oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

make gss_name_t an opaque type

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-06-29 07:27:26 +00:00
parent b79c379578
commit 03567db502
16 changed files with 154 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -400,15 +400,18 @@ _gsskrb5_accept_sec_context
goto failure;
if (src_name != NULL) {
krb5_principal name;
kret = krb5_copy_principal (_gsskrb5_context,
ticket->client,
src_name);
&name);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
_gsskrb5_set_error_string ();
goto failure;
}
*src_name = (gss_name_t)name;
}
{

10
lib/gssapi/krb5/acquire_cred.c
View File

@@ -319,12 +319,14 @@ OM_uint32 _gsskrb5_acquire_cred
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
if (desired_name != GSS_C_NO_NAME) {
ret = _gsskrb5_duplicate_name(minor_status, desired_name,
&handle->principal);
if (ret != GSS_S_COMPLETE) {
krb5_principal name = (krb5_principal)desired_name;
ret = krb5_copy_principal(_gsskrb5_context, name, &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
_gsskrb5_set_error_string();
*minor_status = ret;
free(handle);
return (ret);
return GSS_S_FAILURE;
}
}
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {

19
lib/gssapi/krb5/add_cred.c
View File

@@ -50,9 +50,11 @@ OM_uint32 _gsskrb5_add_cred (
{
OM_uint32 ret, lifetime;
gsskrb5_cred cred, handle;
krb5_const_principal dname;
handle = NULL;
cred = (gsskrb5_cred)input_cred_handle;
dname = (krb5_const_principal)desired_name;
if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
*minor_status = 0;
@@ -80,8 +82,8 @@ OM_uint32 _gsskrb5_add_cred (
}
/* check that we have the same name */
if (desired_name != GSS_C_NO_NAME &&
krb5_principal_compare(_gsskrb5_context, desired_name,
if (dname != NULL &&
krb5_principal_compare(_gsskrb5_context, dname,
cred->principal) != FALSE) {
if (output_cred_handle)
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
@@ -91,6 +93,7 @@ OM_uint32 _gsskrb5_add_cred (
/* make a copy */
if (output_cred_handle) {
krb5_error_code kret;
handle = calloc(1, sizeof(*handle));
if (handle == NULL) {
@@ -109,17 +112,16 @@ OM_uint32 _gsskrb5_add_cred (
ret = GSS_S_FAILURE;
ret = _gsskrb5_duplicate_name(minor_status, cred->principal,
&handle->principal);
if (ret) {
kret = krb5_copy_principal(_gsskrb5_context, cred->principal,
&handle->principal);
if (kret) {
HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
free(handle);
*minor_status = ENOMEM;
*minor_status = kret;
return GSS_S_FAILURE;
}
if (cred->keytab) {
krb5_error_code kret;
char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
int len;
@@ -151,7 +153,6 @@ OM_uint32 _gsskrb5_add_cred (
}
if (cred->ccache) {
krb5_error_code kret;
const char *type, *name;
char *type_name;
@@ -233,7 +234,7 @@ OM_uint32 _gsskrb5_add_cred (
if (handle) {
if (handle->principal)
_gsskrb5_release_name(NULL, &handle->principal);
krb5_free_principal(_gsskrb5_context, handle->principal);
if (handle->keytab)
krb5_kt_close(_gsskrb5_context, handle->keytab);
if (handle->ccache)

5
lib/gssapi/krb5/compare_name.c
View File

@@ -42,10 +42,13 @@ OM_uint32 _gsskrb5_compare_name
int * name_equal
)
{
krb5_const_principal princ1 = (krb5_const_principal)name1;
krb5_const_principal princ2 = (krb5_const_principal)name2;
GSSAPI_KRB5_INIT();
*name_equal = krb5_principal_compare (_gsskrb5_context,
name1, name2);
princ1, princ2);
*minor_status = 0;
return GSS_S_COMPLETE;
}

2
lib/gssapi/krb5/compat.c
View File

@@ -37,7 +37,7 @@ RCSID("$Id$");
static krb5_error_code
check_compat(OM_uint32 *minor_status, gss_name_t name,
check_compat(OM_uint32 *minor_status, krb5_const_principal name,
const char *option, krb5_boolean *compat,
krb5_boolean match_val)
{

5
lib/gssapi/krb5/display_name.c
View File

@@ -42,14 +42,13 @@ OM_uint32 _gsskrb5_display_name
gss_OID * output_name_type
)
{
krb5_const_principal name = (krb5_const_principal)input_name;
krb5_error_code kret;
char *buf;
size_t len;
GSSAPI_KRB5_INIT ();
kret = krb5_unparse_name (_gsskrb5_context,
input_name,
&buf);
kret = krb5_unparse_name (_gsskrb5_context, name, &buf);
if (kret) {
*minor_status = kret;
_gsskrb5_set_error_string ();

