gss: remove SPNEGO name wrappers

Wrapping GSS names at the SPNEGO level serves no purpose; remove it and return
mechglue names directly. This required a small change to the NTLM mechanism to
allow NULL names to be passed to its release name function.

lib/gssapi/ntlm/release_name.c

@@ -41,7 +41,7 @@ _gss_ntlm_release_name
 {
     if (minor_status)
 	*minor_status = 0;
-    if (input_name) {
+    if (input_name && *input_name) {
 	ntlm_name n = (ntlm_name)*input_name;
 	*input_name = GSS_C_NO_NAME;
 	free(n->user);

lib/gssapi/spnego/accept_sec_context.c

@@ -665,16 +665,10 @@ out:
 
 
     if (ret == GSS_S_COMPLETE) {
-	if (src_name != NULL && ctx->mech_src_name != NULL) {
+	if (src_name != NULL && ctx->mech_src_name != GSS_C_NO_NAME)
-	    spnego_name name;
+	    ret = gss_duplicate_name(minor_status,
-
+				     ctx->mech_src_name,
-	    name = calloc(1, sizeof(*name));
+				     src_name);
-	    if (name) {
-		name->mech = ctx->mech_src_name;
-		ctx->mech_src_name = NULL;
-		*src_name = (gss_name_t)name;
-	    }
-	}
     }
 
     if (mech_type != NULL)
@@ -853,16 +847,10 @@ acceptor_continue
     }
 
     if (ret == GSS_S_COMPLETE) {
-	if (src_name != NULL && ctx->mech_src_name != NULL) {
+	if (src_name != NULL && ctx->mech_src_name != GSS_C_NO_NAME)
-	    spnego_name name;
+	    ret = gss_duplicate_name(minor_status,
-
+				     ctx->mech_src_name,
-	    name = calloc(1, sizeof(*name));
+				     src_name);
-	    if (name) {
-		name->mech = ctx->mech_src_name;
-		ctx->mech_src_name = NULL;
-		*src_name = (gss_name_t)name;
-	    }
-	}
     }
 
     if (mech_type != NULL)

lib/gssapi/spnego/context_stubs.c

@@ -269,21 +269,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name
             int * name_equal
            )
 {
-    spnego_name n1 = (spnego_name)name1;
+    return gss_compare_name(minor_status, name1, name2, name_equal);
-    spnego_name n2 = (spnego_name)name2;
-
-    *name_equal = 0;
-
-    if (!gss_oid_equal(n1->type, n2->type))
-	return GSS_S_COMPLETE;
-    if (n1->value.length != n2->value.length)
-	return GSS_S_COMPLETE;
-    if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0)
-	return GSS_S_COMPLETE;
-
-    *name_equal = 1;
-
-    return GSS_S_COMPLETE;
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name
@@ -293,14 +279,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name
             gss_OID * output_name_type
            )
 {
-    spnego_name name = (spnego_name)input_name;
+    return gss_display_name(minor_status, input_name,
-
-    *minor_status = 0;
-
-    if (name == NULL || name->mech == GSS_C_NO_NAME)
-	return GSS_S_FAILURE;
-
-    return gss_display_name(minor_status, name->mech,
 			    output_name_buffer, output_name_type);
 }
 
