Remove pointer validation code from the gss krb5 mech
authorGreg Hudson <ghudson@mit.edu>
Wed, 13 Apr 2011 15:15:56 +0000 (15:15 +0000)
committerGreg Hudson <ghudson@mit.edu>
Wed, 13 Apr 2011 15:15:56 +0000 (15:15 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24877 dc483132-0cff-0310-8789-dd5450dbe970

35 files changed:
src/lib/gssapi/generic/Makefile.in
src/lib/gssapi/generic/gssapiP_generic.h
src/lib/gssapi/generic/util_validate.c [deleted file]
src/lib/gssapi/generic/utl_nohash_validate.c [deleted file]
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/compare_name.c
src/lib/gssapi/krb5/context_time.c
src/lib/gssapi/krb5/delete_sec_context.c
src/lib/gssapi/krb5/disp_name.c
src/lib/gssapi/krb5/duplicate_name.c
src/lib/gssapi/krb5/export_name.c
src/lib/gssapi/krb5/export_sec_context.c
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/gssapi_krb5.c
src/lib/gssapi/krb5/iakerb.c
src/lib/gssapi/krb5/import_name.c
src/lib/gssapi/krb5/import_sec_context.c
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/inq_context.c
src/lib/gssapi/krb5/inq_cred.c
src/lib/gssapi/krb5/k5seal.c
src/lib/gssapi/krb5/k5sealiov.c
src/lib/gssapi/krb5/k5unseal.c
src/lib/gssapi/krb5/k5unsealiov.c
src/lib/gssapi/krb5/lucid_context.c
src/lib/gssapi/krb5/naming_exts.c
src/lib/gssapi/krb5/prf.c
src/lib/gssapi/krb5/process_context_token.c
src/lib/gssapi/krb5/rel_cred.c
src/lib/gssapi/krb5/rel_name.c
src/lib/gssapi/krb5/s4u_gss_glue.c
src/lib/gssapi/krb5/ser_sctx.c
src/lib/gssapi/krb5/val_cred.c
src/lib/gssapi/krb5/wrap_size_limit.c

index 9221d0b9a29f97367dff2f241e3c83d461662105..a9f6bfd3c30b7362200ee2bc942daea8c60fa8ee 100644 (file)
@@ -60,14 +60,6 @@ gssapi.h: gssapi.hin
 ##DOS##gssapi.h: gssapi.hin
 ##DOS##        $(CP) $** $@
 
-#if HasHashLibrary
-# UTIL_VALIDATE_SRC= $(srcdir)/util_validate.c
-# UTIL_VALIDATE_OBJ= util_validate.$(OBJEXT)
-#else
-#UTIL_VALIDATE_SRC= $(srcdir)/utl_nohash_validate.c
-#UTIL_VALIDATE_OBJ= utl_nohash_validate.$(OBJEXT)
-#endif
-
 SRCS = \
        $(srcdir)/disp_com_err_status.c \
        $(srcdir)/disp_major_status.c \
@@ -81,7 +73,6 @@ SRCS = \
        $(srcdir)/util_ordering.c \
        $(srcdir)/util_set.c \
        $(srcdir)/util_token.c \
-       $(srcdir)/util_validate.c \
        gssapi_err_generic.c
 
 OBJS = \
@@ -97,7 +88,6 @@ OBJS = \
        $(OUTPRE)util_ordering.$(OBJEXT) \
        $(OUTPRE)util_set.$(OBJEXT) \
        $(OUTPRE)util_token.$(OBJEXT) \
-       $(OUTPRE)util_validate.$(OBJEXT) \
        $(OUTPRE)gssapi_err_generic.$(OBJEXT)
 
 STLIBOBJS = \
@@ -113,7 +103,6 @@ STLIBOBJS = \
        util_ordering.o \
        util_set.o \
        util_token.o \
-       util_validate.o \
        gssapi_err_generic.o
 
 EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h
index f3af8a4d11d29a201cedc214a9dd64a1fdb7f24b..e084b81bd051d5079c4e97713e6c3e59a9ba3c21 100644 (file)
@@ -103,18 +103,6 @@ typedef UINT64_TYPE gssint_uint64;
 #define g_set_entry_add         gssint_g_set_entry_add
 #define g_set_entry_delete      gssint_g_set_entry_delete
 #define g_set_entry_get         gssint_g_set_entry_get
-#define g_save_name             gssint_g_save_name
-#define g_save_cred_id          gssint_g_save_cred_id
-#define g_save_ctx_id           gssint_g_save_ctx_id
-#define g_save_lucidctx_id      gssint_g_save_lucidctx_id
-#define g_validate_name         gssint_g_validate_name
-#define g_validate_cred_id      gssint_g_validate_cred_id
-#define g_validate_ctx_id       gssint_g_validate_ctx_id
-#define g_validate_lucidctx_id  gssint_g_validate_lucidctx_id
-#define g_delete_name           gssint_g_delete_name
-#define g_delete_cred_id        gssint_g_delete_cred_id
-#define g_delete_ctx_id         gssint_g_delete_ctx_id
-#define g_delete_lucidctx_id    gssint_g_delete_lucidctx_id
 #define g_make_string_buffer    gssint_g_make_string_buffer
 #define g_token_size            gssint_g_token_size
 #define g_make_token_header     gssint_g_make_token_header
diff --git a/src/lib/gssapi/generic/util_validate.c b/src/lib/gssapi/generic/util_validate.c
deleted file mode 100644 (file)
index afb47ea..0000000
+++ /dev/null
@@ -1,314 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright 1993 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * $Id$
- */
-
-/*
- * functions to validate name, credential, and context handles
- */
-
-#include "gssapiP_generic.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <fcntl.h>
-#include <limits.h>
-
-#ifdef HAVE_BSD_DB
-#include <sys/file.h>
-#include <db.h>
-
-static const int one = 1;
-static const DBT dbtone = { (void *) &one, sizeof(one) };
-
-typedef struct _vkey {
-    int type;
-    void *ptr;
-} vkey;
-#endif
-
-#define V_NAME          1
-#define V_CRED_ID       2
-#define V_CTX_ID        3
-#define V_LCTX_ID       4
-
-/* All these functions return 0 on failure, and non-zero on success */
-
-static int g_save(db, type, ptr)
-    g_set *db;
-#ifdef HAVE_BSD_DB
-    int type;
-#else
-    void *type;
-#endif
-    void *ptr;
-{
-    int ret;
-#ifdef HAVE_BSD_DB
-    DB **vdb;
-    vkey vk;
-    DBT key;
-
-    ret = k5_mutex_lock(&db->mutex);
-    if (ret)
-        return 0;
-
-    vdb = (DB **) &db->data;
-
-    if (!*vdb)
-        *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL);
-
-    vk.type = type;
-    vk.ptr = ptr;
-
-    key.data = &vk;
-    key.size = sizeof(vk);
-
-    ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0);
-    k5_mutex_unlock(&db->mutex);
-    return ret;
-#else
-    g_set_elt *gs;
-
-    ret = k5_mutex_lock(&db->mutex);
-    if (ret)
-        return 0;
-
-    gs = (g_set_elt *) &db->data;
-
-    if (!*gs)
-        if (g_set_init(gs)) {
-            k5_mutex_unlock(&db->mutex);
-            return(0);
-        }
-
-    ret = (g_set_entry_add(gs, ptr, type) == 0);
-    k5_mutex_unlock(&db->mutex);
-    return ret;
-#endif
-}
-
-static int g_validate(db, type, ptr)
-    g_set *db;
-#ifdef HAVE_BSD_DB
-    int type;
-#else
-    void *type;
-#endif
-    void *ptr;
-{
-    int ret;
-#ifdef HAVE_BSD_DB
-    DB **vdb;
-    vkey vk;
-    DBT key, value;
-
-    ret = k5_mutex_lock(&db->mutex);
-    if (ret)
-        return 0;
-
-    vdb = (DB **) &db->data;
-    if (!*vdb) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-
-    vk.type = type;
-    vk.ptr = ptr;
-
-    key.data = &vk;
-    key.size = sizeof(vk);
-
-    if ((*((*vdb)->get))(*vdb, &key, &value, 0)) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-
-    k5_mutex_unlock(&db->mutex);
-    return((value.size == sizeof(one)) &&
-           (*((int *) value.data) == one));
-#else
-    g_set_elt *gs;
-    void *value;
-
-    ret = k5_mutex_lock(&db->mutex);
-    if (ret)
-        return 0;
-
-    gs = (g_set_elt *) &db->data;
-    if (!*gs) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-
-    if (g_set_entry_get(gs, ptr, (void **) &value)) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-    k5_mutex_unlock(&db->mutex);
-    return(value == type);
-#endif
-}
-
-static int g_delete(db, type, ptr)
-    g_set *db;
-#ifdef HAVE_BSD_DB
-    int type;
-#else
-    void *type;
-#endif
-    void *ptr;
-{
-    int ret;
-#ifdef HAVE_BSD_DB
-    DB **vdb;
-    vkey vk;
-    DBT key;
-
-    ret = k5_mutex_lock(&db->mutex);
-    if (ret)
-        return 0;
-
-    vdb = (DB **) &db->data;
-    if (!*vdb) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-
-    vk.type = type;
-    vk.ptr = ptr;
-
-    key.data = &vk;
-    key.size = sizeof(vk);
-
-    ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0);
-    k5_mutex_unlock(&db->mutex);
-    return ret;
-#else
-    g_set_elt *gs;
-
-    ret = k5_mutex_lock(&db->mutex);
-    if (ret)
-        return 0;
-
-    gs = (g_set_elt *) &db->data;
-    if (!*gs) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-
-    if (g_set_entry_delete(gs, ptr)) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-    }
-    k5_mutex_unlock(&db->mutex);
-    return(1);
-#endif
-}
-
-/* functions for each type */
-
-/* save */
-
-int g_save_name(vdb, name)
-    g_set *vdb;
-    gss_name_t name;
-{
-    return(g_save(vdb, V_NAME, (void *) name));
-}
-int g_save_cred_id(vdb, cred)
-    g_set *vdb;
-    gss_cred_id_t cred;
-{
-    return(g_save(vdb, V_CRED_ID, (void *) cred));
-}
-int g_save_ctx_id(vdb, ctx)
-    g_set *vdb;
-    gss_ctx_id_t ctx;
-{
-    return(g_save(vdb, V_CTX_ID, (void *) ctx));
-}
-int g_save_lucidctx_id(vdb, lctx)
-    g_set *vdb;
-    void *lctx;
-{
-    return(g_save(vdb, V_LCTX_ID, (void *) lctx));
-}
-
-
-/* validate */
-
-int g_validate_name(vdb, name)
-    g_set *vdb;
-    gss_name_t name;
-{
-    return(g_validate(vdb, V_NAME, (void *) name));
-}
-int g_validate_cred_id(vdb, cred)
-    g_set *vdb;
-    gss_cred_id_t cred;
-{
-    return(g_validate(vdb, V_CRED_ID, (void *) cred));
-}
-int g_validate_ctx_id(vdb, ctx)
-    g_set *vdb;
-    gss_ctx_id_t ctx;
-{
-    return(g_validate(vdb, V_CTX_ID, (void *) ctx));
-}
-int g_validate_lucidctx_id(vdb, lctx)
-    g_set *vdb;
-    void *lctx;
-{
-    return(g_validate(vdb, V_LCTX_ID, (void *) lctx));
-}
-
-/* delete */
-
-int g_delete_name(vdb, name)
-    g_set *vdb;
-    gss_name_t name;
-{
-    return(g_delete(vdb, V_NAME, (void *) name));
-}
-int g_delete_cred_id(vdb, cred)
-    g_set *vdb;
-    gss_cred_id_t cred;
-{
-    return(g_delete(vdb, V_CRED_ID, (void *) cred));
-}
-int g_delete_ctx_id(vdb, ctx)
-    g_set *vdb;
-    gss_ctx_id_t ctx;
-{
-    return(g_delete(vdb, V_CTX_ID, (void *) ctx));
-}
-int g_delete_lucidctx_id(vdb, lctx)
-    g_set *vdb;
-    void *lctx;
-{
-    return(g_delete(vdb, V_LCTX_ID, (void *) lctx));
-}
diff --git a/src/lib/gssapi/generic/utl_nohash_validate.c b/src/lib/gssapi/generic/utl_nohash_validate.c
deleted file mode 100644 (file)
index 1315532..0000000
+++ /dev/null
@@ -1,118 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- *  Copyright 1990,1994 by the Massachusetts Institute of Technology.
- *  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* Stub functions for those without the hash library */
-
-#include "gssapiP_generic.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-/* functions for each type */
-
-/* save */
-
-int g_save_name(vdb, name)
-    void **vdb;
-    gss_name_t *name;
-{
-    return 1;
-}
-int g_save_cred_id(vdb, cred)
-    void **vdb;
-    gss_cred_id_t *cred;
-{
-    return 1;
-}
-int g_save_ctx_id(vdb, ctx)
-    void **vdb;
-    gss_ctx_id_t *ctx;
-{
-    return 1;
-}
-int g_save_lucidctx_id(vdb, lctx)
-    void **vdb;
-    void *lctx;
-{
-    return 1;
-}
-
-/* validate */
-
-int g_validate_name(vdb, name)
-    void **vdb;
-    gss_name_t *name;
-{
-    return 1;
-}
-int g_validate_cred_id(vdb, cred)
-    void **vdb;
-    gss_cred_id_t *cred;
-{
-    return 1;
-}
-int g_validate_ctx_id(vdb, ctx)
-    void **vdb;
-    gss_ctx_id_t *ctx;
-{
-    return 1;
-}
-int g_validate_lucidctx_id(vdb, lctx)
-    void **vdb;
-    void *lctx;
-{
-    return 1;
-}
-
-/* delete */
-
-int g_delete_name(vdb, name)
-    void **vdb;
-    gss_name_t *name;
-{
-    return 1;
-}
-int g_delete_cred_id(vdb, cred)
-    void **vdb;
-    gss_cred_id_t *cred;
-{
-    return 1;
-}
-int g_delete_ctx_id(vdb, ctx)
-    void **vdb;
-    gss_ctx_id_t *ctx;
-{
-    return 1;
-}
-int g_delete_lucidctx_id(vdb, lctx)
-    void **vdb;
-    void *lctx;
-{
-    return 1;
-}
index 4c8d1530638ab596e19d7dad985e1c7a6f2cf56c..a291b7eba81b21c4c3552265bc0c2a58752a57c0 100644 (file)
@@ -346,8 +346,8 @@ kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
     ctx->established = 1;
 
