From ec44babaaa63fdc70538c9495318233ef3dc336d Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 17 Mar 2011 05:25:02 +0000 Subject: make gss_acquire_cred(GSS_C_NO_OID_SET) acquire credentials for all mechanisms rather than just the default mechanism. git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24712 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/mechglue/g_acquire_cred.c | 74 ++++++++++++++------------------ 1 file changed, 32 insertions(+), 42 deletions(-) (limited to 'src/lib/gssapi') diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index 6dfc65f..53e6dcd 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -103,14 +103,11 @@ gss_OID_set * actual_mechs; OM_uint32 * time_rec; { - OM_uint32 major = GSS_S_FAILURE; + OM_uint32 major = GSS_S_FAILURE, tmpMinor; OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE; - gss_OID_set_desc default_OID_set; - gss_OID_set mechs; - gss_OID_desc default_OID; - gss_mechanism mech; + gss_OID_set mechs = GSS_C_NO_OID_SET; unsigned int i; - gss_union_cred_t creds; + gss_union_cred_t creds = NULL; major = val_acq_cred_args(minor_status, desired_name, @@ -121,44 +118,37 @@ OM_uint32 * time_rec; actual_mechs, time_rec); if (major != GSS_S_COMPLETE) - return (major); - - /* Initial value needed below. */ - major = GSS_S_FAILURE; + goto cleanup; /* - * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an - * appropriate default. We use the first mechanism in the - * mechansim list as the default. This set is created with - * statics thus needs not be freed + * if desired_mechs equals GSS_C_NULL_OID_SET, then try to + * acquire credentials for all mechanisms. */ - if(desired_mechs == GSS_C_NULL_OID_SET) { - mech = gssint_get_mechanism(NULL); - if (mech == NULL) - return (GSS_S_BAD_MECH); - - mechs = &default_OID_set; - default_OID_set.count = 1; - default_OID_set.elements = &default_OID; - default_OID.length = mech->mech_type.length; - default_OID.elements = mech->mech_type.elements; + if (desired_mechs == GSS_C_NULL_OID_SET) { + major = gss_indicate_mechs(minor_status, &mechs); + if (major != GSS_S_COMPLETE) + goto cleanup; } else mechs = desired_mechs; - if (mechs->count == 0) - return (GSS_S_BAD_MECH); + if (mechs->count == 0) { + major = GSS_S_BAD_MECH; + goto cleanup; + } /* allocate the output credential structure */ - creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc)); - if (creds == NULL) - return (GSS_S_FAILURE); + creds = (gss_union_cred_t)calloc(1, sizeof (gss_union_cred_desc)); + if (creds == NULL) { + major = GSS_S_FAILURE; + *minor_status = ENOMEM; + goto cleanup; + } - /* initialize to 0s */ - (void) memset(creds, 0, sizeof (gss_union_cred_desc)); + creds->count = 0; creds->loopback = creds; /* for each requested mech attempt to obtain a credential */ - for (i = 0; i < mechs->count; i++) { + for (i = 0, major = GSS_S_UNAVAILABLE; i < mechs->count; i++) { major = gss_add_cred(minor_status, (gss_cred_id_t)creds, desired_name, &mechs->elements[i], @@ -189,8 +179,8 @@ OM_uint32 * time_rec; /* ensure that we have at least one credential element */ if (creds->count < 1) { - free(creds); - return (major); + assert(GSS_ERROR(major)); + goto cleanup; } /* @@ -204,20 +194,20 @@ OM_uint32 * time_rec; oids.elements = creds->mechs_array; major = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs); - if (GSS_ERROR(major)) { - (void) gss_release_cred(minor_status, - (gss_cred_id_t *)&creds); - return (major); - } + if (GSS_ERROR(major)) + goto cleanup; } if (time_rec) *time_rec = outTime; - - creds->loopback = creds; *output_cred_handle = (gss_cred_id_t)creds; - return (GSS_S_COMPLETE); + +cleanup: + if (GSS_ERROR(major)) + gss_release_cred(&tmpMinor, (gss_cred_id_t *)&creds); + + return (major); } static OM_uint32 -- cgit v1.1