Patch from Alejandro Sedeno, somewhat modified by me, which

reorganises the GSSAPI support so that it handles alternative
implementations of the GSS-API. In particular, this means PuTTY can
now talk to MIT Kerberos for Windows instead of being limited to
SSPI. I don't know for sure whether further tweaking will be needed
(to the UI, most likely, or to automatic selection of credentials),
but testing reports suggest it's now at least worth committing to
trunk to get it more widely tested.

[originally from svn r8952]

Recipe

@@ -100,6 +100,10 @@
 #      Disables PuTTY's ability to use GSSAPI functions for
 #      authentication and key exchange.
 #
+#  - COMPAT=/DSTATIC_GSSAPI
+#      Causes PuTTY to try to link statically against the GSSAPI
+#      library instead of the default of doing it at run time.
+#
 #  - COMPAT=/DMSVC4 (Windows only)
 #  - RCFL=/DMSVC4
 #      Makes a couple of minor changes so that PuTTY compiles using
@@ -261,9 +265,10 @@ NONSSH   = telnet raw rlogin ldisc pinger
 SSH      = ssh sshcrc sshdes sshmd5 sshrsa sshrand sshsha sshblowf
          + sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
          + sshaes sshsh256 sshsh512 sshbn wildcard pinger ssharcf
+         + sshgssc pgssapi
 WINSSH   = SSH winnoise winpgntc wingss
 UXSSH    = SSH uxnoise uxagentc uxgss
-MACSSH   = SSH macnoise
+MACSSH   = SSH macnoise sshnogss
 
 # SFTP implementation (pscp, psftp).
 SFTP     = sftp int64 logging
@@ -304,7 +309,7 @@ U_BE_NOSSH = be_nos_s uxser nocproxy
 # X/GTK Unix app, [U] for command-line Unix app, [M] for Macintosh app.
 
 putty    : [G] GUITERM NONSSH WINSSH W_BE_ALL WINMISC winx11 putty.res LIBS
-puttytel : [G] GUITERM NONSSH W_BE_NOSSH WINMISC puttytel.res LIBS
+puttytel : [G] GUITERM NONSSH W_BE_NOSSH WINMISC puttytel.res nogss LIBS
 plink    : [C] winplink wincons NONSSH WINSSH W_BE_ALL logging WINMISC
          + winx11 plink.res LIBS
 pscp     : [C] pscp winsftp wincons WINSSH BE_SSH SFTP wildcard WINMISC
@@ -323,11 +328,13 @@ puttygen : [G] winpgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
 
 pterm    : [X] GTKTERM uxmisc misc ldisc settings uxpty uxsel BE_NONE uxstore
          + uxsignal CHARSET cmdline uxpterm version time xpmpterm xpmptcfg
+	 + nogss
 putty    : [X] GTKTERM uxmisc misc ldisc settings uxsel U_BE_ALL uxstore
          + uxsignal CHARSET uxputty NONSSH UXSSH UXMISC ux_x11 xpmputty
          + xpmpucfg
 puttytel : [X] GTKTERM uxmisc misc ldisc settings uxsel U_BE_NOSSH
 	 + uxstore uxsignal CHARSET uxputty NONSSH UXMISC xpmputty xpmpucfg
+	 + nogss
 
 plink    : [U] uxplink uxcons NONSSH UXSSH U_BE_ALL logging UXMISC uxsignal
          + ux_x11
@@ -345,7 +352,7 @@ PuTTY    : [M] terminal wcwidth ldiscucs logging BE_ALL mac macdlg macevlog
          + stricmp vsnprint dialog config macctrls minibidi
 PuTTYtel : [M] terminal wcwidth ldiscucs logging BE_NOSSH mac macdlg
 	 + macevlog macterm macucs mac_res.rsrc testback NONSSH MACMISC
-	 + CHARSET stricmp vsnprint dialog config macctrls minibidi
+	 + CHARSET stricmp vsnprint dialog config macctrls minibidi nogss
 PuTTYgen : [M] macpgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
          + sshrand macnoise sshsha macstore misc sshrsa sshdss macmisc sshpubk
          + sshaes sshsh256 sshsh512 import macpgen.rsrc macpgkey macabout

config.c

@@ -236,6 +236,33 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
     }
 }
 