     if (src_name) {
-        if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
-                                      KG_INIT_NAME_INTERN, &name))) {
+        code = kg_duplicate_name(ctx->k5_context, ctx->there, &name);
+        if (code) {
             major_status = GSS_S_FAILURE;
             goto fail;
         }
@@ -905,16 +905,6 @@ kg_accept_krb5(minor_status, context_handle,
     ctx->big_endian = bigend;
     ctx->cred_rcache = cred_rcache;
 
-    /* Intern the ctx pointer so that delete_sec_context works */
-    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-        xfree(ctx);
-        ctx = 0;
-
-        code = G_VALIDATE_FAILED;
-        major_status = GSS_S_FAILURE;
-        goto fail;
-    }
-
     /* XXX move this into gss_name_t */
     if (        (code = krb5_merge_authdata(context,
                                             ticket->enc_part2->authorization_data,
@@ -1161,8 +1151,8 @@ kg_accept_krb5(minor_status, context_handle,
     /* set the return arguments */
 
     if (src_name) {
-        if ((code = kg_duplicate_name(context, ctx->there,
-                                      KG_INIT_NAME_INTERN, &name))) {
+        code = kg_duplicate_name(context, ctx->there, &name);
+        if (code) {
             major_status = GSS_S_FAILURE;
             goto fail;
         }
@@ -1183,15 +1173,8 @@ kg_accept_krb5(minor_status, context_handle,
     if (src_name)
         *src_name = (gss_name_t) name;
 
-    if (delegated_cred_handle) {
-        if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
-            major_status = GSS_S_FAILURE;
-            code = G_VALIDATE_FAILED;
-            goto fail;
-        }
-
+    if (delegated_cred_handle)
         *delegated_cred_handle = (gss_cred_id_t) deleg_cred;
-    }
 
     /* finally! */
 
@@ -1228,13 +1211,13 @@ fail:
         if (deleg_cred->ccache)
             (void)krb5_cc_close(context, deleg_cred->ccache);
         if (deleg_cred->name)
-            kg_release_name(context, 0, &deleg_cred->name);
+            kg_release_name(context, &deleg_cred->name);
         xfree(deleg_cred);
     }
     if (token.value)
         xfree(token.value);
     if (name) {
-        (void) kg_release_name(context, 0, &name);
+        (void) kg_release_name(context, &name);
     }
 
