oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: remove SPNEGO name wrappers

Browse Source 
Wrapping GSS names at the SPNEGO level serves no purpose; remove it and return
mechglue names directly. This required a small change to the NTLM mechanism to
allow NULL names to be passed to its release name function.
This commit is contained in:
Luke Howard
2020-01-02 16:30:42 +11:00
parent e80248ed36
commit ae5c60286a
6 changed files with 30 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/gssapi/ntlm/release_name.c
View File

@@ -41,7 +41,7 @@ _gss_ntlm_release_name
{
if (minor_status)
*minor_status = 0;
if (input_name) {
if (input_name && *input_name) {
ntlm_name n = (ntlm_name)*input_name;
*input_name = GSS_C_NO_NAME;
free(n->user);

28
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -665,16 +665,10 @@ out:
if (ret == GSS_S_COMPLETE) {
if (src_name != NULL && ctx->mech_src_name != NULL) {
spnego_name name;
name = calloc(1, sizeof(*name));
if (name) {
name->mech = ctx->mech_src_name;
ctx->mech_src_name = NULL;
*src_name = (gss_name_t)name;
}
}
if (src_name != NULL && ctx->mech_src_name != GSS_C_NO_NAME)
ret = gss_duplicate_name(minor_status,
ctx->mech_src_name,
src_name);
}
if (mech_type != NULL)
@@ -853,16 +847,10 @@ acceptor_continue
}
if (ret == GSS_S_COMPLETE) {
if (src_name != NULL && ctx->mech_src_name != NULL) {
spnego_name name;
name = calloc(1, sizeof(*name));
if (name) {
name->mech = ctx->mech_src_name;
ctx->mech_src_name = NULL;
*src_name = (gss_name_t)name;
}
}
if (src_name != NULL && ctx->mech_src_name != GSS_C_NO_NAME)
ret = gss_duplicate_name(minor_status,
ctx->mech_src_name,
src_name);
}
if (mech_type != NULL)

117
lib/gssapi/spnego/context_stubs.c
View File

@@ -269,21 +269,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name
int * name_equal
)
{
spnego_name n1 = (spnego_name)name1;
spnego_name n2 = (spnego_name)name2;
*name_equal = 0;
if (!gss_oid_equal(n1->type, n2->type))
return GSS_S_COMPLETE;
if (n1->value.length != n2->value.length)
return GSS_S_COMPLETE;
if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0)
return GSS_S_COMPLETE;
*name_equal = 1;
return GSS_S_COMPLETE;
return gss_compare_name(minor_status, name1, name2, name_equal);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name
@@ -293,14 +279,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name
gss_OID * output_name_type
)
{
spnego_name name = (spnego_name)input_name;
*minor_status = 0;
if (name == NULL || name->mech == GSS_C_NO_NAME)
return GSS_S_FAILURE;
return gss_display_name(minor_status, name->mech,
return gss_display_name(minor_status, input_name,
output_name_buffer, output_name_type);
}
@@ -311,33 +290,8 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_name
gss_name_t * output_name
)
{
spnego_name name;
OM_uint32 maj_stat;
*minor_status = 0;
name = calloc(1, sizeof(*name));
if (name == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
maj_stat = _gss_intern_oid(minor_status, name_type, &name->type);
if (maj_stat) {
free(name);
return GSS_S_FAILURE;
}
maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value);
if (maj_stat) {
gss_name_t rname = (gss_name_t)name;
_gss_spnego_release_name(minor_status, &rname);
return GSS_S_FAILURE;
}
name->mech = GSS_C_NO_NAME;
*output_name = (gss_name_t)name;
return GSS_S_COMPLETE;
return gss_import_name(minor_status, name_buffer,
name_type, output_name);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name
@@ -346,17 +300,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name
gss_buffer_t exported_name
)
{
spnego_name name;
*minor_status = 0;
if (input_name == GSS_C_NO_NAME)
return GSS_S_BAD_NAME;
name = (spnego_name)input_name;
if (name->mech == GSS_C_NO_NAME)
return GSS_S_BAD_NAME;
return gss_export_name(minor_status, name->mech, exported_name);
return gss_export_name(minor_status, input_name, exported_name);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name
@@ -364,19 +308,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name
gss_name_t * input_name
)
{
*minor_status = 0;
if (*input_name != GSS_C_NO_NAME) {
OM_uint32 junk;
spnego_name name = (spnego_name)*input_name;
gss_release_buffer(&junk, &name->value);
if (name->mech != GSS_C_NO_NAME)
gss_release_name(&junk, &name->mech);
free(name);
*input_name = GSS_C_NO_NAME;
}
return GSS_S_COMPLETE;
return gss_release_name(minor_status, input_name);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
@@ -392,8 +324,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
)
{
gssspnego_ctx ctx;
OM_uint32 maj_stat, junk;
gss_name_t src_mn, targ_mn;
OM_uint32 maj_stat;
*minor_status = 0;
@@ -407,43 +338,15 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
maj_stat = gss_inquire_context(minor_status,
ctx->negotiated_ctx_id,
&src_mn,
&targ_mn,
src_name,
targ_name,
lifetime_rec,
mech_type,
ctx_flags,
locally_initiated,
open_context);
if (maj_stat != GSS_S_COMPLETE)
return maj_stat;
if (src_name) {
spnego_name name = calloc(1, sizeof(*name));
if (name == NULL)
goto enomem;
name->mech = src_mn;
*src_name = (gss_name_t)name;
} else
gss_release_name(&junk, &src_mn);
if (targ_name) {
spnego_name name = calloc(1, sizeof(*name));
if (name == NULL) {
gss_release_name(minor_status, src_name);
goto enomem;
}
name->mech = targ_mn;
*targ_name = (gss_name_t)name;
} else
gss_release_name(&junk, &targ_mn);
return GSS_S_COMPLETE;
enomem:
gss_release_name(&junk, &targ_mn);
gss_release_name(&junk, &src_mn);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
return maj_stat;
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit (

89
lib/gssapi/spnego/cred_stubs.c
View File

@@ -67,8 +67,6 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred_from
OM_uint32 * time_rec
)
{
const spnego_name dname = (const spnego_name)desired_name;
gss_name_t name = GSS_C_NO_NAME;
OM_uint32 ret, tmp;
gss_OID_set_desc actual_desired_mechs;
gss_OID_set mechs;
@@ -76,18 +74,9 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred_from
*output_cred_handle = GSS_C_NO_CREDENTIAL;
if (dname) {
ret = gss_import_name(minor_status, &dname->value, dname->type, &name);
if (ret) {
return ret;
}
}
ret = gss_indicate_mechs(minor_status, &mechs);
if (ret != GSS_S_COMPLETE) {
gss_release_name(minor_status, &name);
if (ret != GSS_S_COMPLETE)
return ret;
}
/* Remove ourselves from this list */
actual_desired_mechs.count = mechs->count;
@@ -108,20 +97,16 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred_from
}
actual_desired_mechs.count = j;
ret = gss_acquire_cred_from(minor_status, name,
ret = gss_acquire_cred_from(minor_status, desired_name,
time_req, &actual_desired_mechs,
cred_usage, cred_store,
output_cred_handle,
actual_mechs, time_rec);
if (ret != GSS_S_COMPLETE)
goto out;
out:
gss_release_name(&tmp, &name);
gss_release_oid_set(&tmp, &mechs);
if (actual_desired_mechs.elements != NULL) {
free(actual_desired_mechs.elements);
}
if (ret != GSS_S_COMPLETE) {
_gss_spnego_release_cred(&tmp, output_cred_handle);
}
@@ -138,37 +123,13 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
gss_OID_set * mechanisms
)
{
spnego_name sname = NULL;
OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = 0;
return GSS_S_NO_CRED;
}
if (name) {
sname = calloc(1, sizeof(*sname));
if (sname == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
ret = gss_inquire_cred(minor_status,
cred_handle,
sname ? &sname->mech : NULL,
lifetime,
cred_usage,
mechanisms);
if (ret) {
if (sname)
free(sname);
return ret;
}
if (name)
*name = (gss_name_t)sname;
return ret;
return gss_inquire_cred(minor_status, cred_handle, name,
lifetime, cred_usage, mechanisms);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
@@ -181,39 +142,14 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
gss_cred_usage_t * cred_usage
)
{
spnego_name sname = NULL;
OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = 0;
return GSS_S_NO_CRED;
}
if (name) {
sname = calloc(1, sizeof(*sname));
if (sname == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
ret = gss_inquire_cred_by_mech(minor_status,
cred_handle,
mech_type,
sname ? &sname->mech : NULL,
initiator_lifetime,
acceptor_lifetime,
cred_usage);
if (ret) {
if (sname)
free(sname);
return ret;
}
if (name)
*name = (gss_name_t)sname;
return GSS_S_COMPLETE;
return gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type,
name, initiator_lifetime,
acceptor_lifetime, cred_usage);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
@@ -222,19 +158,14 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
OM_uint32 ret;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = 0;
return GSS_S_NO_CRED;
}
ret = gss_inquire_cred_by_oid(minor_status,
cred_handle,
desired_object,
data_set);
return gss_inquire_cred_by_oid(minor_status, cred_handle,
desired_object, data_set);
return ret;
}
OM_uint32 GSSAPI_CALLCONV

3
lib/gssapi/spnego/init_sec_context.c
View File

@@ -206,7 +206,6 @@ spnego_initial
size_t ni_len;
gss_ctx_id_t context;
gssspnego_ctx ctx;
spnego_name name = (spnego_name)target_name;
*minor_status = 0;
@@ -228,7 +227,7 @@ spnego_initial
ctx->local = 1;
sub = gss_import_name(&minor, &name->value, name->type, &ctx->target_name);
sub = gss_duplicate_name(&minor, target_name, &ctx->target_name);
if (GSS_ERROR(sub)) {
*minor_status = minor;
_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);

6
lib/gssapi/spnego/spnego_locl.h
View File

@@ -97,12 +97,6 @@ typedef struct {
} *gssspnego_ctx;
typedef struct {
gss_OID type;
gss_buffer_desc value;
gss_name_t mech;
} *spnego_name;
extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;