gssspi_mech_invoke() is superfluous for mech_krb5, it's only useful for

mechanisms that are dynamically loaded (in which case the mechanism
would provide a separate library with mechanism-specific APIs that
wrapped gsspi_mech_invoke())

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21649 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 30 insertions, 193 deletions

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 98617d5..5fec0d5 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -97,11 +97,8 @@ k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER;
 static char *krb5_gss_keytab = NULL;
 
 /* Heimdal calls this gsskrb5_register_acceptor_identity. */
-OM_uint32
-gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
-				       const gss_OID desired_mech,
-				       const gss_OID desired_object,
-				       gss_buffer_t value)
+OM_uint32 KRB5_CALLCONV
+krb5_gss_register_acceptor_identity(const char *keytab)
 {
     char *new, *old;
     int err;
@@ -110,10 +107,10 @@ gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
     if (err != 0)
         return GSS_S_FAILURE;
 
-    if (value->value == NULL)
-        return GSS_S_FAILURE;
+    if (keytab == NULL)
+        return GSS_S_CALL_INACCESSIBLE_READ;
 
-    new = strdup((char *)value->value);
+    new = strdup(keytab);
     if (new == NULL)
         return GSS_S_FAILURE;
 
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 9a664c9..7440097 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -806,7 +806,7 @@ int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
  */
 
 #define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11
-#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02"
+#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
 
 OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags
 (OM_uint32 *minor_status,
@@ -815,7 +815,7 @@ OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags
  gss_buffer_set_t *data_set);
 
 #define GSS_KRB5_COPY_CCACHE_OID_LENGTH 11
-#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
+#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02"
 
 OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache
 (OM_uint32 *minor_status,
@@ -824,7 +824,7 @@ OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache
  const gss_buffer_t value);
 
 #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11
-#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
+#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
 
 struct krb5_gss_set_allowable_enctypes_req {
     OM_uint32 num_ktypes;
@@ -838,7 +838,7 @@ gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
                                    const gss_buffer_t value);
 
 #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
+#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
 
 OM_uint32
 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
@@ -846,32 +846,10 @@ gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
                                      const gss_OID desired_object,
                                      gss_buffer_set_t *data_set);
 
-#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
-
-OM_uint32
-gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
-				   const gss_OID, gss_buffer_t);
-
-extern k5_mutex_t kg_kdc_flag_mutex;
-krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
-
-#define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c"
-
-OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
-				      const gss_OID, gss_buffer_t);
-
-krb5_error_code krb5_gss_use_kdc_context(void);
-
-#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11
-#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
-
-OM_uint32
-gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
+/* 1.2.840.113554.1.2.2.5.5 reserved for GSS_C_INQ_SSPI_SESSION_KEY */
 
 #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
+#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
 
 OM_uint32
 gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
@@ -879,28 +857,20 @@ gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
 						const gss_OID desired_object,
 						gss_buffer_set_t *ad_data);
 
-#if 0
-#define GSS_KRB5_SET_ACCEPTOR_ALIAS_OID_LENGTH 11
-#define GSS_KRB5_SET_ACCEPTOR_ALIAS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
-
-OM_uint32
-gss_krb5int_set_cred_alias(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
-#endif
-
 #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
-#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
 
 OM_uint32
 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
 
 #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
-#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0d"
+#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
 
 OM_uint32
 gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t);
 
 #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0e"
+#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
 
 OM_uint32
 gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
@@ -916,6 +886,10 @@ void gss_krb5int_lib_fini(void);
 OM_uint32 gss_krb5int_initialize_library(void);
 void gss_krb5int_cleanup_library(void);
 
+extern k5_mutex_t kg_kdc_flag_mutex;
+krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
+krb5_error_code krb5_gss_use_kdc_context(void);
+
 /* For error message handling.  */
 /* Returns a shared string, not a private copy!  */
 extern char *
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 1b1e11d..272ce21 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -987,25 +987,19 @@ krb5_gss_init_context (krb5_context *ctxp)
 }
 
 #ifndef _WIN32
-OM_uint32
-krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
-			    const gss_OID desired_mech,
-			    const gss_OID desired_object,
-			    gss_buffer_t value)
+krb5_error_code
+krb5_gss_use_kdc_context()
 {
-    OM_uint32 err;
-
-    *minor_status = 0;
+    krb5_error_code err;
 
     err = gss_krb5int_initialize_library();
     if (err)
-        return err;
-    *minor_status = k5_mutex_lock(&kg_kdc_flag_mutex);
-    if (*minor_status) {
-	return GSS_S_FAILURE;
-    }
+	return err;
+    err = k5_mutex_lock(&kg_kdc_flag_mutex);
+    if (err)
+	return err;
     kdc_flag = 1;
     k5_mutex_unlock(&kg_kdc_flag_mutex);
-    return GSS_S_COMPLETE;
+    return 0;
 }
 #endif
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index 62ce567..4c86a3b 100644
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -307,61 +307,6 @@ krb5_gssspi_set_cred_option(OM_uint32 *minor_status,
     return GSS_S_UNAVAILABLE;
 }
 
