In gss_acquire_cred_with_password() and gss_add_cred_with_password(),
authorGreg Hudson <ghudson@mit.edu>
Thu, 20 May 2010 15:13:06 +0000 (15:13 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 20 May 2010 15:13:06 +0000 (15:13 +0000)
require desired_name to be set, and always honor it.  This is
consistent with the Sun implementation and simplifies the code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24072 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c

index f8663038252159fcc43f2a63ad545b4300ad7cb6..3030ee741194c5dbaced1b0816370a418d3d181f 100644 (file)
@@ -64,6 +64,9 @@ val_acq_cred_pw_args(
 
     /* Validate arguments. */
 
+    if (desired_name == GSS_C_NO_NAME)
+       return (GSS_S_BAD_NAME);
+
     if (minor_status == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
@@ -270,6 +273,9 @@ val_add_cred_pw_args(
 
     /* Validate arguments. */
 
+    if (desired_name == GSS_C_NO_NAME)
+       return (GSS_S_BAD_NAME);
+
     if (minor_status == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
@@ -371,24 +377,20 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
        if (gssint_get_mechanism_cred(union_cred, desired_mech) !=
            GSS_C_NO_CREDENTIAL)
            return (GSS_S_DUPLICATE_ELEMENT);
-
-       /* may need to create a mechanism specific name */
-       if (desired_name) {
-           union_name = (gss_union_name_t)desired_name;
-           if (union_name->mech_type &&
-               g_OID_equal(union_name->mech_type,
-                           &mech->mech_type))
-               internal_name = union_name->mech_name;
-           else {
-               if (gssint_import_internal_name(minor_status,
-                                               &mech->mech_type, union_name,
-                                               &allocated_name) != GSS_S_COMPLETE)
-                   return (GSS_S_BAD_NAME);
-               internal_name = allocated_name;
-           }
-       }
     }
 
+    /* may need to create a mechanism specific name */
+    union_name = (gss_union_name_t)desired_name;
+    if (union_name->mech_type && g_OID_equal(union_name->mech_type,
+                                            &mech->mech_type))
+       internal_name = union_name->mech_name;
+    else {
+       if (gssint_import_internal_name(minor_status,
+                                       &mech->mech_type, union_name,
+                                       &allocated_name) != GSS_S_COMPLETE)
+           return (GSS_S_BAD_NAME);
+       internal_name = allocated_name;
+    }
 
     if (cred_usage == GSS_C_ACCEPT)
        time_req = acceptor_time_req;
@@ -420,28 +422,11 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
        union_cred->auxinfo.time_rec = time_rec;
        union_cred->auxinfo.cred_usage = cred_usage;
 
-       /*
-        * we must set the name; if name is not supplied
-        * we must do inquire cred to get it
-        */
-       if (internal_name == NULL) {
-           if (mech->gss_inquire_cred == NULL ||
-               ((status = mech->gss_inquire_cred(
-                     &temp_minor_status, cred,
-                     &allocated_name, NULL, NULL,
-                     NULL)) != GSS_S_COMPLETE))
-               goto errout;
-           internal_name = allocated_name;
-       }
-
-       if (internal_name != GSS_C_NO_NAME) {
-           status = mech->gss_display_name(&temp_minor_status, internal_name,
-                                           &union_cred->auxinfo.name,
-                                           &union_cred->auxinfo.name_type);
-
-           if (status != GSS_S_COMPLETE)
-               goto errout;
-       }
+       status = mech->gss_display_name(&temp_minor_status, internal_name,
+                                       &union_cred->auxinfo.name,
+                                       &union_cred->auxinfo.name_type);
+       if (status != GSS_S_COMPLETE)
+           goto errout;
     }
 
     /* now add the new credential elements */