oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gssapi: import mechglue allocation utility functions from Heimdal-520

Browse Source 
Apple's Heimdal impelmentation uses a number of utility functions for
allocating names and credentials, to avoid calling malloc or calloc directly.
Import them.
This commit is contained in:
Luke Howard
2019-01-03 10:17:26 +11:00
committed by Nico Williams
parent e0bb9c10ca
commit 83f15553e0
22 changed files with 163 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/gssapi/Makefile.am
View File

@@ -78,6 +78,7 @@ mechsrc = \
mech/context.h \
mech/context.c \
mech/cred.h \
mech/cred.c \
mech/compat.h \
mech/doxygen.c \
mech/gss_accept_sec_context.c \

2
lib/gssapi/NTMakefile
View File

@@ -96,6 +96,7 @@ mechsrc = \
mech/context.h \
mech/context.c \
mech/cred.h \
mech/cred.c \
mech/gss_accept_sec_context.c \
mech/gss_acquire_cred.c \
mech/gss_acquire_cred_from.c \
@@ -328,6 +329,7 @@ libgssapi_OBJs = \
$(OBJ)\krb5/verify_mic.obj \
$(OBJ)\krb5/wrap.obj \
$(OBJ)\mech/context.obj \
$(OBJ)\mech/cred.obj \
$(OBJ)\mech/gss_accept_sec_context.obj \
$(OBJ)\mech/gss_acquire_cred.obj \
$(OBJ)\mech/gss_acquire_cred_from.obj \

67
lib/gssapi/mech/cred.c Normal file
View File

@@ -0,0 +1,67 @@
/*
* Copyright (c) 2011 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2011 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "mech_locl.h"
#include "heim_threads.h"
#include "heimbase.h"
void
_gss_mg_release_cred(struct _gss_cred *cred)
{
struct _gss_mechanism_cred *mc;
OM_uint32 junk;
while (HEIM_SLIST_FIRST(&cred->gc_mc)) {
mc = HEIM_SLIST_FIRST(&cred->gc_mc);
HEIM_SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link);
mc->gmc_mech->gm_release_cred(&junk, &mc->gmc_cred);
free(mc);
}
free(cred);
}
struct _gss_cred *
_gss_mg_alloc_cred(void)
{
struct _gss_cred *cred;
cred = calloc(1, sizeof(struct _gss_cred));
if (cred == NULL)
return NULL;
HEIM_SLIST_INIT(&cred->gc_mc);
return cred;
}

13
lib/gssapi/mech/cred.h
View File

@@ -39,6 +39,18 @@ struct _gss_cred {
struct _gss_mechanism_cred_list gc_mc;
};
struct _gss_cred *
_gss_mg_alloc_cred(void);
void
_gss_mg_release_cred(struct _gss_cred *cred);
struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc);
void
_gss_mg_check_credential(gss_const_cred_id_t credential);
struct _gss_mechanism_name;
OM_uint32
@@ -53,4 +65,3 @@ _gss_mg_add_mech_cred(OM_uint32 *minor_status,
struct _gss_mechanism_cred **output_cred_handle,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec);

5
lib/gssapi/mech/gss_accept_sec_context.c
View File

@@ -249,7 +249,7 @@ gss_accept_sec_context(OM_uint32 *minor_status,
/*
* Make a new name and mark it as an MN.
*/
struct _gss_name *name = _gss_make_name(m, src_mn);
struct _gss_name *name = _gss_create_name(src_mn, m);
if (!name) {
m->gm_release_name(minor_status, &src_mn);
@@ -279,13 +279,12 @@ gss_accept_sec_context(OM_uint32 *minor_status,
struct _gss_cred *dcred;
struct _gss_mechanism_cred *dmc;
dcred = malloc(sizeof(struct _gss_cred));
dcred = _gss_mg_alloc_cred();
if (!dcred) {
*minor_status = ENOMEM;
gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_FAILURE);
}
HEIM_SLIST_INIT(&dcred->gc_mc);
dmc = malloc(sizeof(struct _gss_mechanism_cred));
if (!dmc) {
free(dcred);

