diff options
author | Luke Howard <lukeh@padl.com> | 2009-01-01 01:58:04 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-01-01 01:58:04 +0000 |
commit | 486dff5252aa97810a490be1a9edebe5facd6eab (patch) | |
tree | f5fd9367bd2b4543fa90a4faa046851a9785841e | |
parent | 6c2978d8ea21a1335bf401ff069818899a5c662a (diff) | |
download | krb5-486dff5252aa97810a490be1a9edebe5facd6eab.zip krb5-486dff5252aa97810a490be1a9edebe5facd6eab.tar.gz krb5-486dff5252aa97810a490be1a9edebe5facd6eab.tar.bz2 |
gssspi_mech_invoke() is superfluous for mech_krb5, it's only useful for
mechanisms that are dynamically loaded (in which case the mechanism
would provide a separate library with mechanism-specific APIs that
wrapped gsspi_mech_invoke())
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21649 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 13 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 52 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 22 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/krb5_gss_glue.c | 121 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/lucid_context.c | 15 |
5 files changed, 30 insertions, 193 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 98617d5..5fec0d5 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -97,11 +97,8 @@ k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; static char *krb5_gss_keytab = NULL; /* Heimdal calls this gsskrb5_register_acceptor_identity. */ -OM_uint32 -gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status, - const gss_OID desired_mech, - const gss_OID desired_object, - gss_buffer_t value) +OM_uint32 KRB5_CALLCONV +krb5_gss_register_acceptor_identity(const char *keytab) { char *new, *old; int err; @@ -110,10 +107,10 @@ gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status, if (err != 0) return GSS_S_FAILURE; - if (value->value == NULL) - return GSS_S_FAILURE; + if (keytab == NULL) + return GSS_S_CALL_INACCESSIBLE_READ; - new = strdup((char *)value->value); + new = strdup(keytab); if (new == NULL) return GSS_S_FAILURE; diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 9a664c9..7440097 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -806,7 +806,7 @@ int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc); */ #define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11 -#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02" +#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01" OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags (OM_uint32 *minor_status, @@ -815,7 +815,7 @@ OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags gss_buffer_set_t *data_set); #define GSS_KRB5_COPY_CCACHE_OID_LENGTH 11 -#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01" +#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02" OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache (OM_uint32 *minor_status, @@ -824,7 +824,7 @@ OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache const gss_buffer_t value); #define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11 -#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08" +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03" struct krb5_gss_set_allowable_enctypes_req { OM_uint32 num_ktypes; @@ -838,7 +838,7 @@ gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, const gss_buffer_t value); #define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11 -#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07" +#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04" OM_uint32 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, @@ -846,32 +846,10 @@ gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, const gss_OID desired_object, gss_buffer_set_t *data_set); -#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11 -#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b" - -OM_uint32 -gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID, - const gss_OID, gss_buffer_t); - -extern k5_mutex_t kg_kdc_flag_mutex; -krb5_error_code krb5_gss_init_context (krb5_context *ctxp); - -#define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11 -#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c" - -OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID, - const gss_OID, gss_buffer_t); - -krb5_error_code krb5_gss_use_kdc_context(void); - -#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11 -#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09" - -OM_uint32 -gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t); +/* 1.2.840.113554.1.2.2.5.5 reserved for GSS_C_INQ_SSPI_SESSION_KEY */ #define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11 -#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03" +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06" OM_uint32 gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status, @@ -879,28 +857,20 @@ gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status, const gss_OID desired_object, gss_buffer_set_t *ad_data); -#if 0 -#define GSS_KRB5_SET_ACCEPTOR_ALIAS_OID_LENGTH 11 -#define GSS_KRB5_SET_ACCEPTOR_ALIAS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04" - -OM_uint32 -gss_krb5int_set_cred_alias(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); -#endif - #define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 -#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" +#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07" OM_uint32 gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); #define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11 -#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0d" +#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08" OM_uint32 gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t); #define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11 -#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0e" +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09" OM_uint32 gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *, @@ -916,6 +886,10 @@ void gss_krb5int_lib_fini(void); OM_uint32 gss_krb5int_initialize_library(void); void gss_krb5int_cleanup_library(void); +extern k5_mutex_t kg_kdc_flag_mutex; +krb5_error_code krb5_gss_init_context (krb5_context *ctxp); +krb5_error_code krb5_gss_use_kdc_context(void); + /* For error message handling. */ /* Returns a shared string, not a private copy! */ extern char * diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 1b1e11d..272ce21 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -987,25 +987,19 @@ krb5_gss_init_context (krb5_context *ctxp) } #ifndef _WIN32 -OM_uint32 -krb5int_gss_use_kdc_context(OM_uint32 *minor_status, - const gss_OID desired_mech, - const gss_OID desired_object, - gss_buffer_t value) +krb5_error_code +krb5_gss_use_kdc_context() { - OM_uint32 err; - - *minor_status = 0; + krb5_error_code err; err = gss_krb5int_initialize_library(); if (err) - return err; - *minor_status = k5_mutex_lock(&kg_kdc_flag_mutex); - if (*minor_status) { - return GSS_S_FAILURE; - } + return err; + err = k5_mutex_lock(&kg_kdc_flag_mutex); + if (err) + return err; kdc_flag = 1; k5_mutex_unlock(&kg_kdc_flag_mutex); - return GSS_S_COMPLETE; + return 0; } #endif diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 62ce567..4c86a3b 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -307,61 +307,6 @@ krb5_gssspi_set_cred_option(OM_uint32 *minor_status, return GSS_S_UNAVAILABLE; } -/* - * gssspi_mech_invoke() methods - */ -static struct { - gss_OID_desc oid; - OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t); -} krb5_gssspi_mech_invoke_ops[] = { - { - {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID}, - gss_krb5int_register_acceptor_identity - }, - { - {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID}, - gss_krb5int_free_lucid_sec_context - }, - { - {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID}, - krb5int_gss_use_kdc_context - } -}; - -static OM_uint32 -krb5_gssspi_mech_invoke (OM_uint32 *minor_status, - const gss_OID desired_mech, - const gss_OID desired_object, - gss_buffer_t value) -{ - size_t i; - - if (minor_status == NULL) - return GSS_S_CALL_INACCESSIBLE_WRITE; - - *minor_status = 0; - - if (desired_mech == GSS_C_NO_OID) - return GSS_S_BAD_MECH; - - if (desired_object == GSS_C_NO_OID) - return GSS_S_CALL_INACCESSIBLE_READ; - - for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/ - sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) { - if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) { - return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status, - desired_mech, - desired_object, - value); - } - } - - *minor_status = EINVAL; - - return GSS_S_UNAVAILABLE; -} - static struct gss_config krb5_mechanism = { { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, NULL, @@ -413,7 +358,7 @@ static struct gss_config krb5_mechanism = { krb5_gss_inquire_cred_by_oid, krb5_gss_set_sec_context_option, krb5_gssspi_set_cred_option, - krb5_gssspi_mech_invoke, + NULL, /* mech_invoke */ NULL, /* wrap_aead */ NULL, /* unwrap_aead */ krb5_gss_wrap_iov, @@ -689,70 +634,6 @@ gss_krb5_set_allowable_enctypes( return major_status; } -OM_uint32 KRB5_CALLCONV -gss_krb5_free_lucid_sec_context( - OM_uint32 *minor_status, - void *kctx) -{ - static const gss_OID_desc const req_oid = { - GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, - GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID }; - OM_uint32 major_status; - gss_buffer_desc req_buffer; - - req_buffer.length = sizeof(kctx); - req_buffer.value = kctx; - - major_status = gssspi_mech_invoke(minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, - &req_buffer); - - return major_status; -} - -OM_uint32 KRB5_CALLCONV -krb5_gss_register_acceptor_identity(const char *keytab) -{ - static const gss_OID_desc const req_oid = { - GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, - GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID }; - OM_uint32 major_status; - OM_uint32 minor_status; - gss_buffer_desc req_buffer; - - req_buffer.length = strlen(keytab); - req_buffer.value = (char *)keytab; - - major_status = gssspi_mech_invoke(&minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, - &req_buffer); - - return major_status; -} - -krb5_error_code -krb5_gss_use_kdc_context(void) -{ - static const gss_OID_desc const req_oid = { - GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, - GSS_KRB5_USE_KDC_CONTEXT_OID }; - OM_uint32 major_status; - OM_uint32 minor_status; - gss_buffer_desc req_buffer; - - req_buffer.length = 0; - req_buffer.value = NULL; - - major_status = gssspi_mech_invoke(&minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, - &req_buffer); - - return major_status; -} - /* * This API should go away and be replaced with an accessor * into a gss_name_t. diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c index b66fe5c..bb9731c 100644 --- a/src/lib/gssapi/krb5/lucid_context.c +++ b/src/lib/gssapi/krb5/lucid_context.c @@ -124,28 +124,19 @@ error_out: * Frees the storage associated with an * exported lucid context structure. */ -OM_uint32 -gss_krb5int_free_lucid_sec_context( +OM_uint32 KRB5_CALLCONV +gss_krb5_free_lucid_sec_context( OM_uint32 *minor_status, - const gss_OID desired_mech, - const gss_OID desired_object, - gss_buffer_t value) + void *kctx) { OM_uint32 retval; krb5_error_code kret = 0; int version; - void *kctx; /* Assume failure */ retval = GSS_S_FAILURE; *minor_status = 0; - kctx = value->value; - if (!kctx) { - kret = EINVAL; - goto error_out; - } - /* Verify pointer is valid lucid context */ if (! kg_validate_lucidctx_id(kctx)) { kret = G_VALIDATE_FAILED; |