Eliminate the mechglue union cred auxinfo field
authorGreg Hudson <ghudson@mit.edu>
Mon, 5 Sep 2011 16:07:48 +0000 (16:07 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 5 Sep 2011 16:07:48 +0000 (16:07 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/mechglue/g_accept_sec_context.c
src/lib/gssapi/mechglue/g_acquire_cred.c
src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
src/lib/gssapi/mechglue/g_inq_cred.c
src/lib/gssapi/mechglue/g_rel_cred.c
src/lib/gssapi/mechglue/g_set_cred_option.c
src/lib/gssapi/mechglue/mglueP.h

index 9af8752d634d904fdd6ec21480b7479049eeee11..f6afc4517e7711102bc62d409133b7656018c6b0 100644 (file)
@@ -288,53 +288,7 @@ gss_cred_id_t *            d_cred;
                        goto error_out;
                    }
 
-                   d_u_cred->auxinfo.creation_time = time(0);
-                   d_u_cred->auxinfo.time_rec = 0;
                    d_u_cred->loopback = d_u_cred;
-
-                   internal_name = GSS_C_NO_NAME;
-
-                   if (mech->gss_inquire_cred) {
-                       status = mech->gss_inquire_cred(minor_status,
-                                                       tmp_d_cred,
-                                                       &internal_name,
-                                                       &d_u_cred->auxinfo.time_rec,
-                                                       &d_u_cred->auxinfo.cred_usage,
-                                                       NULL);
-                       if (status != GSS_S_COMPLETE)
-                           map_error(minor_status, mech);
-                   }
-
-                   if (internal_name != GSS_C_NO_NAME) {
-                       /* consumes internal_name regardless of success */
-                       temp_status = gssint_convert_name_to_union_name(
-                           &temp_minor_status, mech,
-                           internal_name, &tmp_src_name);
-                       if (temp_status != GSS_S_COMPLETE) {
-                           *minor_status = temp_minor_status;
-                           map_error(minor_status, mech);
-                           if (output_token->length)
-                               (void) gss_release_buffer(
-                                   &temp_minor_status,
-                                   output_token);
-                           (void) gss_release_oid(&temp_minor_status,
-                                                  &actual_mech);
-                           free(d_u_cred->cred_array);
-                           free(d_u_cred);
-                           return (temp_status);
-                       }
-
-                       if (tmp_src_name != GSS_C_NO_NAME) {
-                           status = gss_display_name(
-                               &temp_minor_status,
-                               tmp_src_name,
-                               &d_u_cred->auxinfo.name,
-                               &d_u_cred->auxinfo.name_type);
-                           (void) gss_release_name(&temp_minor_status,
-                                                   &tmp_src_name);
-                       }
-                   }
-
                    *d_cred = (gss_cred_id_t)d_u_cred;
                }
            }
index 63d390552dff68f921f967fe32662d44ce44697d..faa8e406ad09e21d7d7524d66440aaf63b099a1f 100644 (file)
@@ -369,36 +369,6 @@ gss_add_cred(minor_status, input_cred_handle,
        goto errout;
     }
 
-    /* may need to set credential auxinfo strucutre */
-    if (union_cred->auxinfo.creation_time == 0) {
-       union_cred->auxinfo.creation_time = time(NULL);
-       union_cred->auxinfo.time_rec = time_rec;
-       union_cred->auxinfo.cred_usage = cred_usage;
-
-       /*
-        * we must set the name; if name is not supplied
-        * we must do inquire cred to get it
-        */
-       if (internal_name == NULL) {
-           if (mech->gss_inquire_cred == NULL ||
-               ((status = mech->gss_inquire_cred(
-                     &temp_minor_status, cred,
-                     &allocated_name, NULL, NULL,
-                     NULL)) != GSS_S_COMPLETE))
-               goto errout;
-           internal_name = allocated_name;
-       }
-
-       if (internal_name != GSS_C_NO_NAME) {
-           status = mech->gss_display_name(&temp_minor_status, internal_name,
-                                           &union_cred->auxinfo.name,
-                                           &union_cred->auxinfo.name_type);
-
-           if (status != GSS_S_COMPLETE)
-               goto errout;
-       }
-    }
-
     /* now add the new credential elements */
     new_mechs_array = (gss_OID)
        malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
@@ -489,11 +459,8 @@ errout:
                                           &mech->mech_type,
                                           &allocated_name);
 