     *minor_status = code;
index 93e188ae948bf1399845ef52fa0beb776353206e..664f07bf6f1c3adb55f2f291938defd7fd9b9bc6 100644 (file)
@@ -240,7 +240,7 @@ acquire_accept_cred(krb5_context context,
         }
 
         assert(cred->name == NULL);
-        code = kg_duplicate_name(context, desired_name, 0, &cred->name);
+        code = kg_duplicate_name(context, desired_name, &cred->name);
         if (code) {
             *minor_status = code;
             return GSS_S_FAILURE;
@@ -650,11 +650,6 @@ acquire_cred(OM_uint32 *minor_status,
             *time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0;
     }
 
-    if (!kg_save_cred_id((gss_cred_id_t)cred)) {
-        ret = GSS_S_FAILURE;
-        goto error_out;
-    }
-
     *minor_status = 0;
     *output_cred_handle = (gss_cred_id_t) cred;
 
@@ -674,7 +669,7 @@ error_out:
             krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
         if (cred->name)
-            kg_release_name(context, 0, &cred->name);
+            kg_release_name(context, &cred->name);
         k5_mutex_destroy(&cred->lock);
         xfree(cred);
     }
@@ -745,11 +740,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 {
     struct acquire_cred_args args;
 
-    if (desired_name && !kg_validate_name(desired_name)) {
-        *minor_status = G_VALIDATE_FAILED;
-        return GSS_S_FAILURE;
-    }
-
     memset(&args, 0, sizeof(args));
     args.desired_name = desired_name;
     args.time_req = time_req;
@@ -775,11 +765,6 @@ iakerb_gss_acquire_cred(minor_status, desired_name, time_req,
 {
     struct acquire_cred_args args;
 
-    if (desired_name && !kg_validate_name(desired_name)) {
-        *minor_status = G_VALIDATE_FAILED;
-        return GSS_S_FAILURE;
-    }
-
     memset(&args, 0, sizeof(args));
     args.desired_name = desired_name;
     args.time_req = time_req;
@@ -803,11 +788,6 @@ krb5_gss_acquire_cred_with_password(OM_uint32 *minor_status,
 {
     struct acquire_cred_args args;
 
-    if (desired_name && !kg_validate_name(desired_name)) {
-        *minor_status = G_VALIDATE_FAILED;
-        return GSS_S_FAILURE;
-    }
-
     memset(&args, 0, sizeof(args));
     args.desired_name = desired_name;
     args.password = password;
@@ -832,11 +812,6 @@ iakerb_gss_acquire_cred_with_password(OM_uint32 *minor_status,
 {
     struct acquire_cred_args args;
 
-    if (desired_name && !kg_validate_name(desired_name)) {
-        *minor_status = G_VALIDATE_FAILED;
-        return GSS_S_FAILURE;
-    }
-
     memset(&args, 0, sizeof(args));
     args.desired_name = desired_name;
     args.password = password;
index 14f707601705a024a0b1b071b06e0001ec9fcab6..6071923628b128daebc9a0887e35a1ad4f3b03b3 100644 (file)
@@ -37,16 +37,6 @@ krb5_gss_compare_name(minor_status, name1, name2, name_equal)
     krb5_context context;
     krb5_error_code code;
 
-    if (! kg_validate_name(name1)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
-
-    if (! kg_validate_name(name2)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
-
     code = krb5_gss_init_context(&context);
     if (code) {
         *minor_status = code;
index df8e088543d196cfa56a82effb8c4ca2d94f18a2..48d2c85216833845f9f2eb88958e022763967d1c 100644 (file)
@@ -38,12 +38,6 @@ krb5_gss_context_time(minor_status, context_handle, time_rec)
     krb5_timestamp now;
     krb5_deltat lifetime;
 
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (! ctx->established) {
index d6b49a0aa22379e6c13f9616c54c34e0c21b76fe..c9b6840eaea36426ec8f198c7c166dcb588d56ec 100644 (file)
@@ -47,13 +47,6 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
         return(GSS_S_COMPLETE);
     }
 
-    /*SUPPRESS 29*/
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(*context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_t) *context_handle;
     context = ctx->k5_context;
 
@@ -72,10 +65,6 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
         }
     }
 
-    /* invalidate the context handle */
-
-    (void)kg_delete_ctx_id(*context_handle);
-
     /* free all the context state */
 
     if (ctx->seqstate)
@@ -88,9 +77,9 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
         krb5_k_free_key(context, ctx->seq);
 
     if (ctx->here)
-        kg_release_name(context, 0, &ctx->here);
+        kg_release_name(context, &ctx->here);
     if (ctx->there)
-        kg_release_name(context, 0, &ctx->there);
+        kg_release_name(context, &ctx->there);
     if (ctx->subkey)
         krb5_k_free_key(context, ctx->subkey);
     if (ctx->acceptor_subkey)
index 79b14f1a933c33351542a52ed85faa7c279343e7..a19f50246f90413fcc0945aba37d9ed7e8f65a26 100644 (file)
@@ -46,11 +46,6 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer,
     output_name_buffer->length = 0;
     output_name_buffer->value = NULL;
 
-    if (! kg_validate_name(input_name)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
     if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) {
         if (krb5_principal_compare(context, k5name->princ,
                                    krb5_anonymous_principal()))
index 256fb5e7582002741e9d95551d321532d9b4f53d..488f14821c1f053b4ff86451e687acd11300c69f 100644 (file)
@@ -44,15 +44,9 @@ OM_uint32 krb5_gss_duplicate_name(OM_uint32  *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (! kg_validate_name(input_name)) {
-        if (minor_status)
-            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
-
     princ = (krb5_gss_name_t)input_name;
-    if ((code = kg_duplicate_name(context, princ, KG_INIT_NAME_INTERN, &outprinc))) {
+    code = kg_duplicate_name(context, princ, &outprinc);
+    if (code) {
         *minor_status = code;
         save_error_info(*minor_status, context);
         krb5_free_context(context);
@@ -60,7 +54,6 @@ OM_uint32 krb5_gss_duplicate_name(OM_uint32  *minor_status,
     }
     krb5_free_context(context);
     *dest_name = (gss_name_t) outprinc;
-    assert(kg_validate_name(*dest_name));
     return(GSS_S_COMPLETE);
 