+#ifndef NO_GSSAPI
+static void gsslist_handler(union control *ctrl, void *dlg,
+			    void *data, int event)
+{
+    Config *cfg = (Config *)data;
+    if (event == EVENT_REFRESH) {
+	int i;
+
+	dlg_update_start(ctrl, dlg);
+	dlg_listbox_clear(ctrl, dlg);
+	for (i = 0; i < ngsslibs; i++) {
+	    int id = cfg->ssh_gsslist[i];
+	    assert(id >= 0 && id < ngsslibs);
+	    dlg_listbox_addwithid(ctrl, dlg, gsslibnames[id], id);
+	}
+	dlg_update_done(ctrl, dlg);
+
+    } else if (event == EVENT_VALCHANGE) {
+	int i;
+
+	/* Update array to match the list box. */
+	for (i=0; i < ngsslibs; i++)
+	    cfg->ssh_gsslist[i] = dlg_listbox_getid(ctrl, dlg, i);
+    }
+}
+#endif
+
 static void kexlist_handler(union control *ctrl, void *dlg,
 			    void *data, int event)
 {
@@ -2089,7 +2116,7 @@ void setup_config_box(struct controlbox *b, int midsession,
 	    ctrl_checkbox(s, "Allow agent forwarding", 'f',
 			  HELPCTX(ssh_auth_agentfwd),
 			  dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
-	    ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
+	    ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", NO_SHORTCUT,
 			  HELPCTX(ssh_auth_changeuser),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,change_username)));
@@ -2103,6 +2130,18 @@ void setup_config_box(struct controlbox *b, int midsession,
 			 FILTER_KEY_FILES, FALSE, "Select private key file",
 			 HELPCTX(ssh_auth_privkey),
 			 dlg_stdfilesel_handler, I(offsetof(Config, keyfile)));
+
+#ifndef NO_GSSAPI
+	    /*
+	     * GSSAPI library selection.
+	     */
+	    if (ngsslibs > 1) {
+		c = ctrl_draglist(s, "Preference order for GSSAPI libraries:", NO_SHORTCUT,
+				  HELPCTX(no_help),
+				  gsslist_handler, P(NULL));
+		c->listbox.height = ngsslibs;
+	    }
+#endif
 	}
 
 	if (!midsession) {

mac/macstuff.h

@@ -44,6 +44,9 @@ struct FontSpec {
 #define BYTE UInt8
 #define DWORD UInt32
 
+typedef UInt32 uint32;
+#define PUTTY_UINT32_DEFINED
+
 #define OPTIMISE_SCROLL
 
 /*

mkfiles.pl

@@ -944,9 +944,14 @@ sub manpages {
     "XLDFLAGS = \$(LDFLAGS) \$(shell \$(GTK_CONFIG) --libs)\n".
     "ULDFLAGS = \$(LDFLAGS)\n".
     "ifeq (,\$(findstring NO_GSSAPI,\$(COMPAT)))\n".
-    "CFLAGS+= \$(shell \$(KRB5CONFIG) --cflags gssapi)\n".
+    "ifeq (,\$(findstring STATIC_GSSAPI,\$(COMPAT)))\n".
+    "XLDFLAGS+= -ldl\n".
+    "ULDFLAGS+= -ldl\n".
+    "else\n".
+    "CFLAGS+= -DNO_LIBDL \$(shell \$(KRB5CONFIG) --cflags gssapi)\n".
     "XLDFLAGS+= \$(shell \$(KRB5CONFIG) --libs gssapi)\n".
-    "ULDFLAGS = \$(shell \$(KRB5CONFIG) --libs gssapi)\n".
+    "ULDFLAGS+= \$(shell \$(KRB5CONFIG) --libs gssapi)\n".
+    "endif\n".
     "endif\n".
     "INSTALL=install\n".
     "INSTALL_PROGRAM=\$(INSTALL)\n".
@@ -1006,8 +1011,6 @@ sub manpages {
     "# You can define this path to point at your tools if you need to\n".
     "# TOOLPATH = /opt/gcc/bin\n".
     "CC = \$(TOOLPATH)cc\n".
-    "# If necessary set the path to krb5-config here\n".
-    "KRB5CONFIG=krb5-config\n".
     "\n".
     "-include Makefile.local\n".
     "\n".
@@ -1017,10 +1020,6 @@ sub manpages {
 	       (join " ", map {"-I$dirpfx$_"} @srcdirs)).
 		 " -D _FILE_OFFSET_BITS=64\n".
     "ULDFLAGS = \$(LDFLAGS)\n".
-    "ifeq (,\$(findstring NO_GSSAPI,\$(COMPAT)))\n".
-    "CFLAGS+= \$(shell \$(KRB5CONFIG) --cflags gssapi)\n".
-    "ULDFLAGS = \$(shell \$(KRB5CONFIG) --libs gssapi)\n".
-    "endif\n".
     "INSTALL=install\n".
     "INSTALL_PROGRAM=\$(INSTALL)\n".
     "INSTALL_DATA=\$(INSTALL)\n".

