make gss_acquire_cred(GSS_C_NO_OID_SET) acquire credentials for all

mechanisms rather than just the default mechanism.

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24712 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 32 insertions, 42 deletions

diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index 6dfc65f..53e6dcd 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -103,14 +103,11 @@ gss_OID_set *		actual_mechs;
 OM_uint32 *		time_rec;
 
 {
-    OM_uint32 major = GSS_S_FAILURE;
+    OM_uint32 major = GSS_S_FAILURE, tmpMinor;
     OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE;
-    gss_OID_set_desc default_OID_set;
-    gss_OID_set mechs;
-    gss_OID_desc default_OID;
-    gss_mechanism mech;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
     unsigned int i;
-    gss_union_cred_t creds;
+    gss_union_cred_t creds = NULL;
 
     major = val_acq_cred_args(minor_status,
 			      desired_name,
@@ -121,44 +118,37 @@ OM_uint32 *		time_rec;
 			      actual_mechs,
 			      time_rec);
     if (major != GSS_S_COMPLETE)
-	return (major);
-
-    /* Initial value needed below. */
-    major = GSS_S_FAILURE;
+	goto cleanup;
 
     /*
-     * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an
-     * appropriate default.  We use the first mechanism in the
-     * mechansim list as the default. This set is created with
-     * statics thus needs not be freed
+     * if desired_mechs equals GSS_C_NULL_OID_SET, then try to
+     * acquire credentials for all mechanisms.
      */
-    if(desired_mechs == GSS_C_NULL_OID_SET) {
-	mech = gssint_get_mechanism(NULL);
-	if (mech == NULL)
-	    return (GSS_S_BAD_MECH);
-
-	mechs = &default_OID_set;
-	default_OID_set.count = 1;
-	default_OID_set.elements = &default_OID;
-	default_OID.length = mech->mech_type.length;
-	default_OID.elements = mech->mech_type.elements;
+    if (desired_mechs == GSS_C_NULL_OID_SET) {
+	major = gss_indicate_mechs(minor_status, &mechs);
+	if (major != GSS_S_COMPLETE)
+	    goto cleanup;
     } else
 	mechs = desired_mechs;
 
-    if (mechs->count == 0)
-	return (GSS_S_BAD_MECH);
+    if (mechs->count == 0) {
+	major = GSS_S_BAD_MECH;
+	goto cleanup;
+    }
 
     /* allocate the output credential structure */
-    creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc));
-    if (creds == NULL)
-	return (GSS_S_FAILURE);
+    creds = (gss_union_cred_t)calloc(1, sizeof (gss_union_cred_desc));
+    if (creds == NULL) {
+	major = GSS_S_FAILURE;
+	*minor_status = ENOMEM;
+	goto cleanup;
+    }
 
-    /* initialize to 0s */
-    (void) memset(creds, 0, sizeof (gss_union_cred_desc));
+    creds->count = 0;
     creds->loopback = creds;
 
     /* for each requested mech attempt to obtain a credential */
-    for (i = 0; i < mechs->count; i++) {
+    for (i = 0, major = GSS_S_UNAVAILABLE; i < mechs->count; i++) {
 	major = gss_add_cred(minor_status, (gss_cred_id_t)creds,
 			     desired_name,
 			     &mechs->elements[i],
@@ -189,8 +179,8 @@ OM_uint32 *		time_rec;
 
     /* ensure that we have at least one credential element */
     if (creds->count < 1) {
-	free(creds);
-	return (major);
+	assert(GSS_ERROR(major));
+	goto cleanup;
     }
 
     /*
@@ -204,20 +194,20 @@ OM_uint32 *		time_rec;
 	oids.elements = creds->mechs_array;
 
 	major = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs);
-	if (GSS_ERROR(major)) {
-	    (void) gss_release_cred(minor_status,
-				    (gss_cred_id_t *)&creds);
-	    return (major);
-	}
+	if (GSS_ERROR(major))
+	    goto cleanup;
     }
 
     if (time_rec)
 	*time_rec = outTime;
 
-
-    creds->loopback = creds;
     *output_cred_handle = (gss_cred_id_t)creds;
-    return (GSS_S_COMPLETE);
+
+cleanup:
+    if (GSS_ERROR(major))
+	gss_release_cred(&tmpMinor, (gss_cred_id_t *)&creds);
+
+    return (major);
 }
 
 static OM_uint32