 }
index c4a1a12413d8bf8d1f26b190c59d24a6557fdaea..424d9266c1b881300c83d0c9808f4e0899a25a15 100644 (file)
@@ -49,13 +49,6 @@ OM_uint32 krb5_gss_export_name(OM_uint32  *minor_status,
     exported_name->length = 0;
     exported_name->value = NULL;
 
-    if (! kg_validate_name(input_name)) {
-        if (minor_status)
-            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
-
     if ((code = krb5_unparse_name(context, ((krb5_gss_name_t) input_name)->princ,
                                   &str))) {
         if (minor_status)
index ac12d82b9a4dbab524e23e46d5bb2ba18f70ff7c..2036352e8f03f8b3a70062857c9e116e6a2f0660 100644 (file)
@@ -44,12 +44,6 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
     retval = GSS_S_FAILURE;
     *minor_status = 0;
 
-    if (!kg_validate_ctx_id(*context_handle)) {
-        kret = (OM_uint32) G_VALIDATE_FAILED;
-        retval = GSS_S_NO_CONTEXT;
-        goto error_out;
-    }
-
     ctx = (krb5_gss_ctx_id_t) *context_handle;
     context = ctx->k5_context;
     kret = krb5_gss_ser_init(context);
index 6649331e726c02501153786bbbb79763b728cfb8..2cb4e9098bff7efddf27f956c37b71d48c8be7bd 100644 (file)
@@ -245,25 +245,6 @@ extern g_set kg_vdb;
 extern k5_mutex_t gssint_krb5_keytab_lock;
 #endif /* LEAN_CLIENT */
 
-/* helper macros */
-
-#define kg_save_name(name)              g_save_name(&kg_vdb,name)
-#define kg_save_cred_id(cred)           g_save_cred_id(&kg_vdb,cred)
-#define kg_save_ctx_id(ctx)             g_save_ctx_id(&kg_vdb,ctx)
-#define kg_save_lucidctx_id(lctx)       g_save_lucidctx_id(&kg_vdb,lctx)
-
-#define kg_validate_name(name)          g_validate_name(&kg_vdb,name)
-#define kg_validate_cred_id(cred)       g_validate_cred_id(&kg_vdb,cred)
-#define kg_validate_ctx_id(ctx)         (g_validate_ctx_id(&kg_vdb,ctx) && \
-                                         ((krb5_gss_ctx_id_t)ctx)->magic == \
-                                         KG_CONTEXT)
-#define kg_validate_lucidctx_id(lctx)   g_validate_lucidctx_id(&kg_vdb,lctx)
-
-#define kg_delete_name(name)            g_delete_name(&kg_vdb,name)
-#define kg_delete_cred_id(cred)         g_delete_cred_id(&kg_vdb,cred)
-#define kg_delete_ctx_id(ctx)           g_delete_ctx_id(&kg_vdb,ctx)
-#define kg_delete_lucidctx_id(lctx)     g_delete_lucidctx_id(&kg_vdb,lctx)
-
 /** helper functions **/
 
 OM_uint32 kg_get_defcred
@@ -891,8 +872,7 @@ OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
 
 /* naming_exts.c */
-#define KG_INIT_NAME_INTERN  0x1
-#define KG_INIT_NAME_NO_COPY 0x2
+#define KG_INIT_NAME_NO_COPY 0x1
 
 krb5_error_code
 kg_init_name(krb5_context context, krb5_principal principal,
@@ -900,14 +880,10 @@ kg_init_name(krb5_context context, krb5_principal principal,
              krb5_flags flags, krb5_gss_name_t *name);
 
 krb5_error_code
-kg_release_name(krb5_context context,
-                krb5_flags flags,
-                krb5_gss_name_t *name);
+kg_release_name(krb5_context context, krb5_gss_name_t *name);
 
 krb5_error_code
-kg_duplicate_name(krb5_context context,
-                  const krb5_gss_name_t src,
-                  krb5_flags flags,
+kg_duplicate_name(krb5_context context, const krb5_gss_name_t src,
                   krb5_gss_name_t *dst);
 
 krb5_boolean
index bc02a0716aaacea7a7341901c38f0eb09e14eae6..a89235396e0cd92067c1d851ccdfd0d0cb1cb0c9 100644 (file)
@@ -367,9 +367,6 @@ krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
 
     *data_set = GSS_C_NO_BUFFER_SET;
 
-    if (!kg_validate_ctx_id(context_handle))
-        return GSS_S_NO_CONTEXT;
-
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (!ctx->established)
@@ -486,15 +483,6 @@ krb5_gss_set_sec_context_option (OM_uint32 *minor_status,
     if (desired_object == GSS_C_NO_OID)
         return GSS_S_CALL_INACCESSIBLE_READ;
 
-    if (*context_handle != GSS_C_NO_CONTEXT) {
-        krb5_gss_ctx_id_rec *ctx;
-
-        if (!kg_validate_ctx_id(*context_handle))
-            return GSS_S_NO_CONTEXT;
-
-        ctx = (krb5_gss_ctx_id_rec *) context_handle;
-    }
-
 #if 0
     for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
              sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
@@ -768,12 +756,6 @@ krb5_gss_pname_to_uid(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(pname)) {
-        *minor = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)pname;
 
     code = krb5_aname_to_localname(context, kname->princ,
@@ -813,11 +795,6 @@ krb5_gss_authorize_localname(OM_uint32 *minor,
         return GSS_S_BAD_NAMETYPE;
     }
 