6
lib/gssapi/krb5/duplicate_name.c
View File

@@ -41,13 +41,13 @@ OM_uint32 _gsskrb5_duplicate_name (
gss_name_t * dest_name
)
{
krb5_const_principal src = (krb5_const_principal)src_name;
krb5_principal *dest = (krb5_principal *)dest_name;
krb5_error_code kret;
GSSAPI_KRB5_INIT ();
kret = krb5_copy_principal (_gsskrb5_context,
src_name,
dest_name);
kret = krb5_copy_principal (_gsskrb5_context, src, dest);
if (kret) {
*minor_status = kret;
_gsskrb5_set_error_string ();

5
lib/gssapi/krb5/export_name.c
View File

@@ -41,14 +41,13 @@ OM_uint32 _gsskrb5_export_name
gss_buffer_t exported_name
)
{
krb5_const_principal princ = (krb5_const_principal)input_name;
krb5_error_code kret;
char *buf, *name;
size_t len;
GSSAPI_KRB5_INIT ();
kret = krb5_unparse_name (_gsskrb5_context,
input_name,
&name);
kret = krb5_unparse_name (_gsskrb5_context, princ, &name);
if (kret) {
*minor_status = kret;
_gsskrb5_set_error_string ();

4
lib/gssapi/krb5/export_sec_context.c
View File

@@ -167,7 +167,7 @@ _gsskrb5_export_sec_context (
/* names */
ret = _gsskrb5_export_name (minor_status,
ctx->source, &buffer);
(gss_name_t)ctx->source, &buffer);
if (ret)
goto failure;
data.data = buffer.value;
@@ -180,7 +180,7 @@ _gsskrb5_export_sec_context (
}
ret = _gsskrb5_export_name (minor_status,
ctx->target, &buffer);
(gss_name_t)ctx->target, &buffer);
if (ret)
goto failure;
data.data = buffer.value;

6
lib/gssapi/krb5/gsskrb5_locl.h
View File

@@ -57,7 +57,7 @@ struct gss_msg_order;
typedef struct {
struct krb5_auth_context_data *auth_context;
gss_name_t source, target;
krb5_principal source, target;
OM_uint32 flags;
enum { LOCAL = 1, OPEN = 2,
COMPAT_OLD_DES3 = 4,
@@ -71,7 +71,7 @@ typedef struct {
} *gsskrb5_ctx;
typedef struct {
gss_name_t principal;
krb5_principal principal;
int cred_flags;
#define GSS_CF_DESTROY_CRED_ON_RELEASE 1
struct krb5_keytab_data *keytab;
@@ -82,6 +82,8 @@ typedef struct {
HEIMDAL_MUTEX cred_id_mutex;
} *gsskrb5_cred;
typedef struct Principal *gsskrb5_name;
/*
*
*/

44
lib/gssapi/krb5/import_name.c
View File

@@ -40,21 +40,22 @@ parse_krb5_name (OM_uint32 *minor_status,
const char *name,
gss_name_t *output_name)
{
krb5_principal princ;
krb5_error_code kerr;
kerr = krb5_parse_name (_gsskrb5_context, name, output_name);
kerr = krb5_parse_name (_gsskrb5_context, name, &princ);
if (kerr == 0)
if (kerr == 0) {
*output_name = (gss_name_t)princ;
return GSS_S_COMPLETE;
else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
_gsskrb5_set_error_string ();
*minor_status = kerr;
return GSS_S_BAD_NAME;
} else {
_gsskrb5_set_error_string ();
*minor_status = kerr;
return GSS_S_FAILURE;
}
_gsskrb5_set_error_string ();
*minor_status = kerr;
if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
return GSS_S_BAD_NAME;
return GSS_S_FAILURE;
}
static OM_uint32
@@ -91,8 +92,7 @@ import_hostbased_name (OM_uint32 *minor_status,
char *p;
char *host;
char local_hostname[MAXHOSTNAMELEN];
*output_name = NULL;
krb5_principal princ = NULL;
tmp = malloc (input_name_buffer->length + 1);
if (tmp == NULL) {
@@ -121,20 +121,20 @@ import_hostbased_name (OM_uint32 *minor_status,
host,
tmp,
KRB5_NT_SRV_HST,
output_name);
&princ);
free (tmp);
*minor_status = kerr;
if (kerr == 0)
if (kerr == 0) {
*output_name = (gss_name_t)princ;
return GSS_S_COMPLETE;
else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
_gsskrb5_set_error_string ();
*minor_status = kerr;
return GSS_S_BAD_NAME;
} else {
_gsskrb5_set_error_string ();
*minor_status = kerr;
return GSS_S_FAILURE;
}
_gsskrb5_set_error_string ();
*minor_status = kerr;
if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
return GSS_S_BAD_NAME;
return GSS_S_FAILURE;
}
static OM_uint32