-    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
-       if (union_cred->auxinfo.name.value)
-           free(union_cred->auxinfo.name.value);
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
        free(union_cred);
-    }
 
     return (status);
 }
index 972d1c50c5def5d0ef9239f64a9f60588f90c0ab..ddaac25042f29cd6c92c558d3dd149c2d4502746 100644 (file)
@@ -416,36 +416,6 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
        goto errout;
     }
 
-    /* may need to set credential auxinfo strucutre */
-    if (union_cred->auxinfo.creation_time == 0) {
-       union_cred->auxinfo.creation_time = time(NULL);
-       union_cred->auxinfo.time_rec = time_rec;
-       union_cred->auxinfo.cred_usage = cred_usage;
-
-       /*
-        * we must set the name; if name is not supplied
-        * we must do inquire cred to get it
-        */
-       if (internal_name == NULL) {
-           if (mech->gss_inquire_cred == NULL ||
-               ((status = mech->gss_inquire_cred(
-                     &temp_minor_status, cred,
-                     &allocated_name, NULL, NULL,
-                     NULL)) != GSS_S_COMPLETE))
-               goto errout;
-           internal_name = allocated_name;
-       }
-
-       if (internal_name != GSS_C_NO_NAME) {
-           status = mech->gss_display_name(&temp_minor_status, internal_name,
-                                           &union_cred->auxinfo.name,
-                                           &union_cred->auxinfo.name_type);
-
-           if (status != GSS_S_COMPLETE)
-               goto errout;
-       }
-    }
-
     /* now add the new credential elements */
     new_mechs_array = (gss_OID)
        malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
@@ -536,11 +506,8 @@ errout:
                                           &mech->mech_type,
                                           &allocated_name);
 
-    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
-       if (union_cred->auxinfo.name.value)
-           free(union_cred->auxinfo.name.value);
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
        free(union_cred);
-    }
 
     return (status);
 }
index 92b30bafe9e505f2434728d43f46bf328e2834de..6ac650b35e9ea284e651b6bb5555053aa31a26a3 100644 (file)
@@ -416,19 +416,6 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
        goto errout;
     }
 
-    /* may need to set credential auxinfo strucutre */
-    if (union_cred->auxinfo.creation_time == 0) {
-       union_cred->auxinfo.creation_time = time(NULL);
-       union_cred->auxinfo.time_rec = time_rec;
-       union_cred->auxinfo.cred_usage = cred_usage;
-
-       status = mech->gss_display_name(&temp_minor_status, internal_name,
-                                       &union_cred->auxinfo.name,
-                                       &union_cred->auxinfo.name_type);
-       if (status != GSS_S_COMPLETE)
-           goto errout;
-    }
-
     /* now add the new credential elements */
     new_mechs_array = (gss_OID)
        malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
@@ -519,11 +506,8 @@ errout:
                                           &mech->mech_type,
                                           &allocated_name);
 
-    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) {
-       if (union_cred->auxinfo.name.value)
-           free(union_cred->auxinfo.name.value);
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
        free(union_cred);
-    }
 
     return (status);
 }
index bba0ecb144888429f1828eed078b6eb2f55f4664..3c09d6103ea3bf0c2bf486a63ad013e42de5797b 100644 (file)
@@ -50,10 +50,13 @@ int *                       cred_usage;
 gss_OID_set *          mechanisms;
 
 {
-    OM_uint32          status, elapsed_time, temp_minor_status;
-    gss_cred_id_t      defcred = GSS_C_NO_CREDENTIAL;
+    OM_uint32          status, temp_minor_status;
     gss_union_cred_t   union_cred;
+    gss_mechanism      mech;
+    gss_cred_id_t      mech_cred;
+    gss_name_t         mech_name;
     int                        i;
+    gss_OID_set                mechs = NULL;
 
     /* Initialize outputs. */
 
@@ -70,54 +73,47 @@ gss_OID_set *               mechanisms;
     if (minor_status == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       /* Acquire a default initiator credential to query. */
-       status = gss_acquire_cred(minor_status, GSS_C_NO_NAME,
-                                 GSS_C_INDEFINITE, GSS_C_NULL_OID_SET,
-                                 GSS_C_INITIATE, &defcred, NULL, NULL);
-       if (status != GSS_S_COMPLETE)
-           return (status);
-
-       cred_handle = defcred;
-    }
-
-    /* get the cred_handle cast as a union_credentials structure */
-
-    union_cred = (gss_union_cred_t) cred_handle;
-
     /*
-     * get the information out of the union_cred structure that was
-     * placed there during gss_acquire_cred.
+     * XXX We should iterate over all mechanisms in the credential and
+     * aggregate the results.  This requires a union name structure containing
+     * multiple mechanism names, which we don't currently have.  For now,
+     * inquire the first mechanism in the credential; this is consistent with
+     * our historical behavior.
      */
 
