From b0031448502561da31fb8c2543c8b01d7df9a872 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 13 Apr 2011 15:15:56 +0000 Subject: [PATCH] Remove pointer validation code from the gss krb5 mech git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24877 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/generic/Makefile.in | 11 - src/lib/gssapi/generic/gssapiP_generic.h | 12 - src/lib/gssapi/generic/util_validate.c | 314 ------------------- src/lib/gssapi/generic/utl_nohash_validate.c | 118 ------- src/lib/gssapi/krb5/accept_sec_context.c | 31 +- src/lib/gssapi/krb5/acquire_cred.c | 29 +- src/lib/gssapi/krb5/compare_name.c | 10 - src/lib/gssapi/krb5/context_time.c | 6 - src/lib/gssapi/krb5/delete_sec_context.c | 15 +- src/lib/gssapi/krb5/disp_name.c | 5 - src/lib/gssapi/krb5/duplicate_name.c | 11 +- src/lib/gssapi/krb5/export_name.c | 7 - src/lib/gssapi/krb5/export_sec_context.c | 6 - src/lib/gssapi/krb5/gssapiP_krb5.h | 30 +- src/lib/gssapi/krb5/gssapi_krb5.c | 23 -- src/lib/gssapi/krb5/iakerb.c | 6 - src/lib/gssapi/krb5/import_name.c | 2 +- src/lib/gssapi/krb5/import_sec_context.c | 7 - src/lib/gssapi/krb5/init_sec_context.c | 32 +- src/lib/gssapi/krb5/inq_context.c | 15 +- src/lib/gssapi/krb5/inq_cred.c | 8 +- src/lib/gssapi/krb5/k5seal.c | 6 - src/lib/gssapi/krb5/k5sealiov.c | 10 - src/lib/gssapi/krb5/k5unseal.c | 6 - src/lib/gssapi/krb5/k5unsealiov.c | 5 - src/lib/gssapi/krb5/lucid_context.c | 13 - src/lib/gssapi/krb5/naming_exts.c | 56 +--- src/lib/gssapi/krb5/prf.c | 5 - src/lib/gssapi/krb5/process_context_token.c | 6 - src/lib/gssapi/krb5/rel_cred.c | 8 +- src/lib/gssapi/krb5/rel_name.c | 9 +- src/lib/gssapi/krb5/s4u_gss_glue.c | 7 +- src/lib/gssapi/krb5/ser_sctx.c | 4 +- src/lib/gssapi/krb5/val_cred.c | 5 - src/lib/gssapi/krb5/wrap_size_limit.c | 6 - 35 files changed, 35 insertions(+), 809 deletions(-) delete mode 100644 src/lib/gssapi/generic/util_validate.c delete mode 100644 src/lib/gssapi/generic/utl_nohash_validate.c diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in index 9221d0b9a..a9f6bfd3c 100644 --- a/src/lib/gssapi/generic/Makefile.in +++ b/src/lib/gssapi/generic/Makefile.in @@ -60,14 +60,6 @@ gssapi.h: gssapi.hin ##DOS##gssapi.h: gssapi.hin ##DOS## $(CP) $** $@ -#if HasHashLibrary -# UTIL_VALIDATE_SRC= $(srcdir)/util_validate.c -# UTIL_VALIDATE_OBJ= util_validate.$(OBJEXT) -#else -#UTIL_VALIDATE_SRC= $(srcdir)/utl_nohash_validate.c -#UTIL_VALIDATE_OBJ= utl_nohash_validate.$(OBJEXT) -#endif - SRCS = \ $(srcdir)/disp_com_err_status.c \ $(srcdir)/disp_major_status.c \ @@ -81,7 +73,6 @@ SRCS = \ $(srcdir)/util_ordering.c \ $(srcdir)/util_set.c \ $(srcdir)/util_token.c \ - $(srcdir)/util_validate.c \ gssapi_err_generic.c OBJS = \ @@ -97,7 +88,6 @@ OBJS = \ $(OUTPRE)util_ordering.$(OBJEXT) \ $(OUTPRE)util_set.$(OBJEXT) \ $(OUTPRE)util_token.$(OBJEXT) \ - $(OUTPRE)util_validate.$(OBJEXT) \ $(OUTPRE)gssapi_err_generic.$(OBJEXT) STLIBOBJS = \ @@ -113,7 +103,6 @@ STLIBOBJS = \ util_ordering.o \ util_set.o \ util_token.o \ - util_validate.o \ gssapi_err_generic.o EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h index f3af8a4d1..e084b81bd 100644 --- a/src/lib/gssapi/generic/gssapiP_generic.h +++ b/src/lib/gssapi/generic/gssapiP_generic.h @@ -103,18 +103,6 @@ typedef UINT64_TYPE gssint_uint64; #define g_set_entry_add gssint_g_set_entry_add #define g_set_entry_delete gssint_g_set_entry_delete #define g_set_entry_get gssint_g_set_entry_get -#define g_save_name gssint_g_save_name -#define g_save_cred_id gssint_g_save_cred_id -#define g_save_ctx_id gssint_g_save_ctx_id -#define g_save_lucidctx_id gssint_g_save_lucidctx_id -#define g_validate_name gssint_g_validate_name -#define g_validate_cred_id gssint_g_validate_cred_id -#define g_validate_ctx_id gssint_g_validate_ctx_id -#define g_validate_lucidctx_id gssint_g_validate_lucidctx_id -#define g_delete_name gssint_g_delete_name -#define g_delete_cred_id gssint_g_delete_cred_id -#define g_delete_ctx_id gssint_g_delete_ctx_id -#define g_delete_lucidctx_id gssint_g_delete_lucidctx_id #define g_make_string_buffer gssint_g_make_string_buffer #define g_token_size gssint_g_token_size #define g_make_token_header gssint_g_make_token_header diff --git a/src/lib/gssapi/generic/util_validate.c b/src/lib/gssapi/generic/util_validate.c deleted file mode 100644 index afb47eabf..000000000 --- a/src/lib/gssapi/generic/util_validate.c +++ /dev/null @@ -1,314 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright 1993 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * $Id$ - */ - -/* - * functions to validate name, credential, and context handles - */ - -#include "gssapiP_generic.h" - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include -#include - -#ifdef HAVE_BSD_DB -#include -#include - -static const int one = 1; -static const DBT dbtone = { (void *) &one, sizeof(one) }; - -typedef struct _vkey { - int type; - void *ptr; -} vkey; -#endif - -#define V_NAME 1 -#define V_CRED_ID 2 -#define V_CTX_ID 3 -#define V_LCTX_ID 4 - -/* All these functions return 0 on failure, and non-zero on success */ - -static int g_save(db, type, ptr) - g_set *db; -#ifdef HAVE_BSD_DB - int type; -#else - void *type; -#endif - void *ptr; -{ - int ret; -#ifdef HAVE_BSD_DB - DB **vdb; - vkey vk; - DBT key; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - vdb = (DB **) &db->data; - - if (!