-    if (!kg_validate_name(pname)) {
-        *minor = (OM_uint32)G_VALIDATE_FAILED;
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)pname;
 
     code = krb5_gss_init_context(&context);
index b58d384da940672175ef6cc0aeb498da9d96314f..deef9cb426897eb01a96a4d40f0a9246b468be67 100644 (file)
@@ -912,12 +912,6 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status,
     } else
         ctx = (iakerb_ctx_id_t)*context_handle;
 
-    if (!kg_validate_name(target_name)) {
-        *minor_status = G_VALIDATE_FAILED;
-        major_status = GSS_S_CALL_BAD_STRUCTURE | GSS_S_BAD_NAME;
-        goto cleanup;
-    }
-
     kname = (krb5_gss_name_t)target_name;
 
     if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
index 2ba178a04031d3d7883243a9d7807fff821576e9..af6182218c00d6af1c55d5e1828a74225193e58c 100644 (file)
@@ -306,7 +306,7 @@ krb5_gss_import_name(minor_status, input_name_buffer,
 
     /* Create a name and save it in the validation database. */
     code = kg_init_name(context, princ, service, host, ad_context,
-                        KG_INIT_NAME_INTERN | KG_INIT_NAME_NO_COPY, &name);
+                        KG_INIT_NAME_NO_COPY, &name);
     if (code)
         goto cleanup;
     princ = NULL;
index daf3577be64be55d138033ddc5e2e8b92e1993d6..144f5689a212a144ca5ebb538e9a5e53f09c1500 100644 (file)
@@ -109,13 +109,6 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
     }
     krb5_free_context(context);
 
-    /* intern the context handle */
-    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-        (void)krb5_gss_delete_sec_context(minor_status,
-                                          (gss_ctx_id_t *) &ctx, NULL);
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_FAILURE);
-    }
     ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
 
     *context_handle = (gss_ctx_id_t) ctx;
index b04330adf93926b15dd7a5db960a40fd77fe1d11..bc945b13165bdd9c2632d19e23473970bd75a46a 100644 (file)
@@ -609,10 +609,11 @@ kg_new_connection(
         ctx->krb_times.endtime = now + time_req;
     }
 
-    if ((code = kg_duplicate_name(context, cred->name, 0, &ctx->here)))
+    if ((code = kg_duplicate_name(context, cred->name, &ctx->here)))
         goto cleanup;
 
-    if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name, 0, &ctx->there)))
+    if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name,
+                                  &ctx->there)))
         goto cleanup;
 
     code = get_credentials(context, cred, ctx->there, now,
@@ -690,12 +691,6 @@ kg_new_connection(
     if (actual_mech_type)
         *actual_mech_type = mech_type;
 
-    /* At this point, the context is constructed and valid; intern it. */
-    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-        code = G_VALIDATE_FAILED;
-        goto cleanup;
-    }
-
     /* return successfully */
 
     *context_handle = (gss_ctx_id_t) ctx;
@@ -719,9 +714,9 @@ cleanup:
         if (ctx_free->auth_context)
             krb5_auth_con_free(context, ctx_free->auth_context);
         if (ctx_free->here)
-            kg_release_name(context, 0, &ctx_free->here);
+            kg_release_name(context, &ctx_free->here);
         if (ctx_free->there)
-            kg_release_name(context, 0, &ctx_free->there);
+            kg_release_name(context, &ctx_free->there);
         if (ctx_free->subkey)
             krb5_k_free_key(context, ctx_free->subkey);
         xfree(ctx_free);
@@ -769,13 +764,6 @@ mutual_auth(
     if (code)
         goto fail;
 
-    /* validate the context handle */
-    /*SUPPRESS 29*/
-    if (! kg_validate_ctx_id(*context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_t) *context_handle;
 
     /* make sure the context is non-established, and that certain
@@ -970,16 +958,6 @@ krb5_gss_init_sec_context_ext(
     if (actual_mech_type)
         *actual_mech_type = NULL;
 
-    /* verify that the target_name is valid and usable */
-
-    if (! kg_validate_name(target_name)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        save_error_info(*minor_status, context);
-        if (*context_handle == GSS_C_NO_CONTEXT)
-            krb5_free_context(context);
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
-
     /* verify the credential, or use the default */
     /*SUPPRESS 29*/
     if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
index 0c926401a9132aff0e691404e99b198ac738a727..94d1c2745e15f1e1e3c42e62ca31ac04aafb6bb4 100644 (file)
@@ -103,12 +103,6 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
     if (acceptor_name)
         *acceptor_name = (gss_name_t) NULL;
 
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (! ctx->established) {
@@ -131,8 +125,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
 
     if (initiator_name) {
         if ((code = kg_duplicate_name(context,
-                                      ctx->initiate?ctx->here:ctx->there,
-                                      KG_INIT_NAME_INTERN,
+                                      ctx->initiate ? ctx->here : ctx->there,
                                       &initiator))) {
             *minor_status = code;
             save_error_info(*minor_status, context);
@@ -142,12 +135,10 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
 
     if (acceptor_name) {
         if ((code = kg_duplicate_name(context,
-                                      ctx->initiate?ctx->there:ctx->here,
-                                      KG_INIT_NAME_INTERN,
+                                      ctx->initiate ? ctx->there : ctx->here,
                                       &acceptor))) {
             if (initiator)
-                kg_release_name(context, KG_INIT_NAME_INTERN,
-                                &initiator);
+                kg_release_name(context, &initiator);
             *minor_status = code;
             save_error_info(*minor_status, context);
             return(GSS_S_FAILURE);
index 4ef94c7afab09f41f04adb3f06b2b30717b124d9..20df617138572dc8e785cdc1194e1e654d7c37a5 100644 (file)
@@ -146,8 +146,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
 