@@ -311,33 +290,8 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_name
             gss_name_t * output_name
            )
 {
-    spnego_name name;
+    return gss_import_name(minor_status, name_buffer,
-    OM_uint32 maj_stat;
+			   name_type, output_name);
-
-    *minor_status = 0;
-
-    name = calloc(1, sizeof(*name));
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    maj_stat = _gss_intern_oid(minor_status, name_type, &name->type);
-    if (maj_stat) {
-	free(name);
-	return GSS_S_FAILURE;
-    }
-
-    maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value);
-    if (maj_stat) {
-	gss_name_t rname = (gss_name_t)name;
-	_gss_spnego_release_name(minor_status, &rname);
-	return GSS_S_FAILURE;
-    }
-    name->mech = GSS_C_NO_NAME;
-    *output_name = (gss_name_t)name;
-
-    return GSS_S_COMPLETE;
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name
@@ -346,17 +300,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name
             gss_buffer_t exported_name
            )
 {
-    spnego_name name;
+    return gss_export_name(minor_status, input_name, exported_name);
-    *minor_status = 0;
-
-    if (input_name == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    name = (spnego_name)input_name;
-    if (name->mech == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    return gss_export_name(minor_status, name->mech, exported_name);
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name
@@ -364,19 +308,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name
             gss_name_t * input_name
            )
 {
-    *minor_status = 0;
+    return gss_release_name(minor_status, input_name);
-
-    if (*input_name != GSS_C_NO_NAME) {
-	OM_uint32 junk;
-	spnego_name name = (spnego_name)*input_name;
-	gss_release_buffer(&junk, &name->value);
-	if (name->mech != GSS_C_NO_NAME)
-	    gss_release_name(&junk, &name->mech);
-	free(name);
-
-	*input_name = GSS_C_NO_NAME;
-    }
-    return GSS_S_COMPLETE;
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
@@ -392,8 +324,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
            )
 {
     gssspnego_ctx ctx;
-    OM_uint32 maj_stat, junk;
+    OM_uint32 maj_stat;
-    gss_name_t src_mn, targ_mn;
 
     *minor_status = 0;
 
@@ -407,43 +338,15 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context (
 
     maj_stat = gss_inquire_context(minor_status,
 				   ctx->negotiated_ctx_id,
-				   &src_mn,
+				   src_name,
-				   &targ_mn,
+				   targ_name,
 				   lifetime_rec,
 				   mech_type,
 				   ctx_flags,
 				   locally_initiated,
 				   open_context);
-    if (maj_stat != GSS_S_COMPLETE)
+
     return maj_stat;
-
-    if (src_name) {
-	spnego_name name = calloc(1, sizeof(*name));
-	if (name == NULL)
-	    goto enomem;
-	name->mech = src_mn;
-	*src_name = (gss_name_t)name;
-    } else
-	gss_release_name(&junk, &src_mn);
-
-    if (targ_name) {
-	spnego_name name = calloc(1, sizeof(*name));
-	if (name == NULL) {
-	    gss_release_name(minor_status, src_name);
-	    goto enomem;
-	}
-	name->mech = targ_mn;
-	*targ_name = (gss_name_t)name;
-    } else
-	gss_release_name(&junk, &targ_mn);
-
-    return GSS_S_COMPLETE;
-
-enomem:
-    gss_release_name(&junk, &targ_mn);
-    gss_release_name(&junk, &src_mn);
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit (

lib/gssapi/spnego/cred_stubs.c

@@ -67,8 +67,6 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred_from
  OM_uint32 * time_rec
     )
 {
-    const spnego_name dname = (const spnego_name)desired_name;
-    gss_name_t name = GSS_C_NO_NAME;
     OM_uint32 ret, tmp;
     gss_OID_set_desc actual_desired_mechs;
     gss_OID_set mechs;
@@ -76,18 +74,9 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred_from
 
     *output_cred_handle = GSS_C_NO_CREDENTIAL;
 
-    if (dname) {
-	ret = gss_import_name(minor_status, &dname->value, dname->type, &name);
-	if (ret) {
-	    return ret;
-	}
-    }
-
     ret = gss_indicate_mechs(minor_status, &mechs);
-    if (ret != GSS_S_COMPLETE) {
+    if (ret != GSS_S_COMPLETE)
-	gss_release_name(minor_status, &name);
 	return ret;
-    }
 
     /* Remove ourselves from this list */
     actual_desired_mechs.count = mechs->count;
@@ -108,20 +97,16 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred_from
     }
     actual_desired_mechs.count = j;
 
