From 889d3ca4c482f730cd194f2d83c41d70bc615a67 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 5 Sep 2011 16:07:48 +0000 Subject: [PATCH] Eliminate the mechglue union cred auxinfo field git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970 --- .../gssapi/mechglue/g_accept_sec_context.c | 46 ------ src/lib/gssapi/mechglue/g_acquire_cred.c | 35 +---- .../gssapi/mechglue/g_acquire_cred_imp_name.c | 35 +---- .../gssapi/mechglue/g_acquire_cred_with_pw.c | 18 +-- src/lib/gssapi/mechglue/g_inq_cred.c | 133 ++++++++---------- src/lib/gssapi/mechglue/g_rel_cred.c | 1 - src/lib/gssapi/mechglue/g_set_cred_option.c | 27 ---- src/lib/gssapi/mechglue/mglueP.h | 12 -- 8 files changed, 65 insertions(+), 242 deletions(-) diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index 9af8752d6..f6afc4517 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -288,53 +288,7 @@ gss_cred_id_t * d_cred; goto error_out; } - d_u_cred->auxinfo.creation_time = time(0); - d_u_cred->auxinfo.time_rec = 0; d_u_cred->loopback = d_u_cred; - - internal_name = GSS_C_NO_NAME; - - if (mech->gss_inquire_cred) { - status = mech->gss_inquire_cred(minor_status, - tmp_d_cred, - &internal_name, - &d_u_cred->auxinfo.time_rec, - &d_u_cred->auxinfo.cred_usage, - NULL); - if (status != GSS_S_COMPLETE) - map_error(minor_status, mech); - } - - if (internal_name != GSS_C_NO_NAME) { - /* consumes internal_name regardless of success */ - temp_status = gssint_convert_name_to_union_name( - &temp_minor_status, mech, - internal_name, &tmp_src_name); - if (temp_status != GSS_S_COMPLETE) { - *minor_status = temp_minor_status; - map_error(minor_status, mech); - if (output_token->length) - (void) gss_release_buffer( - &temp_minor_status, - output_token); - (void) gss_release_oid(&temp_minor_status, - &actual_mech); - free(d_u_cred->cred_array); - free(d_u_cred); - return (temp_status); - } - - if (tmp_src_name != GSS_C_NO_NAME) { - status = gss_display_name( - &temp_minor_status, - tmp_src_name, - &d_u_cred->auxinfo.name, - &d_u_cred->auxinfo.name_type); - (void) gss_release_name(&temp_minor_status, - &tmp_src_name); - } - } - *d_cred = (gss_cred_id_t)d_u_cred; } } diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index 63d390552..faa8e406a 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -369,36 +369,6 @@ gss_add_cred(minor_status, input_cred_handle, goto errout; } - /* may need to set credential auxinfo strucutre */ - if (union_cred->auxinfo.creation_time == 0) { - union_cred->auxinfo.creation_time = time(NULL); - union_cred->auxinfo.time_rec = time_rec; - union_cred->auxinfo.cred_usage = cred_usage; - - /* - * we must set the name; if name is not supplied - * we must do inquire cred to get it - */ - if (internal_name == NULL) { - if (mech->gss_inquire_cred == NULL || - ((status = mech->gss_inquire_cred( - &temp_minor_status, cred, - &allocated_name, NULL, NULL, - NULL)) != GSS_S_COMPLETE)) - goto errout; - internal_name = allocated_name; - } - - if (internal_name != GSS_C_NO_NAME) { - status = mech->gss_display_name(&temp_minor_status, internal_name, - &union_cred->auxinfo.name, - &union_cred->auxinfo.name_type); - - if (status != GSS_S_COMPLETE) - goto errout; - } - } - /* now add the new credential elements */ new_mechs_array = (gss_OID) malloc(sizeof (gss_OID_desc) * (union_cred->count+1)); @@ -489,11 +459,8 @@ errout: &mech->mech_type, &allocated_name); - if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) { - if (union_cred->auxinfo.name.value) - free(union_cred->auxinfo.name.value); + if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) free(union_cred); - } return (status); } diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c b/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c index 972d1c50c..ddaac2504 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c @@ -416,36 +416,6 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status, goto errout; } - /* may need to set credential auxinfo strucutre */ - if (union_cred->auxinfo.creation_time == 0) { - union_cred->auxinfo.creation_time = time(NULL); - union_cred->auxinfo.time_rec = time_rec; - union_cred->auxinfo.cred_usage = cred_usage; - - /* - * we must set the name; if name is not supplied - * we must do inquire cred to get it - */ - if (internal_name == NULL) { - if (mech->gss_inquire_cred == NULL || - ((status = mech->gss_inquire_cred( - &temp_minor_status, cred, - &allocated_name, NULL, NULL, - NULL)) != GSS_S_COMPLETE)) - goto errout; - internal_name = allocated_name; - } - - if (internal_name != GSS_C_NO_NAME) { - status = mech->gss_display_name(&temp_minor_status, internal_name, - &union_cred->auxinfo.name, - &union_cred->auxinfo.name_type); - - if (status != GSS_S_COMPLETE) - goto errout; - } - } - /* now add the new credential elements */ new_mechs_array = (gss_OID) malloc(sizeof (gss_OID_desc) * (union_cred->count+1)); @@ -536,11 +506,8 @@ errout: &mech->mech_type, &allocated_name); - if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) { - if (union_cred->auxinfo.name.value) - free(union_cred->auxinfo.name.value); + if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) free(union_cred); - } return (status); } diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c index 92b30bafe..6ac650b35 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c @@ -416,19 +416,6 @@ gss_add_cred_with_password(minor_status, input_cred_handle, goto errout; } - /* may need to set credential auxinfo strucutre */ - if (union_cred->auxinfo.creation_time == 0) { - union_cred->auxinfo.creation_time = time(NULL); - union_cred->auxinfo.time_rec = time_rec; - union_cred->auxinfo.cred_usage = cred_usage; - - status = mech->gss_display_name(&temp_minor_status, internal_name, - &union_cred->auxinfo.name, - &union_cred->auxinfo.name_type); - if (status != GSS_S_COMPLETE) - goto errout; - } - /* now add the new credential elements */ new_mechs_array = (gss_OID) malloc(sizeof (gss_OID_desc) * (union_cred->count+1)); @@ -519,11 +506,8 @@ errout: &mech->mech_type, &allocated_name); - if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) { - if (union_cred->auxinfo.name.value) - free(union_cred->auxinfo.name.value); + if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) free(union_cred); - } return (status); } diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index bba0ecb14..3c09d6103 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -50,10 +50,13 @@ int * cred_usage; gss_OID_set * mechanisms; { - OM_uint32 status, elapsed_time, temp_minor_status; - gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; + OM_uint32 status, temp_minor_status; gss_union_cred_t union_cred; + gss_mechanism mech; + gss_cred_id_t mech_cred; + gss_name_t mech_name; int i; + gss_OID_set mechs = NULL; /* Initialize outputs. */ @@ -70,54 +73,47 @@ gss_OID_set * mechanisms; if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); - if (cred_handle == GSS_C_NO_CREDENTIAL) { - /* Acquire a default initiator credential to query. */ - status = gss_acquire_cred(minor_status, GSS_C_NO_NAME, - GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, - GSS_C_INITIATE, &defcred, NULL, NULL); - if (status != GSS_S_COMPLETE) - return (status); - - cred_handle = defcred; - } - - /* get the cred_handle cast as a union_credentials structure */ - - union_cred = (gss_union_cred_t) cred_handle; - /* - * get the information out of the union_cred structure that was - * placed there during gss_acquire_cred. + * XXX We should iterate over all mechanisms in the credential and + * aggregate the results. This requires a union name structure containing + * multiple mechanism names, which we don't currently have. For now, + * inquire the first mechanism in the credential; this is consistent with + * our historical behavior. */ - if(cred_usage != NULL) - *cred_usage = union_cred->auxinfo.cred_usage; - - if(lifetime != NULL) { - elapsed_time = time(0) - union_cred->auxinfo.creation_time; - *lifetime = union_cred->auxinfo.time_rec < elapsed_time ? 0 : - union_cred->auxinfo.time_rec - elapsed_time; + /* Determine mechanism and mechanism credential. */ + if (cred_handle != GSS_C_NO_CREDENTIAL) { + union_cred = (gss_union_cred_t) cred_handle; + if (union_cred->count <= 0) + return (GSS_S_DEFECTIVE_CREDENTIAL); + mech_cred = union_cred->cred_array[0]; + mech = gssint_get_mechanism(&union_cred->mechs_array[0]); + } else { + union_cred = NULL; + mech_cred = GSS_C_NO_CREDENTIAL; + mech = gssint_get_mechanism(GSS_C_NULL_OID); } + if (mech == NULL) + return (GSS_S_DEFECTIVE_CREDENTIAL); + if (!mech->gss_inquire_cred) + return (GSS_S_UNAVAILABLE); - /* - * if name is non_null, - * call gss_import_name(), giving it the printable name held within - * union_cred in order to get an internal name to pass back to the - * caller. If this call fails, return failure to our caller. - */ + status = mech->gss_inquire_cred(minor_status, mech_cred, + name ? &mech_name : NULL, + lifetime, cred_usage, NULL); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + return(status); + } - if(name != NULL) { - if (union_cred->auxinfo.name.length == 0) { - *name = GSS_C_NO_NAME; - } else if ((gss_import_name(&temp_minor_status, - &union_cred->auxinfo.name, - union_cred->auxinfo.name_type, - name) != GSS_S_COMPLETE) || - (gss_canonicalize_name(minor_status, *name, - &union_cred->mechs_array[0], - NULL) != GSS_S_COMPLETE)) { - status = GSS_S_DEFECTIVE_CREDENTIAL; - goto error; + if (name) { + /* Convert mech_name into a union_name equivalent. */ + status = gssint_convert_name_to_union_name(&temp_minor_status, + mech, mech_name, name); + if (status != GSS_S_COMPLETE) { + *minor_status = temp_minor_status; + map_error(minor_status, mech); + return (status); } } @@ -128,34 +124,32 @@ gss_OID_set * mechanisms; if(mechanisms != NULL) { status = GSS_S_FAILURE; - *mechanisms = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); - if (*mechanisms == NULL) + mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); + if (mechs == NULL) goto error; - - (*mechanisms)->count = 0; - (*mechanisms)->elements = - (gss_OID) malloc(sizeof(gss_OID_desc) * - union_cred->count); - - if ((*mechanisms)->elements == NULL) { - free(*mechanisms); - *mechanisms = NULL; + mechs->count = 0; + mechs->elements = malloc(sizeof(gss_OID_desc) * + (union_cred ? union_cred->count : 1)); + if (mechs->elements == NULL) goto error; - } - for(i=0; i < union_cred->count; i++) { - (*mechanisms)->elements[i].elements = (void *) - malloc(union_cred->mechs_array[i].length); - if ((*mechanisms)->elements[i].elements == NULL) - goto error; - g_OID_copy(&(*mechanisms)->elements[i], - &union_cred->mechs_array[i]); - (*mechanisms)->count++; + if (union_cred) { + for (i = 0; i < union_cred->count; i++) { + mechs->elements[i].elements = + malloc(union_cred->mechs_array[i].length); + if (mechs->elements[i].elements == NULL) + goto error; + g_OID_copy(&mechs->elements[i], &union_cred->mechs_array[i]); + mechs->count++; + } + } else { + mechs->elements[0].elements = malloc(mech->mech_type.length); + g_OID_copy(&mechs->elements[0], &mech->mech_type); + mechs->count++; } + *mechanisms = mechs; } - if (defcred) - (void) gss_release_cred(&temp_minor_status, &defcred); return(GSS_S_COMPLETE); error: @@ -165,15 +159,12 @@ error: * count always references the currently copied number of * elements. */ - if (mechanisms && *mechanisms != NULL) - (void) gss_release_oid_set(&temp_minor_status, mechanisms); + if (mechs != NULL) + (void) gss_release_oid_set(&temp_minor_status, &mechs); if (name && *name != NULL) (void) gss_release_name(&temp_minor_status, name); - if (defcred) - (void) gss_release_cred(&temp_minor_status, &defcred); - return (status); } diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c index 50426d9dd..ccdee05a5 100644 --- a/src/lib/gssapi/mechglue/g_rel_cred.c +++ b/src/lib/gssapi/mechglue/g_rel_cred.c @@ -91,7 +91,6 @@ gss_cred_id_t * cred_handle; status = GSS_S_DEFECTIVE_CREDENTIAL; } - gss_release_buffer(minor_status, &union_cred->auxinfo.name); free(union_cred->cred_array); free(union_cred->mechs_array); free(union_cred); diff --git a/src/lib/gssapi/mechglue/g_set_cred_option.c b/src/lib/gssapi/mechglue/g_set_cred_option.c index b530b1e05..90e5756e5 100644 --- a/src/lib/gssapi/mechglue/g_set_cred_option.c +++ b/src/lib/gssapi/mechglue/g_set_cred_option.c @@ -41,15 +41,9 @@ alloc_union_cred(OM_uint32 *minor_status, OM_uint32 status; OM_uint32 temp_minor_status; gss_union_cred_t cred = NULL; - gss_name_t mech_name = GSS_C_NO_NAME; *pcred = NULL; - if (mech->gss_inquire_cred == NULL) { - status = GSS_S_BAD_MECH; - goto cleanup; - } - status = GSS_S_FAILURE; cred = calloc(1, sizeof(*cred)); @@ -74,33 +68,12 @@ alloc_union_cred(OM_uint32 *minor_status, if (status != GSS_S_COMPLETE) goto cleanup; - cred->auxinfo.creation_time = (OM_uint32)time(NULL); - - status = mech->gss_inquire_cred(minor_status, - mech_cred, - &mech_name, - &cred->auxinfo.time_rec, - &cred->auxinfo.cred_usage, - NULL); - if (status != GSS_S_COMPLETE) - goto cleanup; - - if (mech_name != GSS_C_NO_NAME) { - status = mech->gss_display_name(minor_status, - mech_name, - &cred->auxinfo.name, - &cred->auxinfo.name_type); - if (status != GSS_S_COMPLETE) - goto cleanup; - } - status = GSS_S_COMPLETE; *pcred = cred; cleanup: if (status != GSS_S_COMPLETE) gss_release_cred(&temp_minor_status, (gss_cred_id_t *)&cred); - mech->gss_release_name(&temp_minor_status, &mech_name); return status; } diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 2a80f1954..b34dd7ce3 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -54,17 +54,6 @@ typedef struct gss_mech_spec_name_t { struct gss_mech_spec_name_t *next, *prev; } gss_mech_spec_name_desc, *gss_mech_spec_name; -/* - * Credential auxiliary info, used in the credential structure - */ -typedef struct gss_union_cred_auxinfo { - gss_buffer_desc name; - gss_OID name_type; - OM_uint32 creation_time; - OM_uint32 time_rec; - int cred_usage; -} gss_union_cred_auxinfo; - /* * Set of Credentials typed on mechanism OID */ @@ -73,7 +62,6 @@ typedef struct gss_cred_id_struct { int count; gss_OID mechs_array; gss_cred_id_t *cred_array; - gss_union_cred_auxinfo auxinfo; } gss_union_cred_desc, *gss_union_cred_t; typedef OM_uint32 (KRB5_CALLCONV *gss_acquire_cred_with_password_sfct)( -- 2.26.2