*vdb) - *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL); - - vk.type = type; - vk.ptr = ptr; - - key.data = &vk; - key.size = sizeof(vk); - - ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0); - k5_mutex_unlock(&db->mutex); - return ret; -#else - g_set_elt *gs; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - gs = (g_set_elt *) &db->data; - - if (!*gs) - if (g_set_init(gs)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - ret = (g_set_entry_add(gs, ptr, type) == 0); - k5_mutex_unlock(&db->mutex); - return ret; -#endif -} - -static int g_validate(db, type, ptr) - g_set *db; -#ifdef HAVE_BSD_DB - int type; -#else - void *type; -#endif - void *ptr; -{ - int ret; -#ifdef HAVE_BSD_DB - DB **vdb; - vkey vk; - DBT key, value; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - vdb = (DB **) &db->data; - if (!*vdb) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - vk.type = type; - vk.ptr = ptr; - - key.data = &vk; - key.size = sizeof(vk); - - if ((*((*vdb)->get))(*vdb, &key, &value, 0)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - k5_mutex_unlock(&db->mutex); - return((value.size == sizeof(one)) && - (*((int *) value.data) == one)); -#else - g_set_elt *gs; - void *value; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - gs = (g_set_elt *) &db->data; - if (!*gs) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - if (g_set_entry_get(gs, ptr, (void **) &value)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - k5_mutex_unlock(&db->mutex); - return(value == type); -#endif -} - -static int g_delete(db, type, ptr) - g_set *db; -#ifdef HAVE_BSD_DB - int type; -#else - void *type; -#endif - void *ptr; -{ - int ret; -#ifdef HAVE_BSD_DB - DB **vdb; - vkey vk; - DBT key; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - vdb = (DB **) &db->data; - if (!*vdb) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - vk.type = type; - vk.ptr = ptr; - - key.data = &vk; - key.size = sizeof(vk); - - ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0); - k5_mutex_unlock(&db->mutex); - return ret; -#else - g_set_elt *gs; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - gs = (g_set_elt *) &db->data; - if (!*gs) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - if (g_set_entry_delete(gs, ptr)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - k5_mutex_unlock(&db->mutex); - return(1); -#endif -} - -/* functions for each type */ - -/* save */ - -int g_save_name(vdb, name) - g_set *vdb; - gss_name_t name; -{ - return(g_save(vdb, V_NAME, (void *) name)); -} -int g_save_cred_id(vdb, cred) - g_set *vdb; - gss_cred_id_t cred; -{ - return(g_save(vdb, V_CRED_ID, (void *) cred)); -} -int g_save_ctx_id(vdb, ctx) - g_set *vdb; - gss_ctx_id_t ctx; -{ - return(g_save(vdb, V_CTX_ID, (void *) ctx)); -} -int g_save_lucidctx_id(vdb, lctx) - g_set *vdb; - void *lctx; -{ - return(g_save(vdb, V_LCTX_ID, (void *) lctx)); -} - - -/* validate */ - -int g_validate_name(vdb, name) - g_set *vdb; - gss_name_t name; -{ - return(g_validate(vdb, V_NAME, (void *) name)); -} -int g_validate_cred_id(vdb, cred) - g_set *vdb; - gss_cred_id_t cred; -{ - return(g_validate(vdb, V_CRED_ID, (void *) cred)); -} -int g_validate_ctx_id(vdb, ctx) - g_set *vdb; - gss_ctx_id_t ctx; -{ - return(g_validate(vdb, V_CTX_ID, (void *) ctx)); -} -int g_validate_lucidctx_id(vdb, lctx) - g_set *vdb; - void *lctx; -{ - return(g_validate(vdb, V_LCTX_ID, (void *) lctx)); -} - -/* delete */ - -int g_delete_name(vdb, name) - g_set *vdb; - gss_name_t name; -{ - return(g_delete(vdb, V_NAME, (void *) name)); -} -int g_delete_cred_id(vdb, cred) - g_set *vdb; - gss_cred_id_t cred; -{ - return(g_delete(vdb, V_CRED_ID, (void *) cred)); -} -int g_delete_ctx_id(vdb, ctx) - g_set *vdb; - gss_ctx_id_t ctx; -{ - return(g_delete(vdb, V_CTX_ID, (void *) ctx)); -} -int g_delete_lucidctx_id(vdb, lctx) - g_set *vdb; - void *lctx; -{ - return(g_delete(vdb, V_LCTX_ID, (void *) lctx)); -} diff --git a/src/lib/gssapi/generic/utl_nohash_validate.c