns.
+.\"
+.\" This document and the information contained herein is provided on an
+.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\" The following commands are required for all man pages.
+.Dd November 12, 2005
+.Os
+.Dt GSS_DISPLAY_STATUS 3 PRM
+.Sh NAME
+.Nm gss_display_status
+.Nd Convert a GSS-API status code to text
+.\" This next command is for sections 2 and 3 only.
+.\" .Sh LIBRARY
+.Sh SYNOPSIS
+.In "gssapi/gssapi.h"
+.Ft OM_uint32
+.Fo gss_display_status
+.Fa "OM_uint32 *minor_status"
+.Fa "OM_uint32 status_value"
+.Fa "int status_type"
+.Fa "const gss_OID mech_type"
+.Fa "OM_uint32 *message_context"
+.Fa "gss_buffer_t status_string"
+.Fc
+.Sh DESCRIPTION
+Allows an application to obtain a textual representation of a GSS-API
+status code,
+for display to the user or for logging purposes.
+Since some status values may indicate multiple conditions,
+applications may need to call
+.Fn gss_display_status
+multiple times,
+each call generating a single text string.
+The
+.Fa message_context
+parameter is used by
+.Fn gss_display_status
+to store state information about which error messages have already
+been extracted from a given
+.Fa status_value ;
+.Fa message_context
+must be initialized to zero by the application prior to the first call,
+and
+.Fn gss_display_status
+will return a non-zero value in this parameter if there are further
+messages to extract.
+.Pp
+The
+.Fa message_context
+parameter contains all state information required by
+.Fn gss_display_status
+in order to extract further messages from the
+.Fa status_value ;
+even when a non-zero value is returned in this parameter,
+the application is not required to call
+.Fn gss_display_status
+again unless subsequent messages are desired.
+The following code extracts all messages from a given status code and prints them to stderr:
+.Bd -literal
+OM_uint32 message_context;
+OM_uint32 status_code;
+OM_uint32 maj_status;
+OM_uint32 min_status;
+gss_buffer_desc status_string;
+
+       ...
+
+message_context = 0;
+
+do {
+
+  maj_status = gss_display_status (
+		  &min_status,
+		  status_code,
+		  GSS_C_GSS_CODE,
+		  GSS_C_NO_OID,
+		  &message_context,
+		  &status_string)
+
+  fprintf(stderr,
+	  "%.*s\\n",
+	 (int)status_string.length,
+	 (char *)status_string.value);
+
+  gss_release_buffer(&min_status, &status_string);
+
+} while (message_context != 0);
+.Ed
+.Sh PARAMETERS
+.Bl -tag
+.It minor_status
+Mechanism specific status code.
+.It status_value
+Status value to be converted
+.It status_type
+.Bl -tag                     
+.It GSS_C_GSS_CODE
+.Fa status_value
+is a GSS status code
+.It GSS_C_MECH_CODE
+.Fa status_value
+is a mechanism status code
+.El
+.It mech_type
+Underlying mechanism (used to interpret a minor status value).
+Supply
+.Dv GSS_C_NO_OID
+to obtain the system default.
+.It message_context
+Should be initialized to zero by the application prior to the first
+call.
+On return from
+.Fn gss_display_status ,
+a non-zero status_value parameter indicates that additional messages
+may be extracted from the status code via subsequent calls to
+.Fn gss_display_status ,
+passing the same
+.Fa status_value ,
+.Fa status_type ,
+.Fa mech_type ,
+and
+.Fa message_context
+parameters.
+.It status_string
+Textual interpretation of the
+.Fa status_value .
+Storage associated with this parameter must be freed by the
+application after use with a call to
+.Fn gss_release_buffer .
+.El
+.Sh RETURN VALUES
+.Bl -tag
+.It GSS_S_COMPLETE
+Successful completion
+.It GSS_S_BAD_MECH
+Indicates that translation in accordance with an unsupported mechanism
+type was requested
+.It GSS_S_BAD_STATUS
+The status value was not recognized, or the status type was neither
+.Dv GSS_C_GSS_CODE
+nor
+.Dv GSS_C_MECH_CODE .
+.El
+.Sh SEE ALSO
+.Xr gss_release_buffer 3
+.Sh STANDARDS
+.Bl -tag
+.It RFC 2743
+Generic Security Service Application Program Interface Version 2, Update 1
+.It RFC 2744
+Generic Security Service API Version 2 : C-bindings
+.\" .Sh HISTORY
+.El
+.Sh HISTORY
+The
+.Nm
+manual page example first appeared in
+.Fx 7.0 .
+.Sh AUTHORS
+John Wray, Iris Associates