-    ret = gss_acquire_cred_from(minor_status, name,
+    ret = gss_acquire_cred_from(minor_status, desired_name,
 				time_req, &actual_desired_mechs,
 				cred_usage, cred_store,
 				output_cred_handle,
 				actual_mechs, time_rec);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-out:
-    gss_release_name(&tmp, &name);
     gss_release_oid_set(&tmp, &mechs);
     if (actual_desired_mechs.elements != NULL) {
 	free(actual_desired_mechs.elements);
     }
+
     if (ret != GSS_S_COMPLETE) {
 	_gss_spnego_release_cred(&tmp, output_cred_handle);
     }
@@ -138,37 +123,13 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
             gss_OID_set * mechanisms
            )
 {
-    spnego_name sname = NULL;
-    OM_uint32 ret;
-
     if (cred_handle == GSS_C_NO_CREDENTIAL) {
 	*minor_status = 0;
 	return GSS_S_NO_CRED;
     }
 
-    if (name) {
+    return gss_inquire_cred(minor_status, cred_handle, name,
-	sname = calloc(1, sizeof(*sname));
+			    lifetime, cred_usage, mechanisms);
-	if (sname == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    ret = gss_inquire_cred(minor_status,
-			   cred_handle,
-			   sname ? &sname->mech : NULL,
-			   lifetime,
-			   cred_usage,
-			   mechanisms);
-    if (ret) {
-	if (sname)
-	    free(sname);
-	return ret;
-    }
-    if (name)
-	*name = (gss_name_t)sname;
-
-    return ret;
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
@@ -181,39 +142,14 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
             gss_cred_usage_t * cred_usage
            )
 {
-    spnego_name sname = NULL;
-    OM_uint32 ret;
-
     if (cred_handle == GSS_C_NO_CREDENTIAL) {
 	*minor_status = 0;
 	return GSS_S_NO_CRED;
     }
 
-    if (name) {
+    return gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type,
-	sname = calloc(1, sizeof(*sname));
+				   name, initiator_lifetime,
-	if (sname == NULL) {
+				   acceptor_lifetime, cred_usage);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    ret = gss_inquire_cred_by_mech(minor_status,
-				   cred_handle,
-				   mech_type,
-				   sname ? &sname->mech : NULL,
-				   initiator_lifetime,
-				   acceptor_lifetime,
-				   cred_usage);
-
-    if (ret) {
-	if (sname)
-	    free(sname);
-	return ret;
-    }
-    if (name)
-	*name = (gss_name_t)sname;
-
-    return GSS_S_COMPLETE;
 }
 
 OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
@@ -222,19 +158,14 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
             const gss_OID desired_object,
             gss_buffer_set_t *data_set)
 {
-    OM_uint32 ret;
-
     if (cred_handle == GSS_C_NO_CREDENTIAL) {
 	*minor_status = 0;
 	return GSS_S_NO_CRED;
     }
 
-    ret = gss_inquire_cred_by_oid(minor_status,
+    return gss_inquire_cred_by_oid(minor_status, cred_handle,
-				  cred_handle,
+				   desired_object, data_set);
-				  desired_object,
-				  data_set);
 
-    return ret;
 }
 
 OM_uint32 GSSAPI_CALLCONV

lib/gssapi/spnego/init_sec_context.c

@@ -206,7 +206,6 @@ spnego_initial
     size_t ni_len;
     gss_ctx_id_t context;
     gssspnego_ctx ctx;
-    spnego_name name = (spnego_name)target_name;
 
     *minor_status = 0;
 
@@ -228,7 +227,7 @@ spnego_initial
 
     ctx->local = 1;
 
-    sub = gss_import_name(&minor, &name->value, name->type, &ctx->target_name);
+    sub = gss_duplicate_name(&minor, target_name, &ctx->target_name);
     if (GSS_ERROR(sub)) {
 	*minor_status = minor;
 	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);

lib/gssapi/spnego/spnego_locl.h

@@ -97,12 +97,6 @@ typedef struct {
 
 } *gssspnego_ctx;
 
-typedef struct {
-	gss_OID			type;
-	gss_buffer_desc		value;
-	gss_name_t		mech;
-} *spnego_name;
-
 extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
 extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;