16
lib/gssapi/krb5/import_sec_context.c
View File

@@ -53,8 +53,8 @@ _gsskrb5_import_sec_context (
krb5_keyblock keyblock;
int32_t tmp;
int32_t flags;
OM_uint32 minor;
gsskrb5_ctx ctx;
gss_name_t name;
GSSAPI_KRB5_INIT ();
@@ -158,15 +158,16 @@ _gsskrb5_import_sec_context (
buffer.length = data.length;
ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
&ctx->source);
&name);
if (ret) {
ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
&ctx->source);
&name);
if (ret) {
krb5_data_free (&data);
goto failure;
}
}
ctx->source = (krb5_principal)name;
krb5_data_free (&data);
if (krb5_ret_data (sp, &data) != 0)
@@ -175,15 +176,16 @@ _gsskrb5_import_sec_context (
buffer.length = data.length;
ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
&ctx->target);
&name);
if (ret) {
ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
&ctx->target);
&name);
if (ret) {
krb5_data_free (&data);
goto failure;
}
}
ctx->target = (krb5_principal)name;
krb5_data_free (&data);
if (krb5_ret_int32 (sp, &tmp))
@@ -210,9 +212,9 @@ failure:
krb5_auth_con_free (_gsskrb5_context,
ctx->auth_context);
if (ctx->source != NULL)
_gsskrb5_release_name(&minor, &ctx->source);
krb5_free_principal(_gsskrb5_context, ctx->source);
if (ctx->target != NULL)
_gsskrb5_release_name(&minor, &ctx->target);
krb5_free_principal(_gsskrb5_context, ctx->target);
if (localp)
krb5_free_address (_gsskrb5_context, localp);
if (remotep)

21
lib/gssapi/krb5/init_sec_context.c
View File

@@ -105,7 +105,7 @@ static void
do_delegation (krb5_auth_context ac,
krb5_ccache ccache,
krb5_creds *cred,
const gss_name_t target_name,
krb5_const_principal name,
krb5_data *fwd_data,
uint32_t *flags)
{
@@ -137,14 +137,14 @@ do_delegation (krb5_auth_context ac,
fwd_flags.b.forwardable = 1;
if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
target_name->name.name_string.len < 2)
name->name.name_string.len < 2)
goto out;
kret = krb5_get_forwarded_creds(_gsskrb5_context,
ac,
ccache,
fwd_flags.i,
target_name->name.name_string.val[1],
name->name.name_string.val[1],
&creds,
fwd_data);
@@ -169,7 +169,7 @@ init_auth
(OM_uint32 * minor_status,
gsskrb5_cred initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
krb5_const_principal name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -263,9 +263,7 @@ init_auth
goto failure;
}
kret = krb5_copy_principal (_gsskrb5_context,
target_name,
&ctx->target);
kret = krb5_copy_principal (_gsskrb5_context, name, &ctx->target);
if (kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
@@ -343,7 +341,7 @@ init_auth
krb5_boolean delegate;
krb5_appdefault_boolean(_gsskrb5_context,
"gssapi", target_name->realm,
"gssapi", name->realm,
"ok-as-delegate", FALSE, &delegate);
if (delegate)
req_flags &= ~GSS_C_DELEG_FLAG;
@@ -353,7 +351,7 @@ init_auth
ap_options = 0;
if (req_flags & GSS_C_DELEG_FLAG)
do_delegation (ctx->auth_context,
ccache, cred, target_name, &fwd_data, &flags);
ccache, cred, name, &fwd_data, &flags);
if (req_flags & GSS_C_MUTUAL_FLAG) {
flags |= GSS_C_MUTUAL_FLAG;
@@ -482,7 +480,6 @@ repl_mutual
(OM_uint32 * minor_status,
const gsskrb5_cred initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
@@ -584,6 +581,7 @@ OM_uint32 _gsskrb5_init_sec_context
)
{
gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle;
krb5_const_principal name = (krb5_const_principal)target_name;
GSSAPI_KRB5_INIT ();
@@ -611,7 +609,7 @@ OM_uint32 _gsskrb5_init_sec_context
return init_auth (minor_status,
cred,
context_handle,
target_name,
name,
mech_type,
req_flags,
time_req,
@@ -625,7 +623,6 @@ OM_uint32 _gsskrb5_init_sec_context
return repl_mutual(minor_status,
cred,
context_handle,
target_name,
mech_type,
req_flags,
time_req,

