RFC 6680 specifies that GSS_Export_name_composite() "outputs a token that
"can be imported with GSS_Import_name(), using GSS_C_NT_COMPOSITE_EXPORT
as the name type...". Therefore, in the gss_import_name mechglue, we
should perform the import process imediately when either
GSS_C_NT_COMPOSITE_EXPORT or GSS_C_NT_EXPORT_NAME are used (not just
for the later, as is the current functionality).
The naming extension test was also updated to display the result
of importing with GSS_C_NT_COMPOSITE_EXPORT in addition to
GSS_C_NT_EXPORT_NAME.
[ghudson@mit.edu: minor style changes]
(cherry picked from commit
29dec110c43ae9cebdcd935906a3131ca9ac0c99)
(cherry picked from commit
f2302383dd3a32bf22f437c4e1d10533323db5dc)
ticket: 8182 (new)
version_fixed: 1.12.4
status: resolved
#include <errno.h>
/* local function to import GSS_C_EXPORT_NAME names */
-static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t);
+static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t, gss_OID);
static OM_uint32
val_imp_name_args(
* do however make this an MN for names of GSS_C_NT_EXPORT_NAME type.
*/
if (input_name_type != GSS_C_NULL_OID &&
- g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
- major_status = importExportName(minor_status, union_name);
+ (g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME) ||
+ g_OID_equal(input_name_type, GSS_C_NT_COMPOSITE_EXPORT))) {
+ major_status = importExportName(minor_status, union_name, input_name_type);
if (major_status != GSS_S_COMPLETE)
goto allocation_failure;
}
static const unsigned int nameTypeLenLen = 2;
static OM_uint32
-importExportName(minor, unionName)
+importExportName(minor, unionName, inputNameType)
OM_uint32 *minor;
gss_union_name_t unionName;
+ gss_OID inputNameType;
{
gss_OID_desc mechOid;
gss_buffer_desc expName;
if (mech->gss_export_name) {
if (mech->gssspi_import_name_by_mech) {
major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
- GSS_C_NT_EXPORT_NAME,
+ inputNameType,
&unionName->mech_name);
} else {
- major = mech->gss_import_name(minor, &expName,
- GSS_C_NT_EXPORT_NAME,
+ major = mech->gss_import_name(minor, &expName, inputNameType,
&unionName->mech_name);
}
if (major != GSS_S_COMPLETE)
gss_OID mech = (gss_OID)gss_mech_krb5;
gss_name_t name, mechname, impname;
gss_buffer_desc buf, buf2;
+ krb5_boolean use_composite = FALSE;
+ gss_OID ntype;
const char *name_arg;
char opt;
mech = &mech_krb5;
else if (opt == 's')
mech = &mech_spnego;
+ else if (opt == 'c')
+ use_composite = TRUE;
else
usage();
}
/* Canonicalize and export the name. */
major = gss_canonicalize_name(&minor, name, mech, &mechname);
check_gsserr("gss_canonicalize_name", major, minor);
- major = gss_export_name(&minor, mechname, &buf);
+ if (use_composite)
+ major = gss_export_name_composite(&minor, mechname, &buf);
+ else
+ major = gss_export_name(&minor, mechname, &buf);
check_gsserr("gss_export_name", major, minor);
/* Import and re-export the name, and compare the results. */
- major = gss_import_name(&minor, &buf, GSS_C_NT_EXPORT_NAME, &impname);
+ ntype = use_composite ? GSS_C_NT_COMPOSITE_EXPORT : GSS_C_NT_EXPORT_NAME;
+ major = gss_import_name(&minor, &buf, ntype, &impname);
check_gsserr("gss_export_name", major, minor);
- major = gss_export_name(&minor, impname, &buf2);
+ if (use_composite)
+ major = gss_export_name_composite(&minor, mechname, &buf2);
+ else
+ major = gss_export_name(&minor, mechname, &buf2);
check_gsserr("gss_export_name", major, minor);
if (buf.length != buf2.length ||
memcmp(buf.value, buf2.value, buf.length) != 0) {
if output != '0401000806062B060105050200000003614062\n':
fail('Unexpected output from t_export_name (SPNEGO krb5 principal)')
+# Test that composite-export tokens can be imported.
+output = realm.run(['./t_export_name', '-c', 'p:a@b'])
+if (output != '0402000B06092A864886F7120102020000000361406200000000\n'):
+ fail('Unexpected output from t_export_name (using COMPOSITE_EXPORT)')
+
# Test gss_inquire_mechs_for_name behavior.
krb5_mech = '{ 1 2 840 113554 1 2 2 }'
spnego_mech = '{ 1 3 6 1 5 5 2 }'
static int use_spnego = 0;
+static void
+display_name(const char *tag, gss_name_t name)
+{
+ OM_uint32 major, minor;
+ gss_buffer_desc buf;
+
+ major = gss_display_name(&minor, name, &buf, NULL);
+ check_gsserr("gss_display_name", major, minor);
+
+ printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value);
+
+ (void)gss_release_buffer(&minor, &buf);
+}
+
static void
test_export_import_name(gss_name_t name)
{
OM_uint32 major, minor;
gss_buffer_desc exported_name = GSS_C_EMPTY_BUFFER;
gss_name_t imported_name = GSS_C_NO_NAME;
+ gss_name_t imported_name_comp = GSS_C_NO_NAME;
unsigned int i;
major = gss_export_name_composite(&minor, name, &exported_name);
major = gss_import_name(&minor, &exported_name, GSS_C_NT_EXPORT_NAME,
&imported_name);
check_gsserr("gss_import_name", major, minor);
+
+ major = gss_import_name(&minor, &exported_name, GSS_C_NT_COMPOSITE_EXPORT,
+ &imported_name_comp);
+ check_gsserr("gss_import_name", major, minor);
(void)gss_release_buffer(&minor, &exported_name);
printf("\n");
printf("Re-imported attributes:\n\n");
enumerate_attributes(imported_name, 0);
+ display_name("Re-imported (as composite) name", imported_name_comp);
+ printf("Re-imported (as composite) attributes:\n\n");
+ enumerate_attributes(imported_name_comp, 0);
+
(void)gss_release_name(&minor, &imported_name);
+ (void)gss_release_name(&minor, &imported_name_comp);
}
static void
projects / thirdparty / krb5.git / commitdiff