-    if(cred_usage != NULL)
-       *cred_usage = union_cred->auxinfo.cred_usage;
-
-    if(lifetime != NULL) {
-       elapsed_time = time(0) - union_cred->auxinfo.creation_time;
-       *lifetime = union_cred->auxinfo.time_rec < elapsed_time ? 0 :
-       union_cred->auxinfo.time_rec - elapsed_time;
+    /* Determine mechanism and mechanism credential. */
+    if (cred_handle != GSS_C_NO_CREDENTIAL) {
+       union_cred = (gss_union_cred_t) cred_handle;
+       if (union_cred->count <= 0)
+           return (GSS_S_DEFECTIVE_CREDENTIAL);
+       mech_cred = union_cred->cred_array[0];
+       mech = gssint_get_mechanism(&union_cred->mechs_array[0]);
+    } else {
+       union_cred = NULL;
+       mech_cred = GSS_C_NO_CREDENTIAL;
+       mech = gssint_get_mechanism(GSS_C_NULL_OID);
     }
+    if (mech == NULL)
+       return (GSS_S_DEFECTIVE_CREDENTIAL);
+    if (!mech->gss_inquire_cred)
+       return (GSS_S_UNAVAILABLE);
 
-    /*
-     * if name is non_null,
-     * call gss_import_name(), giving it the printable name held within
-     * union_cred in order to get an internal name to pass back to the
-     * caller. If this call fails, return failure to our caller.
-     */
+    status = mech->gss_inquire_cred(minor_status, mech_cred,
+                                   name ? &mech_name : NULL,
+                                   lifetime, cred_usage, NULL);
+    if (status != GSS_S_COMPLETE) {
+       map_error(minor_status, mech);
+       return(status);
+    }
 
-    if(name != NULL) {
-       if (union_cred->auxinfo.name.length == 0) {
-           *name = GSS_C_NO_NAME;
-       } else if ((gss_import_name(&temp_minor_status,
-                            &union_cred->auxinfo.name,
-                            union_cred->auxinfo.name_type,
-                            name) != GSS_S_COMPLETE) ||
-           (gss_canonicalize_name(minor_status, *name,
-                                  &union_cred->mechs_array[0],
-                                  NULL) != GSS_S_COMPLETE)) {
-           status = GSS_S_DEFECTIVE_CREDENTIAL;
-           goto error;
+    if (name) {
+       /* Convert mech_name into a union_name equivalent. */
+       status = gssint_convert_name_to_union_name(&temp_minor_status,
+                                                  mech, mech_name, name);
+       if (status != GSS_S_COMPLETE) {
+           *minor_status = temp_minor_status;
+           map_error(minor_status, mech);
+           return (status);
        }
     }
 
@@ -128,34 +124,32 @@ gss_OID_set *             mechanisms;
 
     if(mechanisms != NULL) {
        status = GSS_S_FAILURE;
-       *mechanisms = (gss_OID_set) malloc(sizeof(gss_OID_set_desc));
-       if (*mechanisms == NULL)
+       mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc));
+       if (mechs == NULL)
            goto error;
-
-       (*mechanisms)->count = 0;
-       (*mechanisms)->elements =
-           (gss_OID) malloc(sizeof(gss_OID_desc) *
-                            union_cred->count);
-
-       if ((*mechanisms)->elements == NULL) {
-           free(*mechanisms);
-           *mechanisms = NULL;
+       mechs->count = 0;
+       mechs->elements = malloc(sizeof(gss_OID_desc) *
+                                        (union_cred ? union_cred->count : 1));
+       if (mechs->elements == NULL)
            goto error;
-       }
 
-       for(i=0; i < union_cred->count; i++) {
-           (*mechanisms)->elements[i].elements = (void *)
-               malloc(union_cred->mechs_array[i].length);
-           if ((*mechanisms)->elements[i].elements == NULL)
-               goto error;
-           g_OID_copy(&(*mechanisms)->elements[i],
-                      &union_cred->mechs_array[i]);
-           (*mechanisms)->count++;
+       if (union_cred) {
+           for (i = 0; i < union_cred->count; i++) {
+               mechs->elements[i].elements =
+                   malloc(union_cred->mechs_array[i].length);
+               if (mechs->elements[i].elements == NULL)
+                   goto error;
+               g_OID_copy(&mechs->elements[i], &union_cred->mechs_array[i]);
+               mechs->count++;
+           }
+       } else {
+           mechs->elements[0].elements = malloc(mech->mech_type.length);
+           g_OID_copy(&mechs->elements[0], &mech->mech_type);
+           mechs->count++;
        }
+       *mechanisms = mechs;
     }
 