     if (name) {
         if (cred->name) {
-            code = kg_duplicate_name(context, cred->name, KG_INIT_NAME_INTERN,
-                                     &ret_name);
+            code = kg_duplicate_name(context, cred->name, &ret_name);
         } else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH)
                    && cred->keytab != NULL) {
             /* This is a default acceptor cred; use a name from the keytab if
@@ -155,8 +154,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
             code = k5_kt_get_principal(context, cred->keytab, &princ);
             if (code == 0) {
                 code = kg_init_name(context, princ, NULL, NULL, NULL,
-                                    KG_INIT_NAME_NO_COPY | KG_INIT_NAME_INTERN,
-                                    &ret_name);
+                                    KG_INIT_NAME_NO_COPY, &ret_name);
                 if (code)
                     krb5_free_principal(context, princ);
             } else if (code == KRB5_KT_NOTFOUND)
@@ -182,7 +180,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
                                                            &mechs))) {
             k5_mutex_unlock(&cred->lock);
             if (ret_name)
-                kg_release_name(context, KG_INIT_NAME_INTERN, &ret_name);
+                kg_release_name(context, &ret_name);
             /* *minor_status set above */
             goto fail;
         }
index 5354434cce640b1a643af11ba03fe92bf5f49f86..814f9eed525cadc5e5c53291b1cb413a0c31c500 100644 (file)
@@ -345,12 +345,6 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
         return GSS_S_FAILURE;
     }
 
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (! ctx->established) {
index 8c4ec8bbaaae618e25e680af8a944e98598cd13d..5f6eb222198070d092cb9e4e53e757364c070904 100644 (file)
@@ -284,11 +284,6 @@ kg_seal_iov(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        return GSS_S_NO_CONTEXT;
-    }
-
     ctx = (krb5_gss_ctx_id_rec *)context_handle;
     if (!ctx->established) {
         *minor_status = KG_CTX_INCOMPLETE;
@@ -353,11 +348,6 @@ kg_seal_iov_length(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        return GSS_S_NO_CONTEXT;
-    }
-
     ctx = (krb5_gss_ctx_id_rec *)context_handle;
     if (!ctx->established) {
         *minor_status = KG_CTX_INCOMPLETE;
index 6c5ea099711bc3b80e45694ea5a1848eb2da0c18..908f76899ef27805af692a08c759e9df0f4ee1cf 100644 (file)
@@ -485,12 +485,6 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
     int vfyflags = 0;
     OM_uint32 ret;
 
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (! ctx->established) {
index f62cf79103588487e23f540399e30857bad6b621..8b67631d9ae2650896e120ceee8928720641fb55 100644 (file)
@@ -627,11 +627,6 @@ kg_unseal_iov(OM_uint32 *minor_status,
     krb5_gss_ctx_id_rec *ctx;
     OM_uint32 code;
 
-    if (!kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        return GSS_S_NO_CONTEXT;
-    }
-
     ctx = (krb5_gss_ctx_id_rec *)context_handle;
     if (!ctx->established) {
         *minor_status = KG_CTX_INCOMPLETE;
index c670b14fe8286f2a33c5dc8e7d8113723481eb12..dc129e15e7cd6d2c8ae687de19c2bbe2be7c8103 100644 (file)
@@ -97,12 +97,6 @@ gss_krb5int_export_lucid_sec_context(
     if (kret)
         goto error_out;
 
-    /* Success!  Record the context and return the buffer */
-    if (! kg_save_lucidctx_id((void *)lctx)) {
-        kret = G_VALIDATE_FAILED;
-        goto error_out;
-    }
-
     rep.value = &lctx;
     rep.length = sizeof(lctx);
 
@@ -142,17 +136,10 @@ gss_krb5int_free_lucid_sec_context(
         goto error_out;
     }
 
-    /* Verify pointer is valid lucid context */
-    if (! kg_validate_lucidctx_id(kctx)) {
-        kret = G_VALIDATE_FAILED;
-        goto error_out;
-    }
-
     /* Determine version and call correct free routine */
     version = ((gss_krb5_lucid_context_version_t *)kctx)->version;
     switch (version) {
     case 1:
-        (void)kg_delete_lucidctx_id(kctx);
         free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx);
         break;
     default:
index 31bfb723b563b77c4a36293fcf0504e5916699fc..61723423896b43e7b5e85c92362fcc239f12135e 100644 (file)
@@ -86,29 +86,20 @@ kg_init_name(krb5_context context, krb5_principal principal,
         name->ad_context = ad_context;
     }
 
-    if ((flags & KG_INIT_NAME_INTERN) &&
-        !kg_save_name((gss_name_t)name)) {
-        code = G_VALIDATE_FAILED;
-        goto cleanup;
-    }
-
     *ret_name = name;
 
 cleanup:
     if (code != 0)
-        kg_release_name(context, 0, &name);
+        kg_release_name(context, &name);
 
     return code;
 }
 
 krb5_error_code
 kg_release_name(krb5_context context,
-                krb5_flags flags,
                 krb5_gss_name_t *name)
 {
     if (*name != NULL) {
-        if (flags & KG_INIT_NAME_INTERN)
-            kg_delete_name((gss_name_t)*name);
         krb5_free_principal(context, (*name)->princ);
         free((*name)->service);
         free((*name)->host);
@@ -124,7 +115,6 @@ kg_release_name(krb5_context context,
 krb5_error_code
 kg_duplicate_name(krb5_context context,
                   const krb5_gss_name_t src,
-                  krb5_flags flags,
                   krb5_gss_name_t *dst)
 {
     krb5_error_code code;
@@ -134,7 +124,7 @@ kg_duplicate_name(krb5_context context,
         return code;
 
     code = kg_init_name(context, src->princ, src->service, src->host,
-                        src->ad_context, flags, dst);
+                        src->ad_context, 0, dst);
 
     k5_mutex_unlock(&src->lock);
 