nogss.c

@@ -0,0 +1,10 @@
+/*
+ * Stub definitions of the GSSAPI library list, for Unix pterm and
+ * any other application that needs the symbols defined but has no
+ * use for them.
+ */
+
+const int ngsslibs = 0;
+const char *const gsslibnames[1] = { "dummy" };
+const char *const gsslibkeywords[1] = { "dummy" };
+

pgssapi.c

@@ -0,0 +1,105 @@
+/* This file actually defines the GSSAPI function pointers for
+ * functions we plan to import from a GSSAPI library.
+ */
+#include "putty.h"
+
+#ifndef NO_GSSAPI
+
+#include "pgssapi.h"
+
+#ifndef NO_LIBDL
+
+/* Reserved static storage for GSS_oids.  Comments are quotes from RFC 2744. */
+static const gss_OID_desc oids[] = {
+    /* The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
+     * GSS_C_NT_USER_NAME should be initialized to point
+     * to that gss_OID_desc.
+
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+     * The constant GSS_C_NT_MACHINE_UID_NAME should be
+     * initialized to point to that gss_OID_desc.
+
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+     * The constant GSS_C_NT_STRING_UID_NAME should be
+     * initialized to point to that gss_OID_desc.
+     *
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) org(3) dod(6) internet(1) security(5)
+     * nametypes(6) gss-host-based-services(2)).  The constant
+     * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
+     * to that gss_OID_desc.  This is a deprecated OID value, and
+     * implementations wishing to support hostbased-service names
+     * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
+     * defined below, to identify such names;
+     * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
+     * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
+     * parameter, but should not be emitted by GSS-API
+     * implementations
+     *
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+     {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"},
+    /* corresponding to an object-identifier value of {iso(1)
+     * member-body(2) Unites States(840) mit(113554) infosys(1)
+     * gssapi(2) generic(1) service_name(4)}.  The constant
+     * GSS_C_NT_HOSTBASED_SERVICE should be initialized
+     * to point to that gss_OID_desc.
+     *
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {6, (void *)"\x2b\x06\01\x05\x06\x03"},
+    /* corresponding to an object identifier value of
+     * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+     * 6(nametypes), 3(gss-anonymous-name)}.  The constant
+     * and GSS_C_NT_ANONYMOUS should be initialized to point
+     * to that gss_OID_desc.
+     *
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
+     /* corresponding to an object-identifier value of
+     * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+     * 6(nametypes), 4(gss-api-exported-name)}.  The constant
+     * GSS_C_NT_EXPORT_NAME should be initialized to point
+     * to that gss_OID_desc.
+     */
+};
+
+/* Here are the constants which point to the static structure above.
+ *
+ * Constants of the form GSS_C_NT_* are specified by rfc 2744.
+ */
+const_gss_OID GSS_C_NT_USER_NAME           = oids+0;
+const_gss_OID GSS_C_NT_MACHINE_UID_NAME    = oids+1;
+const_gss_OID GSS_C_NT_STRING_UID_NAME     = oids+2;
+const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3;
+const_gss_OID GSS_C_NT_HOSTBASED_SERVICE   = oids+4;
+const_gss_OID GSS_C_NT_ANONYMOUS           = oids+5;
+const_gss_OID GSS_C_NT_EXPORT_NAME         = oids+6;
+
+#endif /* NO_LIBDL */
+
+static gss_OID_desc gss_mech_krb5_desc =
+{ 9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
+/* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)*/
+const gss_OID GSS_MECH_KRB5 = &gss_mech_krb5_desc;
+
+#endif /* NO_GSSAPI */