-    if (defcred)
-       (void) gss_release_cred(&temp_minor_status, &defcred);
     return(GSS_S_COMPLETE);
 
 error:
@@ -165,15 +159,12 @@ error:
      * count always references the currently copied number of
      * elements.
      */
-    if (mechanisms && *mechanisms != NULL)
-       (void) gss_release_oid_set(&temp_minor_status, mechanisms);
+    if (mechs != NULL)
+       (void) gss_release_oid_set(&temp_minor_status, &mechs);
 
     if (name && *name != NULL)
        (void) gss_release_name(&temp_minor_status, name);
 
-    if (defcred)
-       (void) gss_release_cred(&temp_minor_status, &defcred);
-
     return (status);
 }
 
index 50426d9ddf8278b34538ffe75d6fbfbce36c03aa..ccdee05a56254ee9ca894a8f0c0cef6381c7bd7f 100644 (file)
@@ -91,7 +91,6 @@ gss_cred_id_t *               cred_handle;
            status = GSS_S_DEFECTIVE_CREDENTIAL;
     }
 
-    gss_release_buffer(minor_status, &union_cred->auxinfo.name);
     free(union_cred->cred_array);
     free(union_cred->mechs_array);
     free(union_cred);
index b530b1e053741eec1ffa8fdbb345c35477be281c..90e5756e51996d0ed8d0fc7629a85a8d6d0aefd4 100644 (file)
@@ -41,15 +41,9 @@ alloc_union_cred(OM_uint32 *minor_status,
     OM_uint32          status;
     OM_uint32          temp_minor_status;
     gss_union_cred_t   cred = NULL;
-    gss_name_t         mech_name = GSS_C_NO_NAME;
 
     *pcred = NULL;
 
-    if (mech->gss_inquire_cred == NULL) {
-       status = GSS_S_BAD_MECH;
-       goto cleanup;
-    }
-
     status = GSS_S_FAILURE;
 
     cred = calloc(1, sizeof(*cred));
@@ -74,33 +68,12 @@ alloc_union_cred(OM_uint32 *minor_status,
     if (status != GSS_S_COMPLETE)
         goto cleanup;
 
-    cred->auxinfo.creation_time = (OM_uint32)time(NULL);
-
-    status = mech->gss_inquire_cred(minor_status,
-                                   mech_cred,
-                                   &mech_name,
-                                   &cred->auxinfo.time_rec,
-                                   &cred->auxinfo.cred_usage,
-                                   NULL);
-    if (status != GSS_S_COMPLETE)
-       goto cleanup;
-
-    if (mech_name != GSS_C_NO_NAME) {
-       status = mech->gss_display_name(minor_status,
-                                       mech_name,
-                                       &cred->auxinfo.name,
-                                       &cred->auxinfo.name_type);
-       if (status != GSS_S_COMPLETE)
-           goto cleanup;
-    }
-
     status = GSS_S_COMPLETE;
     *pcred = cred;
 
 cleanup:
     if (status != GSS_S_COMPLETE)
        gss_release_cred(&temp_minor_status, (gss_cred_id_t *)&cred);
-    mech->gss_release_name(&temp_minor_status, &mech_name);
 
     return status;
 }
index 2a80f19546a0b27672fc93399d7a2cbeb4fe346b..b34dd7ce316f9f49093f09e3eb5333968ea19180 100644 (file)
@@ -54,17 +54,6 @@ typedef struct gss_mech_spec_name_t {
     struct gss_mech_spec_name_t        *next, *prev;
 } gss_mech_spec_name_desc, *gss_mech_spec_name;
 
-/*
- * Credential auxiliary info, used in the credential structure
- */
-typedef struct gss_union_cred_auxinfo {
-       gss_buffer_desc         name;
-       gss_OID                 name_type;
-       OM_uint32               creation_time;
-       OM_uint32               time_rec;
-       int                     cred_usage;
-} gss_union_cred_auxinfo;
-
 /*
  * Set of Credentials typed on mechanism OID
  */
@@ -73,7 +62,6 @@ typedef struct gss_cred_id_struct {
        int                     count;
        gss_OID                 mechs_array;
        gss_cred_id_t           *cred_array;
-       gss_union_cred_auxinfo  auxinfo;
 } gss_union_cred_desc, *gss_union_cred_t;
 
 typedef        OM_uint32 (KRB5_CALLCONV *gss_acquire_cred_with_password_sfct)(