diff options
| author | Solly Ross <sross@redhat.com> | 2015-03-05 13:22:58 -0500 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2015-05-12 15:37:15 -0400 |
| commit | 9c2a5dd4dc2122e5e43cdc49069184f5c3dc7d95 (patch) | |
| tree | 2f0e559ee5183a03cf3561b88fad0847459def74 | |
| parent | adeec7bcf86bb2af15850d511598dcd83f6a603a (diff) | |
| download | krb5-9c2a5dd4dc2122e5e43cdc49069184f5c3dc7d95.zip krb5-9c2a5dd4dc2122e5e43cdc49069184f5c3dc7d95.tar.gz krb5-9c2a5dd4dc2122e5e43cdc49069184f5c3dc7d95.tar.bz2 | |
Import names immediately with COMPOSITE_EXPORT
RFC 6680 specifies that GSS_Export_name_composite() "outputs a token that
"can be imported with GSS_Import_name(), using GSS_C_NT_COMPOSITE_EXPORT
as the name type...". Therefore, in the gss_import_name mechglue, we
should perform the import process imediately when either
GSS_C_NT_COMPOSITE_EXPORT or GSS_C_NT_EXPORT_NAME are used (not just
for the later, as is the current functionality).
The naming extension test was also updated to display the result
of importing with GSS_C_NT_COMPOSITE_EXPORT in addition to
GSS_C_NT_EXPORT_NAME.
[ghudson@mit.edu: minor style changes]
(cherry picked from commit 29dec110c43ae9cebdcd935906a3131ca9ac0c99)
(cherry picked from commit f2302383dd3a32bf22f437c4e1d10533323db5dc)
ticket: 8182 (new)
version_fixed: 1.12.4
status: resolved
| -rw-r--r-- | src/lib/gssapi/mechglue/g_imp_name.c | 15 | ||||
| -rw-r--r-- | src/tests/gssapi/t_export_name.c | 17 | ||||
| -rwxr-xr-x | src/tests/gssapi/t_gssapi.py | 5 | ||||
| -rw-r--r-- | src/tests/gssapi/t_namingexts.c | 24 |
4 files changed, 51 insertions, 10 deletions
diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c index b2c5091..374965b 100644 --- a/src/lib/gssapi/mechglue/g_imp_name.c +++ b/src/lib/gssapi/mechglue/g_imp_name.c @@ -36,7 +36,7 @@ #include <errno.h> /* local function to import GSS_C_EXPORT_NAME names */ -static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t); +static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t, gss_OID); static OM_uint32 val_imp_name_args( @@ -151,8 +151,9 @@ gss_name_t * output_name; * do however make this an MN for names of GSS_C_NT_EXPORT_NAME type. */ if (input_name_type != GSS_C_NULL_OID && - g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { - major_status = importExportName(minor_status, union_name); + (g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME) || + g_OID_equal(input_name_type, GSS_C_NT_COMPOSITE_EXPORT))) { + major_status = importExportName(minor_status, union_name, input_name_type); if (major_status != GSS_S_COMPLETE) goto allocation_failure; } @@ -188,9 +189,10 @@ static const unsigned int mechOidLenLen = 2; static const unsigned int nameTypeLenLen = 2; static OM_uint32 -importExportName(minor, unionName) +importExportName(minor, unionName, inputNameType) OM_uint32 *minor; gss_union_name_t unionName; + gss_OID inputNameType; { gss_OID_desc mechOid; gss_buffer_desc expName; @@ -263,11 +265,10 @@ importExportName(minor, unionName) if (mech->gss_export_name) { if (mech->gssspi_import_name_by_mech) { major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName, - GSS_C_NT_EXPORT_NAME, + inputNameType, &unionName->mech_name); } else { - major = mech->gss_import_name(minor, &expName, - GSS_C_NT_EXPORT_NAME, + major = mech->gss_import_name(minor, &expName, inputNameType, &unionName->mech_name); } if (major != GSS_S_COMPLETE) diff --git a/src/tests/gssapi/t_export_name.c b/src/tests/gssapi/t_export_name.c index 676ac54..5f3eccf 100644 --- a/src/tests/gssapi/t_export_name.c +++ b/src/tests/gssapi/t_export_name.c @@ -57,6 +57,8 @@ main(int argc, char *argv[]) gss_OID mech = (gss_OID)gss_mech_krb5; gss_name_t name, mechname, impname; gss_buffer_desc buf, buf2; + krb5_boolean