b/src/lib/gssapi/generic/utl_nohash_validate.c deleted file mode 100644 index 1315532d7..000000000 --- a/src/lib/gssapi/generic/utl_nohash_validate.c +++ /dev/null @@ -1,118 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright 1990,1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* Stub functions for those without the hash library */ - -#include "gssapiP_generic.h" - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_LIMITS_H -#include -#endif - -/* functions for each type */ - -/* save */ - -int g_save_name(vdb, name) - void **vdb; - gss_name_t *name; -{ - return 1; -} -int g_save_cred_id(vdb, cred) - void **vdb; - gss_cred_id_t *cred; -{ - return 1; -} -int g_save_ctx_id(vdb, ctx) - void **vdb; - gss_ctx_id_t *ctx; -{ - return 1; -} -int g_save_lucidctx_id(vdb, lctx) - void **vdb; - void *lctx; -{ - return 1; -} - -/* validate */ - -int g_validate_name(vdb, name) - void **vdb; - gss_name_t *name; -{ - return 1; -} -int g_validate_cred_id(vdb, cred) - void **vdb; - gss_cred_id_t *cred; -{ - return 1; -} -int g_validate_ctx_id(vdb, ctx) - void **vdb; - gss_ctx_id_t *ctx; -{ - return 1; -} -int g_validate_lucidctx_id(vdb, lctx) - void **vdb; - void *lctx; -{ - return 1; -} - -/* delete */ - -int g_delete_name(vdb, name) - void **vdb; - gss_name_t *name; -{ - return 1; -} -int g_delete_cred_id(vdb, cred) - void **vdb; - gss_cred_id_t *cred; -{ - return 1; -} -int g_delete_ctx_id(vdb, ctx) - void **vdb; - gss_ctx_id_t *ctx; -{ - return 1; -} -int g_delete_lucidctx_id(vdb, lctx) - void **vdb; - void *lctx; -{ - return 1; -} diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 4c8d15306..a291b7eba 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -346,8 +346,8 @@ kg_accept_dce(minor_status, context_handle, verifier_cred_handle, ctx->established = 1; if (src_name) { - if ((code = kg_duplicate_name(ctx->k5_context, ctx->there, - KG_INIT_NAME_INTERN, &name))) { + code = kg_duplicate_name(ctx->k5_context, ctx->there, &name); + if (code) { major_status = GSS_S_FAILURE; goto fail; } @@ -905,16 +905,6 @@ kg_accept_krb5(minor_status, context_handle, ctx->big_endian = bigend; ctx->cred_rcache = cred_rcache; - /* Intern the ctx pointer so that delete_sec_context works */ - if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { - xfree(ctx); - ctx = 0; - - code = G_VALIDATE_FAILED; - major_status = GSS_S_FAILURE; - goto fail; - } - /* XXX move this into gss_name_t */ if ( (code = krb5_merge_authdata(context, ticket->enc_part2->authorization_data, @@ -1161,8 +1151,8 @@ kg_accept_krb5(minor_status, context_handle, /* set the return arguments */ if (src_name) { - if ((code = kg_duplicate_name(context, ctx->there, - KG_INIT_NAME_INTERN, &name))) { + code = kg_duplicate_name(context, ctx->there, &name); + if (code) { major_status = GSS_S_FAILURE; goto fail; } @@ -1183,15 +1173,8 @@ kg_accept_krb5(minor_status, context_handle, if (src_name) *src_name = (gss_name_t) name; - if (delegated_cred_handle) { - if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) { - major_status = GSS_S_FAILURE; - code = G_VALIDATE_FAILED; - goto fail; - } - + if (delegated_cred_handle) *delegated_cred_handle = (gss_cred_id_t) deleg_cred; - } /* finally! */ @@ -1228,13 +1211,13 @@ fail: if (deleg_cred->ccache) (void)krb5_cc_close(context, deleg_cred->ccache); if (deleg_cred->name) - kg_release_name(context, 0, &deleg_cred->name); + kg_release_name(context, &deleg_cred->name); xfree(deleg_cred); } if (token.value) xfree(token.value); if (name) { - (void) kg_release_name(context, 0, &name); + (void) kg_release_name(context, &name); } *minor_status = code; diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 93e188ae9..664f07bf6 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -240,7 +240,7 @@ acquire_accept_cred(krb5_context context, } assert(cred->name == NULL); - code = kg_duplicate_name(context, desired_name, 0, &cred->name); + code = kg_duplicate_name(context, desired_name, &cred->name); if (code) { *minor_status = code; return GSS_S_FAILURE; @@ -650,11 +650,6 @@ acquire_cred(OM_uint32 *minor_status, *time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0; } - if (!kg_save_cred_id((gss_cred_id_t)cred)) { - ret = GSS_S_FAILURE; - goto error_out; - } - *minor_status = 0; *output_cred_handle = (gss_cred_id_t) cred; @@ -674,7 +669,7 @@ error_out: krb5_kt_close(context, cred->keytab); #endif /* LEAN_CLIENT */ if (cred->name) - kg_release_name(context, 0, &cred->name); + kg_release_name(context, &cred->name); k5_mutex_destroy(&cred->lock); xfree(cred); } @@ -745,11 +740,6 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, { struct acquire_cred_args args; - if (desired_name && !kg_validate_name(desired_name)) { - *minor_status = G_VALIDATE_FAILED; - return GSS_S_FAILURE; - } - memset(&args, 0, sizeof(args)); args.desired_name = desired_name; args.time_req = time_req; @@ -775,11 +765,6 @@ iakerb_gss_acquire_cred(minor_status, desired_name, time_req, { struct acquire_cred_args args; - if (desired_name && !kg_validate_name(desired_name)) { - *minor_status = G_VALIDATE_FAILED; - return GSS_S_FAILURE; - } - memset(&args, 0, sizeof(args)); args.desired_name = desired_name; args.time_req = time_req; @@ -803,11 +788,6 @@ krb5_gss_acquire_cred_with_password(OM_uint32 *minor_status, { struct acquire_cred_args args; - if (desired_name && !kg_validate_name(desired_name)) { - *minor_status = G_VALIDATE_FAILED; - return GSS_S_FAILURE; - } - memset(&args, 0, sizeof(args)); args.desired_name = desired_name; args.password = password; @@ -832,11 +812,6 @@ iakerb_gss_acquire_cred_with_password(OM_uint32 *minor_status, { struct acquire_cred_args args; - if (desired_name && !kg_validate_name(desired_name)) { - *minor_status = G_VALIDATE_FAILED; - return GSS_S_FAILURE; - } - memset(&args, 0, sizeof(args)); args.desired_name = desired_name; args.password = password; diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c index 14f707601..607192362 100644 --- a/src/lib/gssapi/krb5/compare_name.c +++ b/src/lib/gssapi/krb5/compare_name.c @@ -37,16 +37,6 @@ krb5_gss_compare_name(minor_status, name1, name2, name_equal) krb5_context context; krb5_error_code code; - if (! kg_validate_name(name1)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - - if (! kg_validate_name(name2)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - code = krb5_gss_init_context(&context); if (code) { *minor_status = code; diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c index df8e08854..48d2c8521 100644 --- a/src/lib/gssapi/krb5/context_time.c +++ b/src/lib/gssapi/krb5/context_time.c @@ -38,12 +38,6 @@ krb5_gss_context_time(minor_status, context_handle, time_rec) krb5_timestamp now; krb5_deltat lifetime; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index d6b49a0aa..c9b6840ea 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -47,13 +47,6 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) return(GSS_S_COMPLETE); } - /*SUPPRESS 29*/ - /* validate the context handle */ - if (! kg_validate_ctx_id(*context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_t) *context_handle; context = ctx->k5_context; @@ -72,10 +65,6 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) } } - /* invalidate the context handle */ - - (void)kg_delete_ctx_id(*context_handle); - /* free all the context state */ if (ctx->seqstate) @@ -88,9 +77,9 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) krb5_k_free_key(context, ctx->seq); if (ctx->here) - kg_release_name(context, 0, &ctx->here); + kg_release_name(context, &ctx->here); if (ctx->there) - kg_release_name(context, 0, &ctx->there); + kg_release_name(context, &ctx->there); if (ctx->subkey) krb5_k_free_key(context, ctx->subkey); if (ctx->acceptor_subkey) diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c index 79b14f1a9..a19f50246 100644 --- a/src/lib/gssapi/krb5/disp_name.c +++ b/src/lib/gssapi/krb5/disp_name.c @@ -46,11 +46,6 @@ krb5_gss_display_name(minor_status, input_name, output_name_buffer, output_name_buffer->length = 0; output_name_buffer->value = NULL; - if (! kg_validate_name(input_name)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) { if (krb5_principal_compare(context, k5name->princ, krb5_anonymous_principal())) diff --git a/src/lib/gssapi/krb5/duplicate_name.c b/src/lib/gssapi/krb5/duplicate_name.c index 256fb5e75..488f14821 100644 --- a/src/lib/gssapi/krb5/duplicate_name.c +++ b/src/lib/gssapi/krb5/duplicate_name.c @@ -44,15 +44,9 @@ OM_uint32 krb5_gss_duplicate_name(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (! kg_validate_name(input_name)) { - if (minor_status) - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - princ = (krb5_gss_name_t)input_name; - if ((code = kg_duplicate_name(context, princ, KG_INIT_NAME_INTERN, &outprinc))) { + code = kg_duplicate_name(context, princ, &outprinc); + if (code) { *minor_status = code; save_error_info(*minor_status, context); krb5_free_context(context); @@ -60,7 +54,6 @@ OM_uint32 krb5_gss_duplicate_name(OM_uint32 *minor_status, } krb5_free_context(context); *dest_name = (gss_name_t) outprinc; - assert(kg_validate_name(*dest_name)); return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/export_name.c b/src/lib/gssapi/krb5/export_name.c index c4a1a1241..424d9266c 100644 --- a/src/lib/gssapi/krb5/export_name.c +++ b/src/lib/gssapi/krb5/export_name.c @@ -49,13 +49,6 @@ OM_uint32 krb5_gss_export_name(OM_uint32 *minor_status, exported_name->length = 0; exported_name->value = NULL; - if (! kg_validate_name(input_name)) { - if (minor_status) - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - if ((code = krb5_unparse_name(context, ((krb5_gss_name_t) input_name)->princ, &str))) { if (minor_status) diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index ac12d82b9..2036352e8 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -44,12 +44,6 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) retval = GSS_S_FAILURE; *minor_status = 0; - if (!kg_validate_ctx_id(*context_handle)) { - kret = (OM_uint32) G_VALIDATE_FAILED; - retval = GSS_S_NO_CONTEXT; - goto error_out; - } - ctx = (krb5_gss_ctx_id_t) *context_handle; context = ctx->k5_context; kret = krb5_gss_ser_init(context); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 6649331e7..2cb4e9098 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -245,25 +245,6 @@ extern g_set kg_vdb; extern k5_mutex_t gssint_krb5_keytab_lock; #endif /* LEAN_CLIENT */ -/* helper macros */ - -#define kg_save_name(name) g_save_name(&kg_vdb,name) -#define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) -#define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) -#define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx) - -#define kg_validate_name(name) g_validate_name(&kg_vdb,name) -#define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) -#define kg_validate_ctx_id(ctx) (g_validate_ctx_id(&kg_vdb,ctx) && \ - ((krb5_gss_ctx_id_t)ctx)->magic == \ - KG_CONTEXT) -#define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx) - -#define kg_delete_name(name) g_delete_name(&kg_vdb,name) -#define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) -#define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) -#define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx) - /** helper functions **/ OM_uint32 kg_get_defcred @@ -891,8 +872,7 @@ OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc); /* naming_exts.c */ -#define KG_INIT_NAME_INTERN 0x1 -#define KG_INIT_NAME_NO_COPY 0x2 +#define KG_INIT_NAME_NO_COPY 0x1 krb5_error_code kg_init_name(krb5_context context, krb5_principal principal, @@ -900,14 +880,10 @@ kg_init_name(krb5_context context, krb5_principal principal, krb5_flags flags, krb5_gss_name_t *name); krb5_error_code -kg_release_name(krb5_context context, - krb5_flags flags, - krb5_gss_name_t *name); +kg_release_name(krb5_context context, krb5_gss_name_t *name); krb5_error_code -kg_duplicate_name(krb5_context context, - const krb5_gss_name_t src, - krb5_flags flags, +kg_duplicate_name(krb5_context context, const krb5_gss_name_t src, krb5_gss_name_t *dst); krb5_boolean diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index bc02a0716..a89235396 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -367,9 +367,6 @@ krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, *data_set = GSS_C_NO_BUFFER_SET; - if (!kg_validate_ctx_id(context_handle)) - return GSS_S_NO_CONTEXT; - ctx = (krb5_gss_ctx_id_rec *) context_handle; if (!ctx->established) @@ -486,15 +483,6 @@ krb5_gss_set_sec_context_option (OM_uint32 *minor_status, if (desired_object == GSS_C_NO_OID) return GSS_S_CALL_INACCESSIBLE_READ; - if (*context_handle != GSS_C_NO_CONTEXT) { - krb5_gss_ctx_id_rec *ctx; - - if (!kg_validate_ctx_id(*context_handle)) - return GSS_S_NO_CONTEXT; - - ctx = (krb5_gss_ctx_id_rec *) context_handle; - } - #if 0 for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/ sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) { @@ -768,12 +756,6 @@ krb5_gss_pname_to_uid(OM_uint32 *minor, return GSS_S_FAILURE; } - if (!kg_validate_name(pname)) { - *minor = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)pname; code = krb5_aname_to_localname(context, kname->princ, @@ -813,11 +795,6 @@ krb5_gss_authorize_localname(OM_uint32 *minor, return GSS_S_BAD_NAMETYPE; } - if (!kg_validate_name(pname)) { - *minor = (OM_uint32)G_VALIDATE_FAILED; - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)pname; code = krb5_gss_init_context(&context); diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index b58d384da..deef9cb42 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -912,12 +912,6 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status, } else ctx = (iakerb_ctx_id_t)*context_handle; - if (!kg_validate_name(target_name)) { - *minor_status = G_VALIDATE_FAILED; - major_status = GSS_S_CALL_BAD_STRUCTURE | GSS_S_BAD_NAME; - goto cleanup; - } - kname = (krb5_gss_name_t)target_name; if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) { diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index 