-/*
- * gssspi_mech_invoke() methods
- */
-static struct {
-    gss_OID_desc oid;
-    OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
-} krb5_gssspi_mech_invoke_ops[] = {
-    {
-	{GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
-	gss_krb5int_register_acceptor_identity
-    },
-    {
-	{GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
-	gss_krb5int_free_lucid_sec_context
-    },
-    {
-	{GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
-	krb5int_gss_use_kdc_context
-    }
-};
-
-static OM_uint32
-krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
-			 const gss_OID desired_mech,
-			 const gss_OID desired_object,
-			 gss_buffer_t value)
-{
-    size_t i;
-
-    if (minor_status == NULL)
-	return GSS_S_CALL_INACCESSIBLE_WRITE;
-
-    *minor_status = 0;
-
-    if (desired_mech == GSS_C_NO_OID)
-	return GSS_S_BAD_MECH;
-
-    if (desired_object == GSS_C_NO_OID)
-	return GSS_S_CALL_INACCESSIBLE_READ;
-
-    for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
-		    sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
-	if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
-	    return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
-							  desired_mech,
-							  desired_object,
-							  value);
-	}
-    }
-
-    *minor_status = EINVAL;
-
-    return GSS_S_UNAVAILABLE;
-}
-
 static struct gss_config krb5_mechanism = {
     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
     NULL,                                               
@@ -413,7 +358,7 @@ static struct gss_config krb5_mechanism = {
     krb5_gss_inquire_cred_by_oid,
     krb5_gss_set_sec_context_option,
     krb5_gssspi_set_cred_option,
-    krb5_gssspi_mech_invoke,
+    NULL,			 /* mech_invoke */
     NULL,		 /* wrap_aead */	
     NULL,		 /* unwrap_aead */	
     krb5_gss_wrap_iov,
@@ -689,70 +634,6 @@ gss_krb5_set_allowable_enctypes(
     return major_status;
 }
 
-OM_uint32 KRB5_CALLCONV
-gss_krb5_free_lucid_sec_context(
-    OM_uint32 *minor_status,
-    void *kctx)
-{
-    static const gss_OID_desc const req_oid = {
-	GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
-	GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
-    OM_uint32 major_status;
-    gss_buffer_desc req_buffer;
-
-    req_buffer.length = sizeof(kctx);
-    req_buffer.value = kctx;
-
-    major_status = gssspi_mech_invoke(minor_status,
-				      (const gss_OID)gss_mech_krb5,
-				      (const gss_OID)&req_oid,
-				      &req_buffer);
-
-    return major_status;    
-}
-
-OM_uint32 KRB5_CALLCONV
-krb5_gss_register_acceptor_identity(const char *keytab)
-{
-    static const gss_OID_desc const req_oid = {
-	GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
-	GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
-    OM_uint32 major_status;
-    OM_uint32 minor_status;
-    gss_buffer_desc req_buffer;
-
-    req_buffer.length = strlen(keytab);
-    req_buffer.value = (char *)keytab;
-
-    major_status = gssspi_mech_invoke(&minor_status,
-				      (const gss_OID)gss_mech_krb5,
-				      (const gss_OID)&req_oid,
-				      &req_buffer);
-
-    return major_status;    
-}
-
-krb5_error_code
-krb5_gss_use_kdc_context(void)
-{
-    static const gss_OID_desc const req_oid = {
-	GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
-	GSS_KRB5_USE_KDC_CONTEXT_OID };
-    OM_uint32 major_status;
-    OM_uint32 minor_status;
-    gss_buffer_desc req_buffer;
-
-    req_buffer.length = 0;
-    req_buffer.value = NULL;
-
-    major_status = gssspi_mech_invoke(&minor_status,
-				      (const gss_OID)gss_mech_krb5,
-				      (const gss_OID)&req_oid,
-				      &req_buffer);
-
-    return major_status;    
-}
-
 /*
  * This API should go away and be replaced with an accessor
  * into a gss_name_t.
diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c
index b66fe5c..bb9731c 100644
--- a/src/lib/gssapi/krb5/lucid_context.c
+++ b/src/lib/gssapi/krb5/lucid_context.c
@@ -124,28 +124,19 @@ error_out:
  * Frees the storage associated with an
  * exported lucid context structure.
  */
-OM_uint32
-gss_krb5int_free_lucid_sec_context(
+OM_uint32 KRB5_CALLCONV
+gss_krb5_free_lucid_sec_context(
     OM_uint32 *minor_status,
-    const gss_OID desired_mech,
-    const gss_OID desired_object,
-    gss_buffer_t value)
+    void *kctx)
 {
     OM_uint32           retval;
     krb5_error_code     kret = 0;
     int                 version;
-    void		*kctx;
 
     /* Assume failure */
     retval = GSS_S_FAILURE;
     *minor_status = 0;
 
-    kctx = value->value;
-    if (!kctx) {
-        kret = EINVAL;
-        goto error_out;
-    }
-
     /* Verify pointer is valid lucid context */
     if (! kg_validate_lucidctx_id(kctx)) {
         kret = G_VALIDATE_FAILED;