102
lib/gssapi/krb5/inquire_context.c
View File

@@ -36,63 +36,71 @@
RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_context (
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
gss_OID * mech_type,
OM_uint32 * ctx_flags,
int * locally_initiated,
int * open_context
)
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
gss_OID * mech_type,
OM_uint32 * ctx_flags,
int * locally_initiated,
int * open_context
)
{
OM_uint32 ret;
gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
OM_uint32 ret;
gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
gss_name_t name;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (src_name)
*src_name = GSS_C_NO_NAME;
if (targ_name)
*targ_name = GSS_C_NO_NAME;
if (src_name) {
ret = _gsskrb5_duplicate_name (minor_status,
ctx->source,
src_name);
if (ret)
goto failed;
}
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (targ_name) {
ret = _gsskrb5_duplicate_name (minor_status,
ctx->target,
targ_name);
if (ret)
goto failed;
}
if (src_name) {
name = (gss_name_t)ctx->source;
ret = _gsskrb5_duplicate_name (minor_status, name, src_name);
if (ret)
goto failed;
}
if (lifetime_rec) {
ret = _gsskrb5_lifetime_left(minor_status,
ctx->lifetime,
lifetime_rec);
if (ret)
goto failed;
}
if (targ_name) {
name = (gss_name_t)ctx->target;
ret = _gsskrb5_duplicate_name (minor_status, name, targ_name);
if (ret)
goto failed;
}
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (lifetime_rec) {
ret = _gsskrb5_lifetime_left(minor_status,
ctx->lifetime,
lifetime_rec);
if (ret)
goto failed;
}
if (ctx_flags)
*ctx_flags = ctx->flags;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (locally_initiated)
*locally_initiated = ctx->more_flags & LOCAL;
if (ctx_flags)
*ctx_flags = ctx->flags;
if (open_context)
*open_context = ctx->more_flags & OPEN;
if (locally_initiated)
*locally_initiated = ctx->more_flags & LOCAL;
*minor_status = 0;
ret = GSS_S_COMPLETE;
if (open_context)
*open_context = ctx->more_flags & OPEN;
failed:
*minor_status = 0;
ret = GSS_S_COMPLETE;
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;
failed:
if (src_name)
_gsskrb5_release_name(NULL, src_name);
if (targ_name)
_gsskrb5_release_name(NULL, targ_name);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;
}

22
lib/gssapi/krb5/inquire_cred.c
View File

@@ -38,7 +38,7 @@ RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
gss_name_t * output_name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms
@@ -50,8 +50,8 @@ OM_uint32 _gsskrb5_inquire_cred
*minor_status = 0;
if (name)
*name = NULL;
if (output_name)
*output_name = NULL;
if (mechanisms)
*mechanisms = GSS_C_NO_OID_SET;
@@ -72,26 +72,32 @@ OM_uint32 _gsskrb5_inquire_cred
HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
if (name != NULL) {
if (output_name != NULL) {
if (cred->principal != NULL) {
ret = _gsskrb5_duplicate_name(minor_status, cred->principal,
name);
gss_name_t name = (gss_name_t)cred->principal;
ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
if (ret)
goto out;
} else if (cred->usage == GSS_C_ACCEPT) {
krb5_principal princ;
*minor_status = krb5_sname_to_principal(_gsskrb5_context, NULL,
NULL, KRB5_NT_SRV_HST, name);
NULL, KRB5_NT_SRV_HST,
&princ);
if (*minor_status) {
ret = GSS_S_FAILURE;
goto out;
}
*output_name = (gss_name_t)princ;
} else {
krb5_principal princ;
*minor_status = krb5_get_default_principal(_gsskrb5_context,
name);
&princ);
if (*minor_status) {
ret = GSS_S_FAILURE;
goto out;
}
*output_name = (gss_name_t)princ;
}
}
if (lifetime != NULL) {

9
lib/gssapi/krb5/release_name.c
View File

@@ -40,11 +40,16 @@ OM_uint32 _gsskrb5_release_name
gss_name_t * input_name
)
{
krb5_principal name = (krb5_principal)*input_name;
GSSAPI_KRB5_INIT ();
if (minor_status)
*minor_status = 0;
krb5_free_principal(_gsskrb5_context,
*input_name);
*input_name = GSS_C_NO_NAME;
krb5_free_principal(_gsskrb5_context, name);
return GSS_S_COMPLETE;
}