From 79ff133ae908734cd77fbc14be76c76150093a90 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 20 May 2011 14:31:08 +0200 Subject: [PATCH] make gss_acquire_cred_ext private --- appl/test/gssapi_client.c | 19 ++++---- lib/gssapi/gssapi/gssapi.h | 17 -------- lib/gssapi/gssapi_mech.h | 21 +++++++++ lib/gssapi/libgssapi-exports.def | 2 +- lib/gssapi/mech/cred.h | 2 +- lib/gssapi/mech/gss_acquire_cred_ext.c | 6 +-- .../mech/gss_acquire_cred_with_password.c | 32 +++++++------- lib/gssapi/mech/gss_mech_switch.c | 2 +- lib/gssapi/test_context.c | 43 ++++++++++++------- lib/gssapi/version-script.map | 1 - 10 files changed, 80 insertions(+), 65 deletions(-) diff --git a/appl/test/gssapi_client.c b/appl/test/gssapi_client.c index 9a3d95de4..f19216530 100644 --- a/appl/test/gssapi_client.c +++ b/appl/test/gssapi_client.c @@ -139,17 +139,18 @@ proto (int sock, const char *hostname, const char *service) pw.value = password; pw.length = strlen(password); - maj_stat = gss_acquire_cred_ext(&min_stat, - GSS_C_NO_NAME, - GSS_C_CRED_PASSWORD, - &pw, - GSS_C_INDEFINITE, - GSS_C_NO_OID, - GSS_C_INITIATE, - &cred); + maj_stat = gss_acquire_cred_with_password(&min_stat, + GSS_C_NO_NAME, + &pw, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &cred, + NULL, + NULL); if (GSS_ERROR(maj_stat)) gss_err (1, min_stat, - "Error acquiring initiator credentials"); + "Error acquiring default initiator credentials"); } addrlen = sizeof(local); diff --git a/lib/gssapi/gssapi/gssapi.h b/lib/gssapi/gssapi/gssapi.h index a503ad398..d5c89e012 100644 --- a/lib/gssapi/gssapi/gssapi.h +++ b/lib/gssapi/gssapi/gssapi.h @@ -474,23 +474,6 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred OM_uint32 * /*time_rec*/ ); -extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc; -#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc) - -extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc; -#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc) - -GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_ext - (OM_uint32 * /*minor_status*/, - const gss_name_t /*desired_name*/, - gss_const_OID /*credential_type*/, - const void * /*credential_data*/, - OM_uint32 /*time_req*/, - gss_const_OID /*desired_mech*/, - gss_cred_usage_t /*cred_usage*/, - gss_cred_id_t * /*output_cred_handle*/ - ); - GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred (OM_uint32 * /*minor_status*/, gss_cred_id_t * /*cred_handle*/ diff --git a/lib/gssapi/gssapi_mech.h b/lib/gssapi/gssapi_mech.h index 553390dd4..e4ccfdb0c 100644 --- a/lib/gssapi/gssapi_mech.h +++ b/lib/gssapi/gssapi_mech.h @@ -570,4 +570,25 @@ struct _gss_oid_name_table { extern struct _gss_oid_name_table _gss_ont_mech[]; extern struct _gss_oid_name_table _gss_ont_ma[]; +/* + * Extended credentials acqusition API, not to be exported until + * it or something equivalent has been standardised. + */ +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc; +#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc) + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc; +#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc) + +OM_uint32 _gss_acquire_cred_ext + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + gss_const_OID /*credential_type*/, + const void * /*credential_data*/, + OM_uint32 /*time_req*/, + gss_const_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/ + ); + #endif /* GSSAPI_MECH_H */ diff --git a/lib/gssapi/libgssapi-exports.def b/lib/gssapi/libgssapi-exports.def index 37842bc26..0cea7fb01 100644 --- a/lib/gssapi/libgssapi-exports.def +++ b/lib/gssapi/libgssapi-exports.def @@ -11,7 +11,7 @@ EXPORTS __gss_c_attr_stream_sizes_oid_desc DATA gss_accept_sec_context gss_acquire_cred - gss_acquire_cred_ext +;! gss_acquire_cred_ext gss_acquire_cred_with_password gss_add_buffer_set_member gss_add_cred diff --git a/lib/gssapi/mech/cred.h b/lib/gssapi/mech/cred.h index fdd44e972..5661b5323 100644 --- a/lib/gssapi/mech/cred.h +++ b/lib/gssapi/mech/cred.h @@ -44,7 +44,7 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc); struct _gss_mechanism_name; -GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +OM_uint32 _gss_acquire_mech_cred(OM_uint32 *minor_status, gssapi_mech_interface m, const struct _gss_mechanism_name *mn, diff --git a/lib/gssapi/mech/gss_acquire_cred_ext.c b/lib/gssapi/mech/gss_acquire_cred_ext.c index dccf7d65b..1cbb29f14 100644 --- a/lib/gssapi/mech/gss_acquire_cred_ext.c +++ b/lib/gssapi/mech/gss_acquire_cred_ext.c @@ -30,7 +30,7 @@ #include "mech_locl.h" -GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +OM_uint32 _gss_acquire_mech_cred(OM_uint32 *minor_status, gssapi_mech_interface m, const struct _gss_mechanism_name *mn, @@ -104,8 +104,8 @@ _gss_acquire_mech_cred(OM_uint32 *minor_status, return major_status; } -GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL -gss_acquire_cred_ext(OM_uint32 *minor_status, +OM_uint32 +_gss_acquire_cred_ext(OM_uint32 *minor_status, const gss_name_t desired_name, gss_const_OID credential_type, const void *credential_data, diff --git a/lib/gssapi/mech/gss_acquire_cred_with_password.c b/lib/gssapi/mech/gss_acquire_cred_with_password.c index b20be8cd3..8c2a6488f 100644 --- a/lib/gssapi/mech/gss_acquire_cred_with_password.c +++ b/lib/gssapi/mech/gss_acquire_cred_with_password.c @@ -46,14 +46,14 @@ gss_acquire_cred_with_password(OM_uint32 *minor_status, OM_uint32 major_status, tmp_minor; if (desired_mechs == GSS_C_NO_OID_SET) { - major_status = gss_acquire_cred_ext(minor_status, - desired_name, - GSS_C_CRED_PASSWORD, - password, - time_req, - GSS_C_NO_OID, - cred_usage, - output_cred_handle); + major_status = _gss_acquire_cred_ext(minor_status, + desired_name, + GSS_C_CRED_PASSWORD, + password, + time_req, + GSS_C_NO_OID, + cred_usage, + output_cred_handle); if (GSS_ERROR(major_status)) return major_status; } else { @@ -71,14 +71,14 @@ gss_acquire_cred_with_password(OM_uint32 *minor_status, struct _gss_cred *tmp_cred = NULL; struct _gss_mechanism_cred *mc; - major_status = gss_acquire_cred_ext(minor_status, - desired_name, - GSS_C_CRED_PASSWORD, - password, - time_req, - &desired_mechs->elements[i], - cred_usage, - (gss_cred_id_t *)&tmp_cred); + major_status = _gss_acquire_cred_ext(minor_status, + desired_name, + GSS_C_CRED_PASSWORD, + password, + time_req, + &desired_mechs->elements[i], + cred_usage, + (gss_cred_id_t *)&tmp_cred); if (GSS_ERROR(major_status)) continue; diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index 1416c4c16..e62d00207 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -366,8 +366,8 @@ _gss_load_mech(void) OPTSYM(store_cred); OPTSYM(export_cred); OPTSYM(import_cred); - OPTSYM(acquire_cred_ext); #if 0 + OPTSYM(acquire_cred_ext); OPTSYM(iter_creds); OPTSYM(destroy_cred); OPTSYM(cred_hold); diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index 332513d2f..e91738e64 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -507,8 +507,8 @@ main(int argc, char **argv) void *ctx; gss_OID nameoid, mechoid, actual_mech, actual_mech2; gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL; - gss_OID credential_type; - gss_buffer_desc credential_data; + gss_name_t cname = GSS_C_NO_NAME; + gss_buffer_desc credential_data = GSS_C_EMPTY_BUFFER; setprogname(argv[0]); @@ -561,35 +561,46 @@ main(int argc, char **argv) } if (client_password) { - credential_type = GSS_C_CRED_PASSWORD; credential_data.value = client_password; credential_data.length = strlen(client_password); - } else - credential_type = GSS_C_NO_OID; + } if (client_name) { gss_buffer_desc cn; - gss_name_t cname; + cn.value = client_name; cn.length = strlen(client_name); + maj_stat = gss_import_name(&min_stat, &cn, GSS_C_NT_USER_NAME, &cname); if (maj_stat) errx(1, "gss_import_name: %s", gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } - maj_stat = gss_acquire_cred_ext(&min_stat, cname, - credential_type, &credential_data, - 0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred); + if (client_password) { + maj_stat = gss_acquire_cred_with_password(&min_stat, + cname, + &credential_data, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &client_cred, + NULL, + NULL); if (GSS_ERROR(maj_stat)) - errx(1, "gss_acquire_cred_ext: %s", + errx(1, "gss_acquire_cred_with_password: %s", gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); - gss_release_name(&min_stat, &cname); - } else if (credential_type) { - maj_stat = gss_acquire_cred_ext(&min_stat, GSS_C_NO_NAME, - credential_type, &credential_data, - 0, GSS_C_NO_OID, GSS_C_INITIATE, &client_cred); + } else { + maj_stat = gss_acquire_cred(&min_stat, + cname, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &client_cred, + NULL, + NULL); if (GSS_ERROR(maj_stat)) - errx(1, "gss_acquire_cred_ext: %s", + errx(1, "gss_acquire_cred_with_password: %s", gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); } diff --git a/lib/gssapi/version-script.map b/lib/gssapi/version-script.map index bcff6d061..ebd8ee21a 100644 --- a/lib/gssapi/version-script.map +++ b/lib/gssapi/version-script.map @@ -17,7 +17,6 @@ HEIMDAL_GSS_2.0 { GSS_C_ATTR_LOCAL_LOGIN_USER; gss_accept_sec_context; gss_acquire_cred; - gss_acquire_cred_ext; gss_acquire_cred_with_password; gss_add_buffer_set_member; gss_add_cred;