From 32878204482e56c67a6b7c6217933d4bb163a6b7 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 12 May 2011 14:01:40 +0200 Subject: [PATCH 1/3] Allow NULL arguments to gss_{get_name_attribute,inquire_name} --- lib/gssapi/mech/gss_get_name_attribute.c | 6 ++++-- lib/gssapi/mech/gss_inquire_name.c | 12 ++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/lib/gssapi/mech/gss_get_name_attribute.c b/lib/gssapi/mech/gss_get_name_attribute.c index cb72c044f..2c0132255 100644 --- a/lib/gssapi/mech/gss_get_name_attribute.c +++ b/lib/gssapi/mech/gss_get_name_attribute.c @@ -47,8 +47,10 @@ gss_get_name_attribute(OM_uint32 *minor_status, struct _gss_mechanism_name *mn; *minor_status = 0; - *authenticated = 0; - *complete = 0; + if (authenticated != NULL) + *authenticated = 0; + if (complete != NULL) + *complete = 0; _mg_buffer_zero(value); _mg_buffer_zero(display_value); diff --git a/lib/gssapi/mech/gss_inquire_name.c b/lib/gssapi/mech/gss_inquire_name.c index 5222439b2..587bee8b1 100644 --- a/lib/gssapi/mech/gss_inquire_name.c +++ b/lib/gssapi/mech/gss_inquire_name.c @@ -44,9 +44,12 @@ gss_inquire_name(OM_uint32 *minor_status, struct _gss_mechanism_name *mn; *minor_status = 0; - *name_is_MN = 0; - *MN_mech = GSS_C_NO_OID; - *attrs = GSS_C_NO_BUFFER_SET; + if (name_is_MN != NULL) + *name_is_MN = 0; + if (MN_mech != NULL) + *MN_mech = GSS_C_NO_OID; + if (attrs != NULL) + *attrs = GSS_C_NO_BUFFER_SET; if (input_name == GSS_C_NO_NAME) return GSS_S_BAD_NAME; @@ -63,7 +66,8 @@ gss_inquire_name(OM_uint32 *minor_status, MN_mech, attrs); if (major_status == GSS_S_COMPLETE) { - *name_is_MN = 1; + if (name_is_MN != NULL) + *name_is_MN = 1; #if 0 if (*MN_mech == GSS_C_NO_OID) *MN_mech = &m->gm_mech_oid; From 766b7a558cc2c159e3ff0c4f412023233609a137 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 12 May 2011 13:39:19 +0200 Subject: [PATCH 2/3] Allow composite names in gss_import_name() --- lib/gssapi/mech/gss_import_name.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/gssapi/mech/gss_import_name.c b/lib/gssapi/mech/gss_import_name.c index 574c058fc..bcd60a998 100644 --- a/lib/gssapi/mech/gss_import_name.c +++ b/lib/gssapi/mech/gss_import_name.c @@ -41,6 +41,7 @@ _gss_import_export_name(OM_uint32 *minor_status, gssapi_mech_interface m; struct _gss_name *name; gss_name_t new_canonical_name; + int composite = 0; *minor_status = 0; *output_name = 0; @@ -50,8 +51,17 @@ _gss_import_export_name(OM_uint32 *minor_status, */ if (len < 2) return (GSS_S_BAD_NAME); - if (p[0] != 4 || p[1] != 1) + if (p[0] != 4) return (GSS_S_BAD_NAME); + switch (p[1]) { + case 1: /* non-composite name */ + break; + case 2: /* composite name */ + composite = 1; + break; + default: + return (GSS_S_BAD_NAME); + } p += 2; len -= 2; @@ -106,7 +116,7 @@ _gss_import_export_name(OM_uint32 *minor_status, p += 4; len -= 4; - if (len != t) + if (!composite && len != t) return (GSS_S_BAD_NAME); m = __gss_get_mechanism(&mech_oid); From b323601091630487feb1bef3e12c3ac0a52cae9a Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 13 May 2011 00:16:56 +0200 Subject: [PATCH 3/3] mechglue fixes - support gssspi_set_cred_option - pick up OID sets of names for dynamic mechs --- lib/gssapi/mech/gss_mech_switch.c | 58 +++++++++++++++++++------------ 1 file changed, 36 insertions(+), 22 deletions(-) diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index f7f75c13f..f03b5576d 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -160,7 +160,17 @@ do { \ #define OPTSYM(name) \ do { \ - m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \ + m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \ +} while (0) + +#define OPTSPISYM(name) \ +do { \ + m->gm_mech.gm_ ## name = dlsym(so, "gssspi_" #name); \ +} while (0) + +#define COMPATSYM(name) \ +do { \ + m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gss_" #name); \ } while (0) /* @@ -283,28 +293,23 @@ _gss_load_mech(void) #endif so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP); - if (!so) { + if (so == NULL) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ - free(mech_oid.elements); - continue; + goto bad; } - m = malloc(sizeof(*m)); - if (!m) { - free(mech_oid.elements); - break; - } + m = calloc(1, sizeof(*m)); + if (m == NULL) + goto bad; + m->gm_so = so; m->gm_mech.gm_mech_oid = mech_oid; m->gm_mech.gm_flags = 0; - + major_status = gss_add_oid_set_member(&minor_status, &m->gm_mech.gm_mech_oid, &_gss_mech_oids); - if (major_status) { - free(m->gm_mech.gm_mech_oid.elements); - free(m); - continue; - } + if (GSS_ERROR(major_status)) + goto bad; SYM(acquire_cred); SYM(release_cred); @@ -338,7 +343,7 @@ _gss_load_mech(void) OPTSYM(inquire_cred_by_oid); OPTSYM(inquire_sec_context_by_oid); OPTSYM(set_sec_context_option); - OPTSYM(set_cred_option); + OPTSPISYM(set_cred_option); OPTSYM(pseudo_random); OPTSYM(wrap_iov); OPTSYM(unwrap_iov); @@ -352,20 +357,29 @@ _gss_load_mech(void) mi = dlsym(so, "gss_mo_init"); if (mi != NULL) { - major_status = mi(&minor_status, - &mech_oid, - &m->gm_mech.gm_mo, - &m->gm_mech.gm_mo_num); + major_status = mi(&minor_status, &mech_oid, + &m->gm_mech.gm_mo, &m->gm_mech.gm_mo_num); if (GSS_ERROR(major_status)) goto bad; } + /* pick up the oid sets of names */ + + if (m->gm_mech.gm_inquire_names_for_mech) + (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, + &m->gm_mech.gm_mech_oid, &m->gm_name_types); + + if (m->gm_name_types == NULL) + gss_create_empty_oid_set(&minor_status, &m->gm_name_types); + HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); continue; bad: - free(m->gm_mech.gm_mech_oid.elements); - free(m); + if (m != NULL) { + free(m->gm_mech.gm_mech_oid.elements); + free(m); + } dlclose(so); continue; }