2ba178a04..af6182218 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -306,7 +306,7 @@ krb5_gss_import_name(minor_status, input_name_buffer, /* Create a name and save it in the validation database. */ code = kg_init_name(context, princ, service, host, ad_context, - KG_INIT_NAME_INTERN | KG_INIT_NAME_NO_COPY, &name); + KG_INIT_NAME_NO_COPY, &name); if (code) goto cleanup; princ = NULL; diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index daf3577be..144f5689a 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -109,13 +109,6 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) } krb5_free_context(context); - /* intern the context handle */ - if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { - (void)krb5_gss_delete_sec_context(minor_status, - (gss_ctx_id_t *) &ctx, NULL); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); - } ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used); *context_handle = (gss_ctx_id_t) ctx; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index b04330adf..bc945b131 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -609,10 +609,11 @@ kg_new_connection( ctx->krb_times.endtime = now + time_req; } - if ((code = kg_duplicate_name(context, cred->name, 0, &ctx->here))) + if ((code = kg_duplicate_name(context, cred->name, &ctx->here))) goto cleanup; - if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name, 0, &ctx->there))) + if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name, + &ctx->there))) goto cleanup; code = get_credentials(context, cred, ctx->there, now, @@ -690,12 +691,6 @@ kg_new_connection( if (actual_mech_type) *actual_mech_type = mech_type; - /* At this point, the context is constructed and valid; intern it. */ - if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { - code = G_VALIDATE_FAILED; - goto cleanup; - } - /* return successfully */ *context_handle = (gss_ctx_id_t) ctx; @@ -719,9 +714,9 @@ cleanup: if (ctx_free->auth_context) krb5_auth_con_free(context, ctx_free->auth_context); if (ctx_free->here) - kg_release_name(context, 0, &ctx_free->here); + kg_release_name(context, &ctx_free->here); if (ctx_free->there) - kg_release_name(context, 0, &ctx_free->there); + kg_release_name(context, &ctx_free->there); if (ctx_free->subkey) krb5_k_free_key(context, ctx_free->subkey); xfree(ctx_free); @@ -769,13 +764,6 @@ mutual_auth( if (code) goto fail; - /* validate the context handle */ - /*SUPPRESS 29*/ - if (! kg_validate_ctx_id(*context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_t) *context_handle; /* make sure the context is non-established, and that certain @@ -970,16 +958,6 @@ krb5_gss_init_sec_context_ext( if (actual_mech_type) *actual_mech_type = NULL; - /* verify that the target_name is valid and usable */ - - if (! kg_validate_name(target_name)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - save_error_info(*minor_status, context); - if (*context_handle == GSS_C_NO_CONTEXT) - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - /* verify the credential, or use the default */ /*SUPPRESS 29*/ if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c index 0c926401a..94d1c2745 100644 --- a/src/lib/gssapi/krb5/inq_context.c +++ b/src/lib/gssapi/krb5/inq_context.c @@ -103,12 +103,6 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, if (acceptor_name) *acceptor_name = (gss_name_t) NULL; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { @@ -131,8 +125,7 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, if (initiator_name) { if ((code = kg_duplicate_name(context, - ctx->initiate?ctx->here:ctx->there, - KG_INIT_NAME_INTERN, + ctx->initiate ? ctx->here : ctx->there, &initiator))) { *minor_status = code; save_error_info(*minor_status, context); @@ -142,12 +135,10 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, if (acceptor_name) { if ((code = kg_duplicate_name(context, - ctx->initiate?ctx->there:ctx->here, - KG_INIT_NAME_INTERN, + ctx->initiate ? ctx->there : ctx->here, &acceptor))) { if (initiator) - kg_release_name(context, KG_INIT_NAME_INTERN, - &initiator); + kg_release_name(context, &initiator); *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index 4ef94c7af..20df61713 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -146,8 +146,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, if (name) { if (cred->name) { - code = kg_duplicate_name(context, cred->name, KG_INIT_NAME_INTERN, - &ret_name); + code = kg_duplicate_name(context, cred->name, &ret_name); } else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH) && cred->keytab != NULL) { /* This is a default acceptor cred; use a name from the keytab if @@ -155,8 +154,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, code = k5_kt_get_principal(context, cred->keytab, &princ); if (code == 0) { code = kg_init_name(context, princ, NULL, NULL, NULL, - KG_INIT_NAME_NO_COPY | KG_INIT_NAME_INTERN, - &ret_name); + KG_INIT_NAME_NO_COPY, &ret_name); if (code) krb5_free_principal(context, princ); } else if (code == KRB5_KT_NOTFOUND) @@ -182,7 +180,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, &mechs))) { k5_mutex_unlock(&cred->lock); if (ret_name) - kg_release_name(context, KG_INIT_NAME_INTERN, &ret_name); + kg_release_name(context, &ret_name); /* *minor_status set above */ goto fail; } diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index 5354434cc..814f9eed5 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -345,12 +345,6 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, return GSS_S_FAILURE; } - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c index 8c4ec8bba..5f6eb2221 100644 --- a/src/lib/gssapi/krb5/k5sealiov.c +++ b/src/lib/gssapi/krb5/k5sealiov.c @@ -284,11 +284,6 @@ kg_seal_iov(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - return GSS_S_NO_CONTEXT; - } - ctx = (krb5_gss_ctx_id_rec *)context_handle; if (!ctx->established) { *minor_status = KG_CTX_INCOMPLETE; @@ -353,11 +348,6 @@ kg_seal_iov_length(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - return GSS_S_NO_CONTEXT; - } - ctx = (krb5_gss_ctx_id_rec *)context_handle; if (!ctx->established) { *minor_status = KG_CTX_INCOMPLETE; diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 6c5ea0997..908f76899 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -485,12 +485,6 @@ kg_unseal(minor_status, context_handle, input_token_buffer, int vfyflags = 0; OM_uint32 ret; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index f62cf7910..8b67631d9 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -627,11 +627,6 @@ kg_unseal_iov(OM_uint32 *minor_status, krb5_gss_ctx_id_rec *ctx; OM_uint32 code; - if (!kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - return GSS_S_NO_CONTEXT; - } - ctx = (krb5_gss_ctx_id_rec *)context_handle; if (!ctx->established) { *minor_status = KG_CTX_INCOMPLETE; diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c index c670b14fe..dc129e15e 100644 --- a/src/lib/gssapi/krb5/lucid_context.c +++ b/src/lib/gssapi/krb5/lucid_context.c @@ -97,12 +97,6 @@ gss_krb5int_export_lucid_sec_context( if (kret) goto error_out; - /* Success! Record the context and return the buffer */ - if (! kg_save_lucidctx_id((void *)lctx)) { - kret = G_VALIDATE_FAILED; - goto error_out; - } - rep.value = &lctx; rep.length = sizeof(lctx); @@ -142,17 +136,10 @@ gss_krb5int_free_lucid_sec_context( goto error_out; } - /* Verify pointer is valid lucid context */ - if (! kg_validate_lucidctx_id(kctx)) { - kret = G_VALIDATE_FAILED; - goto error_out; - } - /* Determine version and call correct free routine */ version = ((gss_krb5_lucid_context_version_t *)kctx)->version; switch (version) { case 1: - (void)kg_delete_lucidctx_id(kctx); free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx); break; default: diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c index 31bfb723b..617234238 100644 --- a/src/lib/gssapi/krb5/naming_exts.c +++ b/src/lib/gssapi/krb5/naming_exts.c @@ -86,29 +86,20 @@ kg_init_name(krb5_context context, krb5_principal principal, name->ad_context = ad_context; } - if ((flags & KG_INIT_NAME_INTERN) && - !kg_save_name((gss_name_t)name)) { - code = G_VALIDATE_FAILED; - goto cleanup; - } - *ret_name = name; cleanup: if (code != 0) - kg_release_name(context, 0, &name); + kg_release_name(context, &name); return code; } krb5_error_code kg_release_name(krb5_context context, - krb5_flags flags, krb5_gss_name_t *name) { if (*name != NULL) { - if (flags & KG_INIT_NAME_INTERN) - kg_delete_name((gss_name_t)*name); krb5_free_principal(context, (*name)->princ); free((*name)->service); free((*name)->host); @@ -124,7 +115,6 @@ kg_release_name(krb5_context context, krb5_error_code kg_duplicate_name(krb5_context context, const krb5_gss_name_t src, - krb5_flags flags, krb5_gss_name_t *dst) { krb5_error_code code; @@ -134,7 +124,7 @@ kg_duplicate_name(krb5_context context, return code; code = kg_init_name(context, src->princ, src->service, src->host, - src->ad_context, flags, dst); + src->ad_context, 0, dst); k5_mutex_unlock(&src->lock); @@ -284,12 +274,6 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); @@ -351,12 +335,6 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); @@ -435,12 +413,6 @@ krb5_gss_set_name_attribute(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); @@ -496,12 +468,6 @@ krb5_gss_delete_name_attribute(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); @@ -554,12 +520,6 @@ krb5_gss_map_name_to_any(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); @@ -617,12 +577,6 @@ krb5_gss_release_any_name_mapping(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); @@ -684,12 +638,6 @@ krb5_gss_export_name_composite(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (!kg_validate_name(name)) { - *minor_status = (OM_uint32)G_VALIDATE_FAILED; - krb5_free_context(context); - return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; - } - kname = (krb5_gss_name_t)name; code = k5_mutex_lock(&kname->lock); diff --git a/src/lib/gssapi/krb5/prf.c b/src/lib/gssapi/krb5/prf.c index ae7ee9fde..0aa3e3dfd 100644 --- a/src/lib/gssapi/krb5/prf.c +++ b/src/lib/gssapi/krb5/prf.c @@ -53,11 +53,6 @@ krb5_gss_pseudo_random(OM_uint32 *minor_status, prf_out->length = 0; prf_out->value = NULL; - if (!kg_validate_ctx_id(context)) { - *minor_status = G_VALIDATE_FAILED; - return GSS_S_NO_CONTEXT; - } - t.length = 0; t.data = NULL; diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c index ac41ad6f1..fd6364cc0 100644 --- a/src/lib/gssapi/krb5/process_context_token.c +++ b/src/lib/gssapi/krb5/process_context_token.c @@ -37,12 +37,6 @@ krb5_gss_process_context_token(minor_status, context_handle, krb5_gss_ctx_id_rec *ctx; OM_uint32 majerr; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_t) context_handle; if (! ctx->established) { diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index 7f9a16fc4..dc0b83256 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -44,12 +44,6 @@ krb5_gss_release_cred(minor_status, cred_handle) return(GSS_S_COMPLETE); } - if (! kg_delete_cred_id(*cred_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED); - } - cred = (krb5_gss_cred_id_t)*cred_handle; k5_mutex_destroy(&cred->lock); @@ -75,7 +69,7 @@ krb5_gss_release_cred(minor_status, cred_handle) else code3 = 0; if (cred->name) - kg_release_name(context, 0, &cred->name); + kg_release_name(context, &cred->name); if (cred->req_enctypes) free(cred->req_enctypes); diff --git a/src/lib/gssapi/krb5/rel_name.c b/src/lib/gssapi/krb5/rel_name.c index 897586555..5696de3fd 100644 --- a/src/lib/gssapi/krb5/rel_name.c +++ b/src/lib/gssapi/krb5/rel_name.c @@ -37,14 +37,7 @@ krb5_gss_release_name(minor_status, input_name) return GSS_S_FAILURE; } - if (! kg_validate_name(*input_name)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - - kg_release_name(context, KG_INIT_NAME_INTERN, - (krb5_gss_name_t *)input_name); + kg_release_name(context, (krb5_gss_name_t *)input_name); krb5_free_context(context); *input_name = (gss_name_t) NULL; diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c index ac3fa2909..cf9562c99 100644 --- a/src/lib/gssapi/krb5/s4u_gss_glue.c +++ b/src/lib/gssapi/krb5/s4u_gss_glue.c @@ -258,11 +258,6 @@ kg_compose_deleg_cred(OM_uint32 *minor_status, *time_rec = cred->tgt_expire - now; } - if (!kg_save_cred_id((gss_cred_id_t)cred)) { - code = G_VALIDATE_FAILED; - goto cleanup; - } - major_status = GSS_S_COMPLETE; *minor_status = 0; *output_cred = cred; @@ -276,7 +271,7 @@ cleanup: if (GSS_ERROR(major_status) && cred != NULL) { k5_mutex_destroy(&cred->lock); krb5_cc_destroy(context, cred->ccache); - kg_release_name(context, 0, &cred->name); + kg_release_name(context, &cred->name); xfree(cred); } diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index ba57511e7..d2945ea55 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -792,9 +792,9 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) if (ctx->subkey) krb5_k_free_key(kcontext, ctx->subkey); if (ctx->there) - kg_release_name(kcontext, 0, &ctx->there); + kg_release_name(kcontext, &ctx->there); if (ctx->here) - kg_release_name(kcontext, 0, &ctx->here); + kg_release_name(kcontext, &ctx->here); xfree(ctx); } } diff --git a/src/lib/gssapi/krb5/val_cred.c b/src/lib/gssapi/krb5/val_cred.c index 0e1cacd32..e87f249be 100644 --- a/src/lib/gssapi/krb5/val_cred.c +++ b/src/lib/gssapi/krb5/val_cred.c @@ -36,11 +36,6 @@ krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle, krb5_error_code code; krb5_principal princ; - if (!kg_validate_cred_id(cred_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL); - } - cred = (krb5_gss_cred_id_t) cred_handle; code = k5_mutex_lock(&cred->lock); diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c index c13e22ca6..31d1427db 100644 --- a/src/lib/gssapi/krb5/wrap_size_limit.c +++ b/src/lib/gssapi/krb5/wrap_size_limit.c @@ -94,12 +94,6 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, return(GSS_S_FAILURE); } - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { *minor_status = KG_CTX_INCOMPLETE; -- 2.26.2