4
lib/gssapi/mech/gss_acquire_cred_from.c
View File

@@ -179,14 +179,12 @@ gss_acquire_cred_from(OM_uint32 *minor_status,
} else
mechs = _gss_mech_oids;
cred = calloc(1, sizeof(*cred));
cred = _gss_mg_alloc_cred();
if (cred == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
HEIM_SLIST_INIT(&cred->gc_mc);
if (actual_mechs) {
major_status = gss_create_empty_oid_set(minor_status, actual_mechs);
if (GSS_ERROR(major_status))

6
lib/gssapi/mech/gss_add_cred_from.c
View File

@@ -153,11 +153,11 @@ gss_add_cred_from(OM_uint32 *minor_status,
/* Mutate the input credentials */
mut_cred = rk_UNCONST(input_cred_handle);
} else {
if ((mut_cred = calloc(1, sizeof(*mut_cred))) == NULL) {
mut_cred = _gss_mg_alloc_cred();
if (mut_cred == NULL) {
*minor_status = ENOMEM;
return GSS_S_UNAVAILABLE;
}
HEIM_SLIST_INIT(&mut_cred->gc_mc);
release_cred = (gss_cred_id_t)mut_cred;
}
@@ -214,8 +214,6 @@ done:
major_status = gss_inquire_cred(minor_status,
(gss_const_cred_id_t)mut_cred, NULL,
NULL, NULL, actual_mechs);
if (major_status != GSS_S_COMPLETE)
_gss_mg_error(m, major_status, *minor_status);
}
if (major_status == GSS_S_COMPLETE) {
if (output_cred_handle != NULL)

19
lib/gssapi/mech/gss_canonicalize_name.c
View File

@@ -70,6 +70,8 @@ gss_canonicalize_name(OM_uint32 *minor_status,
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status)
return major_status;
if (mn == NULL)
return GSS_S_BAD_NAME;
m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status,
@@ -83,27 +85,12 @@ gss_canonicalize_name(OM_uint32 *minor_status,
* Now we make a new name and mark it as an MN.
*/
*minor_status = 0;
name = malloc(sizeof(struct _gss_name));
name = _gss_create_name(new_canonical_name, m);
if (!name) {
m->gm_release_name(minor_status, &new_canonical_name);
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
memset(name, 0, sizeof(struct _gss_name));
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn) {
m->gm_release_name(minor_status, &new_canonical_name);
free(name);
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
HEIM_SLIST_INIT(&name->gn_mn);
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
mn->gmn_name = new_canonical_name;
HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
*output_name = (gss_name_t) name;

3
lib/gssapi/mech/gss_cred.c
View File

@@ -133,13 +133,12 @@ gss_import_cred(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
cred = calloc(1, sizeof(struct _gss_cred));
cred = _gss_mg_alloc_cred();
if (cred == NULL) {
krb5_storage_free(sp);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
HEIM_SLIST_INIT(&cred->gc_mc);
*cred_handle = (gss_cred_id_t)cred;

6
lib/gssapi/mech/gss_delete_sec_context.c
View File

@@ -33,13 +33,15 @@ gss_delete_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t output_token)
{
OM_uint32 major_status = GSS_S_COMPLETE;
OM_uint32 major_status;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
if (output_token)
_mg_buffer_zero(output_token);
*minor_status = 0;
major_status = GSS_S_COMPLETE;
if (ctx) {
/*
* If we have an implementation ctx, delete it,
@@ -53,5 +55,5 @@ gss_delete_sec_context(OM_uint32 *minor_status,
*context_handle = GSS_C_NO_CONTEXT;
}
return (major_status);
return major_status;
}

3
lib/gssapi/mech/gss_duplicate_cred.c
View File

@@ -132,12 +132,11 @@ gss_duplicate_cred(OM_uint32 *minor_status,
}
*output_cred_handle = GSS_C_NO_CREDENTIAL;
new_cred = malloc(sizeof(struct _gss_cred));
new_cred = _gss_mg_alloc_cred();
if (!new_cred) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
HEIM_SLIST_INIT(&new_cred->gc_mc);
*minor_status = 0;
major_status = GSS_S_NO_CRED;

