From 80729efe17cf587c01e0a9dd0d6b43168a58579f Mon Sep 17 00:00:00 2001
From: Dan Breslau <dbreslau@painless-security.com>
Date: Fri, 28 Jul 2017 17:52:13 -0400
Subject: [PATCH] Fix for building mech_eap on Centos 6. (This should also work
 for Debian 7.) The version of gssapi.h that comes with krb5 10.x is broken:
 Some declarations that should have been pointers were structs instead. This
 fix detects that problem during configure, and provides #defines to redirect
 to the correct declarations.

---
 acinclude.m4                |  5 +++--
 mech_eap/gssapiP_eap.h      |  4 +++-
 mech_eap/gssapi_headerfix.h | 20 ++++++++++++++++++++
 mech_eap/util.h             |  1 +
 mech_eap/util_attr.h        |  2 ++
 5 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 mech_eap/gssapi_headerfix.h

diff --git a/acinclude.m4 b/acinclude.m4
index 9da57ed..011eab2 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -56,8 +56,9 @@ else
 	AC_CHECK_LIB(krb5, GSS_C_NT_COMPOSITE_EXPORT, [AC_DEFINE_UNQUOTED([HAVE_GSS_C_NT_COMPOSITE_EXPORT], 1, [Define if GSS-API library supports recent naming extensions draft])], [], "$KRB5_LIBS")
 	AC_CHECK_LIB(krb5, gss_inquire_attrs_for_mech, [AC_DEFINE_UNQUOTED([HAVE_GSS_INQUIRE_ATTRS_FOR_MECH], 1, [Define if GSS-API library supports RFC 5587])], [], "$KRB5_LIBS")
 	AC_CHECK_LIB(krb5, gss_krb5_import_cred, [AC_DEFINE_UNQUOTED([HAVE_GSS_KRB5_IMPORT_CRED], 1, [Define if GSS-API library supports gss_krb5_import_cred])], [], "$KRB5_LIBS")
-	AC_CHECK_LIB(krb5, heimdal_version, [AC_DEFINE_UNQUOTED([HAVE_HEIMDAL_VERSION], 1, [Define if building against Heimdal Kerberos implementation]), heimdal=yes], [heimdal=no], "$KRB5_LIBS")
-	AM_CONDITIONAL(HEIMDAL, test "x$heimdal" != "xno")
+        AC_CHECK_LIB(krb5, heimdal_version, [AC_DEFINE_UNQUOTED([HAVE_HEIMDAL_VERSION], 1, [Define if building against Heimdal Kerberos implementation]), heimdal=yes], [heimdal=no], "$KRB5_LIBS")
+        AM_CONDITIONAL(HEIMDAL, test "x$heimdal" != "xno")
+        AC_CHECK_TYPE(gss_const_name_t, [AC_DEFINE([MECHEAP_GSS_CONST_NAME_T_IS_POINTER], 1, [Define if gss_const_name_t is a pointer. Broken krb5 10.x headers define it as a struct.])], [], [[#include <gssapi/gssapi.h>"]])
 fi
 ])dnl
 
diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index 8a86569..899337b 100644
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -83,7 +83,7 @@ typedef const gss_OID_desc *gss_const_OID;
 
 /* Kerberos headers */
 #include <krb5.h>
-#include <com_err.h>
+#include <et/com_err.h>
 
 /* EAP headers */
 #include <includes.h>
@@ -101,6 +101,7 @@ typedef const gss_OID_desc *gss_const_OID;
 #include <radsec/radius.h>
 #endif
 
+#include "gssapi_headerfix.h"
 #include "gsseap_err.h"
 #include "radsec_err.h"
 #include "util.h"
@@ -252,6 +253,7 @@ struct gss_ctx_id_struct
     const struct gss_eap_token_buffer_set *outputTokens;
 };
 
+
 #define TOK_FLAG_SENDER_IS_ACCEPTOR         0x01
 #define TOK_FLAG_WRAP_CONFIDENTIAL          0x02
 #define TOK_FLAG_ACCEPTOR_SUBKEY            0x04
diff --git a/mech_eap/gssapi_headerfix.h b/mech_eap/gssapi_headerfix.h
new file mode 100644
index 0000000..702ed19
--- /dev/null
+++ b/mech_eap/gssapi_headerfix.h
@@ -0,0 +1,20 @@
+#ifndef KRB_HEADER_FIX_H
+#define KRB_HEADER_FIX_H
+
+#ifndef MECHEAP_GSS_CONST_NAME_T_IS_POINTER
+/* The 10.x releases of the MIT Kerberos library defined gss_const_ctx_id_t,
+ * gss_const_cred_id_t, and gss_const_name_t as structs. 
+ * They should be pointers. We define our own typedefs instead.
+ */
+
+
+typedef const struct gss_ctx_id_struct *gss_mecheap_const_ctx_id_t;
+typedef const struct gss_cred_id_struct *gss_mecheap_const_cred_id_t;
+typedef const struct gss_name_struct *gss_mecheap_const_name_t;
+
+#define gss_const_ctx_id_t gss_mecheap_const_ctx_id_t
+#define gss_const_cred_id_t gss_mecheap_const_cred_id_t
+#define gss_const_name_t gss_mecheap_const_name_t
+#endif
+
+#endif
diff --git a/mech_eap/util.h b/mech_eap/util.h
index 5475dca..588af67 100644
--- a/mech_eap/util.h
+++ b/mech_eap/util.h
@@ -71,6 +71,7 @@
 #include <errno.h>
 
 #include <krb5.h>
+#include "gssapi_headerfix.h"
 
 #ifdef WIN32
 # ifndef __cplusplus
diff --git a/mech_eap/util_attr.h b/mech_eap/util_attr.h
index d6c0a0f..6a6dfe1 100644
--- a/mech_eap/util_attr.h
+++ b/mech_eap/util_attr.h
@@ -41,6 +41,8 @@
 #include <string>
 #include <new>
 
+#include "gssapi_headerfix.h"
+
 using namespace gss_eap_util;
 
 struct gss_eap_attr_provider;
-- 
2.1.4