diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index b74617dab..47eb7d204 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -400,15 +400,18 @@ _gsskrb5_accept_sec_context goto failure; if (src_name != NULL) { + krb5_principal name; + kret = krb5_copy_principal (_gsskrb5_context, ticket->client, - src_name); + &name); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; _gsskrb5_set_error_string (); goto failure; } + *src_name = (gss_name_t)name; } { diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index 316a7306c..2459e778b 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -319,12 +319,14 @@ OM_uint32 _gsskrb5_acquire_cred HEIMDAL_MUTEX_init(&handle->cred_id_mutex); if (desired_name != GSS_C_NO_NAME) { - ret = _gsskrb5_duplicate_name(minor_status, desired_name, - &handle->principal); - if (ret != GSS_S_COMPLETE) { + krb5_principal name = (krb5_principal)desired_name; + ret = krb5_copy_principal(_gsskrb5_context, name, &handle->principal); + if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + _gsskrb5_set_error_string(); + *minor_status = ret; free(handle); - return (ret); + return GSS_S_FAILURE; } } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { diff --git a/lib/gssapi/krb5/add_cred.c b/lib/gssapi/krb5/add_cred.c index f35b29003..8af1e31aa 100644 --- a/lib/gssapi/krb5/add_cred.c +++ b/lib/gssapi/krb5/add_cred.c @@ -50,9 +50,11 @@ OM_uint32 _gsskrb5_add_cred ( { OM_uint32 ret, lifetime; gsskrb5_cred cred, handle; + krb5_const_principal dname; handle = NULL; cred = (gsskrb5_cred)input_cred_handle; + dname = (krb5_const_principal)desired_name; if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) { *minor_status = 0; @@ -80,8 +82,8 @@ OM_uint32 _gsskrb5_add_cred ( } /* check that we have the same name */ - if (desired_name != GSS_C_NO_NAME && - krb5_principal_compare(_gsskrb5_context, desired_name, + if (dname != NULL && + krb5_principal_compare(_gsskrb5_context, dname, cred->principal) != FALSE) { if (output_cred_handle) HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); @@ -91,6 +93,7 @@ OM_uint32 _gsskrb5_add_cred ( /* make a copy */ if (output_cred_handle) { + krb5_error_code kret; handle = calloc(1, sizeof(*handle)); if (handle == NULL) { @@ -109,17 +112,16 @@ OM_uint32 _gsskrb5_add_cred ( ret = GSS_S_FAILURE; - ret = _gsskrb5_duplicate_name(minor_status, cred->principal, - &handle->principal); - if (ret) { + kret = krb5_copy_principal(_gsskrb5_context, cred->principal, + &handle->principal); + if (kret) { HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); free(handle); - *minor_status = ENOMEM; + *minor_status = kret; return GSS_S_FAILURE; } if (cred->keytab) { - krb5_error_code kret; char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; int len; @@ -151,7 +153,6 @@ OM_uint32 _gsskrb5_add_cred ( } if (cred->ccache) { - krb5_error_code kret; const char *type, *name; char *type_name; @@ -233,7 +234,7 @@ OM_uint32 _gsskrb5_add_cred ( if (handle) { if (handle->principal) - _gsskrb5_release_name(NULL, &handle->principal); + krb5_free_principal(_gsskrb5_context, handle->principal); if (handle->keytab) krb5_kt_close(_gsskrb5_context, handle->keytab); if (handle->ccache) diff --git a/lib/gssapi/krb5/compare_name.c b/lib/gssapi/krb5/compare_name.c index ac73f733a..13f87abe5 100644 --- a/lib/gssapi/krb5/compare_name.c +++ b/lib/gssapi/krb5/compare_name.c @@ -42,10 +42,13 @@ OM_uint32 _gsskrb5_compare_name int * name_equal ) { + krb5_const_principal princ1 = (krb5_const_principal)name1; + krb5_const_principal princ2 = (krb5_const_principal)name2; + GSSAPI_KRB5_INIT(); *name_equal = krb5_principal_compare (_gsskrb5_context, - name1, name2); + princ1, princ2); *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/lib/gssapi/krb5/compat.c b/lib/gssapi/krb5/compat.c index bc65286a3..f39a4a9d3 100644 --- a/lib/gssapi/krb5/compat.c +++ b/lib/gssapi/krb5/compat.c @@ -37,7 +37,7 @@ RCSID("$Id$"); static krb5_error_code -check_compat(OM_uint32 *minor_status, gss_name_t name, +check_compat(OM_uint32 *minor_status, krb5_const_principal name, const char *option, krb5_boolean *compat, krb5_boolean match_val) { diff --git a/lib/gssapi/krb5/display_name.c b/lib/gssapi/krb5/display_name.c index 1c6f918a8..7fb248673 100644 --- a/lib/gssapi/krb5/display_name.c +++ b/lib/gssapi/krb5/display_name.c @@ -42,14 +42,13 @@ OM_uint32 _gsskrb5_display_name gss_OID * output_name_type ) { + krb5_const_principal name = (krb5_const_principal)input_name; krb5_error_code kret; char *buf; size_t len; GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (_gsskrb5_context, - input_name, - &buf); + kret = krb5_unparse_name (_gsskrb5_context, name, &buf); if (kret) { *minor_status = kret; _gsskrb5_set_error_string (); diff --git a/lib/gssapi/krb5/duplicate_name.c b/lib/gssapi/krb5/duplicate_name.c index fd1c47f31..bedf17262 100644 --- a/lib/gssapi/krb5/duplicate_name.c +++ b/lib/gssapi/krb5/duplicate_name.c @@ -41,13 +41,13 @@ OM_uint32 _gsskrb5_duplicate_name ( gss_name_t * dest_name ) { + krb5_const_principal src = (krb5_const_principal)src_name; + krb5_principal *dest = (krb5_principal *)dest_name; krb5_error_code kret; GSSAPI_KRB5_INIT (); - kret = krb5_copy_principal (_gsskrb5_context, - src_name, - dest_name); + kret = krb5_copy_principal (_gsskrb5_context, src, dest); if (kret) { *minor_status = kret; _gsskrb5_set_error_string (); diff --git a/lib/gssapi/krb5/export_name.c b/lib/gssapi/krb5/export_name.c index 3e6b3e33a..3469edc95 100644 --- a/lib/gssapi/krb5/export_name.c +++ b/lib/gssapi/krb5/export_name.c @@ -41,14 +41,13 @@ OM_uint32 _gsskrb5_export_name gss_buffer_t exported_name ) { + krb5_const_principal princ = (krb5_const_principal)input_name; krb5_error_code kret; char *buf, *name; size_t len; GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (_gsskrb5_context, - input_name, - &name); + kret = krb5_unparse_name (_gsskrb5_context, princ, &name); if (kret) { *minor_status = kret; _gsskrb5_set_error_string (); diff --git a/lib/gssapi/krb5/export_sec_context.c b/lib/gssapi/krb5/export_sec_context.c index 2e3d1ca67..781b811e7 100644 --- a/lib/gssapi/krb5/export_sec_context.c +++ b/lib/gssapi/krb5/export_sec_context.c @@ -167,7 +167,7 @@ _gsskrb5_export_sec_context ( /* names */ ret = _gsskrb5_export_name (minor_status, - ctx->source, &buffer); + (gss_name_t)ctx->source, &buffer); if (ret) goto failure; data.data = buffer.value; @@ -180,7 +180,7 @@ _gsskrb5_export_sec_context ( } ret = _gsskrb5_export_name (minor_status, - ctx->target, &buffer); + (gss_name_t)ctx->target, &buffer); if (ret) goto failure; data.data = buffer.value; diff --git a/lib/gssapi/krb5/gsskrb5_locl.h b/lib/gssapi/krb5/gsskrb5_locl.h index 7b14f6487..40a8238b5 100644 --- a/lib/gssapi/krb5/gsskrb5_locl.h +++ b/lib/gssapi/krb5/gsskrb5_locl.h @@ -57,7 +57,7 @@ struct gss_msg_order; typedef struct { struct krb5_auth_context_data *auth_context; - gss_name_t source, target; + krb5_principal source, target; OM_uint32 flags; enum { LOCAL = 1, OPEN = 2, COMPAT_OLD_DES3 = 4, @@ -71,7 +71,7 @@ typedef struct { } *gsskrb5_ctx; typedef struct { - gss_name_t principal; + krb5_principal principal; int cred_flags; #define GSS_CF_DESTROY_CRED_ON_RELEASE 1 struct krb5_keytab_data *keytab; @@ -82,6 +82,8 @@ typedef struct { HEIMDAL_MUTEX cred_id_mutex; } *gsskrb5_cred; +typedef struct Principal *gsskrb5_name; + /* * */ diff --git a/lib/gssapi/krb5/import_name.c b/lib/gssapi/krb5/import_name.c index 4b974d5ca..65412f42c 100644 --- a/lib/gssapi/krb5/import_name.c +++ b/lib/gssapi/krb5/import_name.c @@ -40,21 +40,22 @@ parse_krb5_name (OM_uint32 *minor_status, const char *name, gss_name_t *output_name) { + krb5_principal princ; krb5_error_code kerr; - kerr = krb5_parse_name (_gsskrb5_context, name, output_name); + kerr = krb5_parse_name (_gsskrb5_context, name, &princ); - if (kerr == 0) + if (kerr == 0) { + *output_name = (gss_name_t)princ; return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - _gsskrb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - _gsskrb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; } + _gsskrb5_set_error_string (); + *minor_status = kerr; + + if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) + return GSS_S_BAD_NAME; + + return GSS_S_FAILURE; } static OM_uint32 @@ -91,8 +92,7 @@ import_hostbased_name (OM_uint32 *minor_status, char *p; char *host; char local_hostname[MAXHOSTNAMELEN]; - - *output_name = NULL; + krb5_principal princ = NULL; tmp = malloc (input_name_buffer->length + 1); if (tmp == NULL) { @@ -121,20 +121,20 @@ import_hostbased_name (OM_uint32 *minor_status, host, tmp, KRB5_NT_SRV_HST, - output_name); + &princ); free (tmp); *minor_status = kerr; - if (kerr == 0) + if (kerr == 0) { + *output_name = (gss_name_t)princ; return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - _gsskrb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - _gsskrb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; } + _gsskrb5_set_error_string (); + *minor_status = kerr; + + if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) + return GSS_S_BAD_NAME; + + return GSS_S_FAILURE; } static OM_uint32 diff --git a/lib/gssapi/krb5/import_sec_context.c b/lib/gssapi/krb5/import_sec_context.c index 43b221f59..da4c03f00 100644 --- a/lib/gssapi/krb5/import_sec_context.c +++ b/lib/gssapi/krb5/import_sec_context.c @@ -53,8 +53,8 @@ _gsskrb5_import_sec_context ( krb5_keyblock keyblock; int32_t tmp; int32_t flags; - OM_uint32 minor; gsskrb5_ctx ctx; + gss_name_t name; GSSAPI_KRB5_INIT (); @@ -158,15 +158,16 @@ _gsskrb5_import_sec_context ( buffer.length = data.length; ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, - &ctx->source); + &name); if (ret) { ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID, - &ctx->source); + &name); if (ret) { krb5_data_free (&data); goto failure; } } + ctx->source = (krb5_principal)name; krb5_data_free (&data); if (krb5_ret_data (sp, &data) != 0) @@ -175,15 +176,16 @@ _gsskrb5_import_sec_context ( buffer.length = data.length; ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, - &ctx->target); + &name); if (ret) { ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID, - &ctx->target); + &name); if (ret) { krb5_data_free (&data); goto failure; } } + ctx->target = (krb5_principal)name; krb5_data_free (&data); if (krb5_ret_int32 (sp, &tmp)) @@ -210,9 +212,9 @@ failure: krb5_auth_con_free (_gsskrb5_context, ctx->auth_context); if (ctx->source != NULL) - _gsskrb5_release_name(&minor, &ctx->source); + krb5_free_principal(_gsskrb5_context, ctx->source); if (ctx->target != NULL) - _gsskrb5_release_name(&minor, &ctx->target); + krb5_free_principal(_gsskrb5_context, ctx->target); if (localp) krb5_free_address (_gsskrb5_context, localp); if (remotep) diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 17795561d..4dd1b3305 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -105,7 +105,7 @@ static void do_delegation (krb5_auth_context ac, krb5_ccache ccache, krb5_creds *cred, - const gss_name_t target_name, + krb5_const_principal name, krb5_data *fwd_data, uint32_t *flags) { @@ -137,14 +137,14 @@ do_delegation (krb5_auth_context ac, fwd_flags.b.forwardable = 1; if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ - target_name->name.name_string.len < 2) + name->name.name_string.len < 2) goto out; kret = krb5_get_forwarded_creds(_gsskrb5_context, ac, ccache, fwd_flags.i, - target_name->name.name_string.val[1], + name->name.name_string.val[1], &creds, fwd_data); @@ -169,7 +169,7 @@ init_auth (OM_uint32 * minor_status, gsskrb5_cred initiator_cred_handle, gss_ctx_id_t * context_handle, - const gss_name_t target_name, + krb5_const_principal name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, @@ -263,9 +263,7 @@ init_auth goto failure; } - kret = krb5_copy_principal (_gsskrb5_context, - target_name, - &ctx->target); + kret = krb5_copy_principal (_gsskrb5_context, name, &ctx->target); if (kret) { _gsskrb5_set_error_string (); *minor_status = kret; @@ -343,7 +341,7 @@ init_auth krb5_boolean delegate; krb5_appdefault_boolean(_gsskrb5_context, - "gssapi", target_name->realm, + "gssapi", name->realm, "ok-as-delegate", FALSE, &delegate); if (delegate) req_flags &= ~GSS_C_DELEG_FLAG; @@ -353,7 +351,7 @@ init_auth ap_options = 0; if (req_flags & GSS_C_DELEG_FLAG) do_delegation (ctx->auth_context, - ccache, cred, target_name, &fwd_data, &flags); + ccache, cred, name, &fwd_data, &flags); if (req_flags & GSS_C_MUTUAL_FLAG) { flags |= GSS_C_MUTUAL_FLAG; @@ -482,7 +480,6 @@ repl_mutual (OM_uint32 * minor_status, const gsskrb5_cred initiator_cred_handle, gss_ctx_id_t * context_handle, - const gss_name_t target_name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, @@ -584,6 +581,7 @@ OM_uint32 _gsskrb5_init_sec_context ) { gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle; + krb5_const_principal name = (krb5_const_principal)target_name; GSSAPI_KRB5_INIT (); @@ -611,7 +609,7 @@ OM_uint32 _gsskrb5_init_sec_context return init_auth (minor_status, cred, context_handle, - target_name, + name, mech_type, req_flags, time_req, @@ -625,7 +623,6 @@ OM_uint32 _gsskrb5_init_sec_context return repl_mutual(minor_status, cred, context_handle, - target_name, mech_type, req_flags, time_req, diff --git a/lib/gssapi/krb5/inquire_context.c b/lib/gssapi/krb5/inquire_context.c index 2ba41646c..8d9a904a5 100644 --- a/lib/gssapi/krb5/inquire_context.c +++ b/lib/gssapi/krb5/inquire_context.c @@ -36,63 +36,71 @@ RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_context ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_name_t * src_name, - gss_name_t * targ_name, - OM_uint32 * lifetime_rec, - gss_OID * mech_type, - OM_uint32 * ctx_flags, - int * locally_initiated, - int * open_context - ) + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_name_t * src_name, + gss_name_t * targ_name, + OM_uint32 * lifetime_rec, + gss_OID * mech_type, + OM_uint32 * ctx_flags, + int * locally_initiated, + int * open_context + ) { - OM_uint32 ret; - gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle; + OM_uint32 ret; + gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle; + gss_name_t name; - HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + if (src_name) + *src_name = GSS_C_NO_NAME; + if (targ_name) + *targ_name = GSS_C_NO_NAME; - if (src_name) { - ret = _gsskrb5_duplicate_name (minor_status, - ctx->source, - src_name); - if (ret) - goto failed; - } + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - if (targ_name) { - ret = _gsskrb5_duplicate_name (minor_status, - ctx->target, - targ_name); - if (ret) - goto failed; - } + if (src_name) { + name = (gss_name_t)ctx->source; + ret = _gsskrb5_duplicate_name (minor_status, name, src_name); + if (ret) + goto failed; + } - if (lifetime_rec) { - ret = _gsskrb5_lifetime_left(minor_status, - ctx->lifetime, - lifetime_rec); - if (ret) - goto failed; - } + if (targ_name) { + name = (gss_name_t)ctx->target; + ret = _gsskrb5_duplicate_name (minor_status, name, targ_name); + if (ret) + goto failed; + } - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; + if (lifetime_rec) { + ret = _gsskrb5_lifetime_left(minor_status, + ctx->lifetime, + lifetime_rec); + if (ret) + goto failed; + } - if (ctx_flags) - *ctx_flags = ctx->flags; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; - if (locally_initiated) - *locally_initiated = ctx->more_flags & LOCAL; + if (ctx_flags) + *ctx_flags = ctx->flags; - if (open_context) - *open_context = ctx->more_flags & OPEN; + if (locally_initiated) + *locally_initiated = ctx->more_flags & LOCAL; - *minor_status = 0; - ret = GSS_S_COMPLETE; + if (open_context) + *open_context = ctx->more_flags & OPEN; - failed: + *minor_status = 0; + ret = GSS_S_COMPLETE; - HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - return ret; +failed: + if (src_name) + _gsskrb5_release_name(NULL, src_name); + if (targ_name) + _gsskrb5_release_name(NULL, targ_name); + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; } diff --git a/lib/gssapi/krb5/inquire_cred.c b/lib/gssapi/krb5/inquire_cred.c index 9abc3a07c..46739eb4f 100644 --- a/lib/gssapi/krb5/inquire_cred.c +++ b/lib/gssapi/krb5/inquire_cred.c @@ -38,7 +38,7 @@ RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred (OM_uint32 * minor_status, const gss_cred_id_t cred_handle, - gss_name_t * name, + gss_name_t * output_name, OM_uint32 * lifetime, gss_cred_usage_t * cred_usage, gss_OID_set * mechanisms @@ -50,8 +50,8 @@ OM_uint32 _gsskrb5_inquire_cred *minor_status = 0; - if (name) - *name = NULL; + if (output_name) + *output_name = NULL; if (mechanisms) *mechanisms = GSS_C_NO_OID_SET; @@ -72,26 +72,32 @@ OM_uint32 _gsskrb5_inquire_cred HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); - if (name != NULL) { + if (output_name != NULL) { if (cred->principal != NULL) { - ret = _gsskrb5_duplicate_name(minor_status, cred->principal, - name); + gss_name_t name = (gss_name_t)cred->principal; + + ret = _gsskrb5_duplicate_name(minor_status, name, output_name); if (ret) goto out; } else if (cred->usage == GSS_C_ACCEPT) { + krb5_principal princ; *minor_status = krb5_sname_to_principal(_gsskrb5_context, NULL, - NULL, KRB5_NT_SRV_HST, name); + NULL, KRB5_NT_SRV_HST, + &princ); if (*minor_status) { ret = GSS_S_FAILURE; goto out; } + *output_name = (gss_name_t)princ; } else { + krb5_principal princ; *minor_status = krb5_get_default_principal(_gsskrb5_context, - name); + &princ); if (*minor_status) { ret = GSS_S_FAILURE; goto out; } + *output_name = (gss_name_t)princ; } } if (lifetime != NULL) { diff --git a/lib/gssapi/krb5/release_name.c b/lib/gssapi/krb5/release_name.c index 235eef54e..40a6a917f 100644 --- a/lib/gssapi/krb5/release_name.c +++ b/lib/gssapi/krb5/release_name.c @@ -40,11 +40,16 @@ OM_uint32 _gsskrb5_release_name gss_name_t * input_name ) { + krb5_principal name = (krb5_principal)*input_name; + GSSAPI_KRB5_INIT (); + if (minor_status) *minor_status = 0; - krb5_free_principal(_gsskrb5_context, - *input_name); + *input_name = GSS_C_NO_NAME; + + krb5_free_principal(_gsskrb5_context, name); + return GSS_S_COMPLETE; }