4
lib/gssapi/mech/gss_duplicate_name.c
View File

@@ -59,13 +59,11 @@ gss_duplicate_name(OM_uint32 *minor_status,
mn->gmn_mech_oid, &mn2);
}
} else {
new_name = malloc(sizeof(struct _gss_name));
new_name = _gss_create_name(NULL, NULL);
if (!new_name) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
memset(new_name, 0, sizeof(struct _gss_name));
HEIM_SLIST_INIT(&new_name->gn_mn);
*dest_name = (gss_name_t) new_name;
HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {

7
lib/gssapi/mech/gss_import_name.c
View File

@@ -136,7 +136,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
/*
* Now we make a new name and mark it as an MN.
*/
name = _gss_make_name(m, new_canonical_name);
name = _gss_create_name(new_canonical_name, m);
if (!name) {
m->gm_release_name(minor_status, &new_canonical_name);
return (GSS_S_FAILURE);
@@ -215,7 +215,7 @@ gss_import_name(OM_uint32 *minor_status,
*minor_status = 0;
name = calloc(1, sizeof(struct _gss_name));
name = _gss_create_name(NULL, NULL);
if (!name) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
@@ -226,7 +226,8 @@ gss_import_name(OM_uint32 *minor_status,
major_status = _gss_intern_oid(minor_status,
name_type, &name->gn_type);
if (major_status) {
free(name);
rname = (gss_name_t)name;
gss_release_name(&ms, (gss_name_t *)&rname);
return (GSS_S_FAILURE);
}

2
lib/gssapi/mech/gss_init_sec_context.c
View File

@@ -194,7 +194,7 @@ gss_init_sec_context(OM_uint32 * minor_status,
major_status = m->gm_init_sec_context(minor_status,
cred_handle,
&ctx->gc_ctx,
mn->gmn_name,
mn ? mn->gmn_name : GSS_C_NO_NAME,
mech_type,
req_flags,
time_req,

4
lib/gssapi/mech/gss_inquire_context.c
View File

@@ -83,7 +83,7 @@ gss_inquire_context(OM_uint32 *minor_status,
}
if (src_name) {
name = _gss_make_name(m, src_mn);
name = _gss_create_name(src_mn, m);
if (!name) {
if (mech_type)
*mech_type = GSS_C_NO_OID;
@@ -95,7 +95,7 @@ gss_inquire_context(OM_uint32 *minor_status,
}
if (targ_name) {
name = _gss_make_name(m, targ_mn);
name = _gss_create_name(targ_mn, m);
if (!name) {
if (mech_type)
*mech_type = GSS_C_NO_OID;

3
lib/gssapi/mech/gss_inquire_cred.c
View File

@@ -73,12 +73,11 @@ gss_inquire_cred(OM_uint32 *minor_status,
*mechanisms = GSS_C_NO_OID_SET;
if (name_ret) {
name = calloc(1, sizeof(*name));
name = _gss_create_name(NULL, NULL);
if (name == NULL) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
HEIM_SLIST_INIT(&name->gn_mn);
} else {
name = NULL;
}

2
lib/gssapi/mech/gss_inquire_cred_by_mech.c
View File

@@ -78,7 +78,7 @@ gss_inquire_cred_by_mech(OM_uint32 *minor_status,
}
if (cred_name) {
name = _gss_make_name(m, mn);
name = _gss_create_name(mn, m);
if (!name) {
m->gm_release_name(minor_status, &mn);
return (GSS_S_NO_CRED);

