shim acquire_cred_with_password SPI into acquire_cred_ext

2011-05-14 17:00:55 +02:00
parent dfba868910
commit 48719d5651
8 changed files with 67 additions and 42 deletions
--- a/lib/gssapi/mech/compat.h
+++ b/lib/gssapi/mech/compat.h
@@ -51,13 +51,44 @@ typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_attrs_for_mech_t (
 	       gss_OID_set *          /* known_mech_attrs */
 	    );

+typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t
+	      (OM_uint32 *,            /* minor_status */
+	       const gss_name_t,       /* desired_name */
+	       const gss_buffer_t,     /* password */
+	       OM_uint32,              /* time_req */
+	       const gss_OID_set,      /* desired_mechs */
+	       gss_cred_usage_t,       /* cred_usage */
+	       gss_cred_id_t *,        /* output_cred_handle */
+	       gss_OID_set *,          /* actual_mechs */
+	       OM_uint32 *             /* time_rec */
+	      );
+
+typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t (
+	       OM_uint32 *,            /* minor_status */
+	       const gss_cred_id_t,    /* input_cred_handle */
+	       const gss_name_t,       /* desired_name */
+	       const gss_OID,          /* desired_mech */
+	       const gss_buffer_t,     /* password */
+	       gss_cred_usage_t,       /* cred_usage */
+	       OM_uint32,              /* initiator_time_req */
+	       OM_uint32,              /* acceptor_time_req */
+	       gss_cred_id_t *,        /* output_cred_handle */
+	       gss_OID_set *,          /* actual_mechs */
+	       OM_uint32 *,            /* initiator_time_rec */
+	       OM_uint32 *             /* acceptor_time_rec */
+	      );
+
 /*
 * API-as-SPI compatibility for compatibility with MIT mechanisms;
 * native Heimdal mechanisms should not use these.
 */
 struct gss_mech_compat_desc_struct {
-        _gss_inquire_saslname_for_mech_t    *gmc_inquire_saslname_for_mech;
-        _gss_inquire_mech_for_saslname_t    *gmc_inquire_mech_for_saslname;
-        _gss_inquire_attrs_for_mech_t       *gmc_inquire_attrs_for_mech;
+	_gss_inquire_saslname_for_mech_t    *gmc_inquire_saslname_for_mech;
+	_gss_inquire_mech_for_saslname_t    *gmc_inquire_mech_for_saslname;
+	_gss_inquire_attrs_for_mech_t       *gmc_inquire_attrs_for_mech;
+	_gss_acquire_cred_with_password_t   *gmc_acquire_cred_with_password;
+#if 0
+	_gss_add_cred_with_password_t       *gmc_add_cred_with_password;
+#endif
 };

--- a/lib/gssapi/mech/gss_acquire_cred_ext.c
+++ b/lib/gssapi/mech/gss_acquire_cred_ext.c
@@ -109,7 +109,30 @@ gss_acquire_cred_ext(OM_uint32 *minor_status,
 						  mc->gmc_mech_oid,
 						  cred_usage,
 						  &mc->gmc_cred);
-	} else if (credential_type != GSS_C_NO_OID) {
+	} else if (gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD) &&
+		   m->gm_compat &&
+		   m->gm_compat->gmc_acquire_cred_with_password) {
+	    /*
+	     * Shim for mechanisms that adhere to API-as-SPI and do not
+	     * implement gss_acquire_cred_ext().
+	     */
+	    gss_OID_set_desc set2;
+	    _gss_acquire_cred_with_password_t *acwp
+		= m->gm_compat->gmc_acquire_cred_with_password;
+
+	    set2.count = 1;
+	    set2.elements = mc->gmc_mech_oid;
+
+	    major_status = acwp(minor_status,
+				desired_mech_name,
+				(const gss_buffer_t)credential_data,
+				time_req,
+				&set2,
+				cred_usage,
+				&mc->gmc_cred,
+				NULL,
+				NULL);
+	} else if (credential_type == GSS_C_NO_OID) {
 	    gss_OID_set_desc set2;

 	    set2.count = 1;
--- a/lib/gssapi/mech/gss_mech_switch.c
+++ b/lib/gssapi/mech/gss_mech_switch.c
@@ -360,20 +360,20 @@ _gss_load_mech(void)
 		OPTSYM(export_cred);
 		OPTSYM(import_cred);
 		OPTSYM(acquire_cred_ext);
+#if 0
 		OPTSYM(iter_creds);
 		OPTSYM(destroy_cred);
 		OPTSYM(cred_hold);
 		OPTSYM(cred_unhold);
 		OPTSYM(cred_label_get);
 		OPTSYM(cred_label_set);
+#endif
 		OPTSYM(display_name_ext);
 		OPTSYM(inquire_name);
 		OPTSYM(get_name_attribute);
 		OPTSYM(set_name_attribute);
 		OPTSYM(delete_name_attribute);
 		OPTSYM(export_name_composite);
-		OPTSPISYM(acquire_cred_with_password);
-		OPTSYM(add_cred_with_password);
 		OPTSYM(pname_to_uid);
 		OPTSPISYM(authorize_localname);

@@ -388,6 +388,7 @@ _gss_load_mech(void)
 			COMPATSYM(inquire_saslname_for_mech);
 			COMPATSYM(inquire_mech_for_saslname);
 			COMPATSYM(inquire_attrs_for_mech);
+			COMPATSYM(acquire_cred_with_password);
 		}

 		/* pick up the oid sets of names */