use_composite = FALSE; + gss_OID ntype; const char *name_arg; char opt; @@ -68,6 +70,8 @@ main(int argc, char *argv[]) mech = &mech_krb5; else if (opt == 's') mech = &mech_spnego; + else if (opt == 'c') + use_composite = TRUE; else usage(); } @@ -81,13 +85,20 @@ main(int argc, char *argv[]) /* Canonicalize and export the name. */ major = gss_canonicalize_name(&minor, name, mech, &mechname); check_gsserr("gss_canonicalize_name", major, minor); - major = gss_export_name(&minor, mechname, &buf); + if (use_composite) + major = gss_export_name_composite(&minor, mechname, &buf); + else + major = gss_export_name(&minor, mechname, &buf); check_gsserr("gss_export_name", major, minor); /* Import and re-export the name, and compare the results. */ - major = gss_import_name(&minor, &buf, GSS_C_NT_EXPORT_NAME, &impname); + ntype = use_composite ? GSS_C_NT_COMPOSITE_EXPORT : GSS_C_NT_EXPORT_NAME; + major = gss_import_name(&minor, &buf, ntype, &impname); check_gsserr("gss_export_name", major, minor); - major = gss_export_name(&minor, impname, &buf2); + if (use_composite) + major = gss_export_name_composite(&minor, mechname, &buf2); + else + major = gss_export_name(&minor, mechname, &buf2); check_gsserr("gss_export_name", major, minor); if (buf.length != buf2.length || memcmp(buf.value, buf2.value, buf.length) != 0) { diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py index 2021c90..80ff5c4 100755 --- a/src/tests/gssapi/t_gssapi.py +++ b/src/tests/gssapi/t_gssapi.py @@ -182,6 +182,11 @@ output = realm.run(['./t_export_name', '-s', 'p:a@b']) if output != '0401000806062B060105050200000003614062\n': fail('Unexpected output from t_export_name (SPNEGO krb5 principal)') +# Test that composite-export tokens can be imported. +output = realm.run(['./t_export_name', '-c', 'p:a@b']) +if (output != '0402000B06092A864886F7120102020000000361406200000000\n'): + fail('Unexpected output from t_export_name (using COMPOSITE_EXPORT)') + # Test gss_inquire_mechs_for_name behavior. krb5_mech = '{ 1 2 840 113554 1 2 2 }' spnego_mech = '{ 1 3 6 1 5 5 2 }' diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c index c7bfe3e..739592b 100644 --- a/src/tests/gssapi/t_namingexts.c +++ b/src/tests/gssapi/t_namingexts.c @@ -32,11 +32,26 @@ static int use_spnego = 0; static void +display_name(const char *tag, gss_name_t name) +{ + OM_uint32 major, minor; + gss_buffer_desc buf; + + major = gss_display_name(&minor, name, &buf, NULL); + check_gsserr("gss_display_name", major, minor); + + printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value); + + (void)gss_release_buffer(&minor, &buf); +} + +static void test_export_import_name(gss_name_t name) { OM_uint32 major, minor; gss_buffer_desc exported_name = GSS_C_EMPTY_BUFFER; gss_name_t imported_name = GSS_C_NO_NAME; + gss_name_t imported_name_comp = GSS_C_NO_NAME; unsigned int i; major = gss_export_name_composite(&minor, name, &exported_name); @@ -53,6 +68,10 @@ test_export_import_name(gss_name_t name) major = gss_import_name(&minor, &exported_name, GSS_C_NT_EXPORT_NAME, &imported_name); check_gsserr("gss_import_name", major, minor); + + major = gss_import_name(&minor, &exported_name, GSS_C_NT_COMPOSITE_EXPORT, + &imported_name_comp); + check_gsserr("gss_import_name", major, minor); (void)gss_release_buffer(&minor, &exported_name); printf("\n"); @@ -60,7 +79,12 @@ test_export_import_name(gss_name_t name) printf("Re-imported attributes:\n\n"); enumerate_attributes(imported_name, 0); + display_name("Re-imported (as composite) name", imported_name_comp); + printf("Re-imported (as composite) attributes:\n\n"); + enumerate_attributes(imported_name_comp, 0); + (void)gss_release_name(&minor, &imported_name); + (void)gss_release_name(&minor, &imported_name_comp); } static void |