@@ -284,12 +274,6 @@ krb5_gss_inquire_name(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
@@ -351,12 +335,6 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
@@ -435,12 +413,6 @@ krb5_gss_set_name_attribute(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
@@ -496,12 +468,6 @@ krb5_gss_delete_name_attribute(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
@@ -554,12 +520,6 @@ krb5_gss_map_name_to_any(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
@@ -617,12 +577,6 @@ krb5_gss_release_any_name_mapping(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
@@ -684,12 +638,6 @@ krb5_gss_export_name_composite(OM_uint32 *minor_status,
         return GSS_S_FAILURE;
     }
 
-    if (!kg_validate_name(name)) {
-        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
-    }
-
     kname = (krb5_gss_name_t)name;
 
     code = k5_mutex_lock(&kname->lock);
index ae7ee9fdeafca80042c6b25b68fddff84e27229b..0aa3e3dfd0a6f4227efe7605f26bd6249701051e 100644 (file)
@@ -53,11 +53,6 @@ krb5_gss_pseudo_random(OM_uint32 *minor_status,
     prf_out->length = 0;
     prf_out->value = NULL;
 
-    if (!kg_validate_ctx_id(context)) {
-        *minor_status = G_VALIDATE_FAILED;
-        return GSS_S_NO_CONTEXT;
-    }
-
     t.length = 0;
     t.data = NULL;
 
index ac41ad6f1d6ae24e62034240abc7add13fd730c0..fd6364cc0161ff1babb0612a6564f3539a9cec89 100644 (file)
@@ -37,12 +37,6 @@ krb5_gss_process_context_token(minor_status, context_handle,
     krb5_gss_ctx_id_rec *ctx;
     OM_uint32 majerr;
 
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_t) context_handle;
 
     if (! ctx->established) {
index 7f9a16fc4be24eeb481dab57c3660f9cf061f379..dc0b832566ba09cc800884bdf89ed12f4b914dd1 100644 (file)
@@ -44,12 +44,6 @@ krb5_gss_release_cred(minor_status, cred_handle)
         return(GSS_S_COMPLETE);
     }
 
-    if (! kg_delete_cred_id(*cred_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
-    }
-
     cred = (krb5_gss_cred_id_t)*cred_handle;
 
     k5_mutex_destroy(&cred->lock);
@@ -75,7 +69,7 @@ krb5_gss_release_cred(minor_status, cred_handle)
     else
         code3 = 0;
     if (cred->name)
-        kg_release_name(context, 0, &cred->name);
+        kg_release_name(context, &cred->name);
 
     if (cred->req_enctypes)
         free(cred->req_enctypes);
index 89758655596356e3862503bd780af27850e9a5e8..5696de3fdbfc7c4c61618c459fcf6c1547b01a8e 100644 (file)
@@ -37,14 +37,7 @@ krb5_gss_release_name(minor_status, input_name)
         return GSS_S_FAILURE;
     }
 
-    if (! kg_validate_name(*input_name)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-    }
-
-    kg_release_name(context, KG_INIT_NAME_INTERN,
-                    (krb5_gss_name_t *)input_name);
+    kg_release_name(context, (krb5_gss_name_t *)input_name);
     krb5_free_context(context);
 
     *input_name = (gss_name_t) NULL;
index ac3fa29092443035d91aae96817ba86200b9c88c..cf9562c99664947aff7e7720fe8f21811f728074 100644 (file)
@@ -258,11 +258,6 @@ kg_compose_deleg_cred(OM_uint32 *minor_status,
         *time_rec = cred->tgt_expire - now;
     }
 
-    if (!kg_save_cred_id((gss_cred_id_t)cred)) {
-        code = G_VALIDATE_FAILED;
-        goto cleanup;
-    }
-
     major_status = GSS_S_COMPLETE;
     *minor_status = 0;
     *output_cred = cred;
@@ -276,7 +271,7 @@ cleanup:
     if (GSS_ERROR(major_status) && cred != NULL) {
         k5_mutex_destroy(&cred->lock);
         krb5_cc_destroy(context, cred->ccache);
-        kg_release_name(context, 0, &cred->name);
+        kg_release_name(context, &cred->name);
         xfree(cred);
     }
 
index ba57511e7d7b8f8dcc12bf7d5806d8c376abf2c6..d2945ea5556a1e2a50b13cb2e9dd230aa09f0b69 100644 (file)
@@ -792,9 +792,9 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
                 if (ctx->subkey)
                     krb5_k_free_key(kcontext, ctx->subkey);
                 if (ctx->there)
-                    kg_release_name(kcontext, 0, &ctx->there);
+                    kg_release_name(kcontext, &ctx->there);
                 if (ctx->here)
-                    kg_release_name(kcontext, 0, &ctx->here);
+                    kg_release_name(kcontext, &ctx->here);
                 xfree(ctx);
             }
         }
index 0e1cacd32cb8d64a3b23cd71623abae006f0daea..e87f249bea2f7de7346eb0555a77aaf3888f4c58 100644 (file)
@@ -36,11 +36,6 @@ krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
     krb5_error_code code;
     krb5_principal princ;
 
-    if (!kg_validate_cred_id(cred_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL);
-    }
-
     cred = (krb5_gss_cred_id_t) cred_handle;
 
     code = k5_mutex_lock(&cred->lock);
index c13e22ca6980fc3f17b4ed637047092b8eff7f4d..31d1427db9cc49941d0e4b291a89de7c813f2218 100644 (file)
@@ -94,12 +94,6 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
         return(GSS_S_FAILURE);
     }
 
-    /* validate the context handle */
-    if (! kg_validate_ctx_id(context_handle)) {
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_NO_CONTEXT);
-    }
-
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
     if (! ctx->established) {
         *minor_status = KG_CTX_INCOMPLETE;