62
lib/gssapi/mech/gss_names.c
View File

@@ -2,6 +2,8 @@
* Copyright (c) 2005 Doug Rabson
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -29,8 +31,10 @@
#include "mech_locl.h"
OM_uint32
_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
struct _gss_mechanism_name **output_mn)
_gss_find_mn(OM_uint32 *minor_status,
struct _gss_name *name,
gss_const_OID mech,
struct _gss_mechanism_name ** output_mn)
{
OM_uint32 major_status;
gssapi_mech_interface m;
@@ -38,6 +42,10 @@ _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
*output_mn = NULL;
/* null names are ok, some mechs might not have names */
if (name == NULL)
return GSS_S_COMPLETE;
HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
if (gss_oid_equal(mech, mn->gmn_mech_oid))
break;
@@ -82,28 +90,52 @@ _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
* Make a name from an MN.
*/
struct _gss_name *
_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn)
_gss_create_name(gss_name_t new_mn,
struct gssapi_mech_interface_desc *m)
{
struct _gss_name *name;
struct _gss_mechanism_name *mn;
name = malloc(sizeof(struct _gss_name));
name = calloc(1, sizeof(struct _gss_name));
if (!name)
return (0);
memset(name, 0, sizeof(struct _gss_name));
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn) {
free(name);
return (0);
}
HEIM_SLIST_INIT(&name->gn_mn);
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
mn->gmn_name = new_mn;
HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
if (new_mn) {
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn) {
free(name);
return (0);
}
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
mn->gmn_name = new_mn;
HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
}
return (name);
}
/*
*
*/
void
_gss_mg_release_name(struct _gss_name *name)
{
OM_uint32 junk;
gss_release_oid(&junk, &name->gn_type);
while (HEIM_SLIST_FIRST(&name->gn_mn)) {
struct _gss_mechanism_name *mn;
mn = HEIM_SLIST_FIRST(&name->gn_mn);
HEIM_SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link);
mn->gmn_mech->gm_release_name(&junk, &mn->gmn_name);
free(mn);
}
gss_release_buffer(&junk, &name->gn_value);
free(name);
}

11
lib/gssapi/mech/gss_release_cred.c
View File

@@ -54,18 +54,11 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
{
struct _gss_cred *cred = (struct _gss_cred *) *cred_handle;
struct _gss_mechanism_cred *mc;
if (*cred_handle == GSS_C_NO_CREDENTIAL)
if (cred == NULL)
return (GSS_S_COMPLETE);
while (HEIM_SLIST_FIRST(&cred->gc_mc)) {
mc = HEIM_SLIST_FIRST(&cred->gc_mc);
HEIM_SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link);
mc->gmc_mech->gm_release_cred(minor_status, &mc->gmc_cred);
free(mc);
}
free(cred);
_gss_mg_release_cred(cred);
*minor_status = 0;
*cred_handle = GSS_C_NO_CREDENTIAL;

12
lib/gssapi/mech/gss_release_name.c
View File

@@ -55,18 +55,8 @@ gss_release_name(OM_uint32 *minor_status,
return GSS_S_COMPLETE;
name = (struct _gss_name *) *input_name;
_gss_mg_release_name(name);
gss_release_oid(minor_status, &name->gn_type);
while (HEIM_SLIST_FIRST(&name->gn_mn)) {
struct _gss_mechanism_name *mn;
mn = HEIM_SLIST_FIRST(&name->gn_mn);
HEIM_SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link);
mn->gmn_mech->gm_release_name(minor_status,
&mn->gmn_name);
free(mn);
}
gss_release_buffer(minor_status, &name->gn_value);
free(name);
*input_name = GSS_C_NO_NAME;
return (GSS_S_COMPLETE);

8
lib/gssapi/mech/gss_set_cred_option.c
View File

@@ -50,11 +50,11 @@ gss_set_cred_option (OM_uint32 *minor_status,
if (cred == NULL) {
struct _gss_mech_switch *m;
cred = malloc(sizeof(*cred));
if (cred == NULL)
cred = _gss_mg_alloc_cred();
if (cred == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
HEIM_SLIST_INIT(&cred->gc_mc);
}
HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {

5
lib/gssapi/mech/name.h
View File

@@ -42,7 +42,8 @@ struct _gss_name {
};
OM_uint32
_gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID,
_gss_find_mn(OM_uint32 *, struct _gss_name *, gss_const_OID,
struct _gss_mechanism_name **);
struct _gss_name *
_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn);
_gss_create_name(gss_name_t new_mn, gssapi_mech_interface m);
void _gss_mg_release_name(struct _gss_name *);