From: Luke Howard Date: Sat, 29 Aug 2009 07:51:51 +0000 (+0000) Subject: harmonize get_attribute_types SPI with naming_exts; cleanup X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=436aec7b75598af35840b0f2a2b1a162eddabd85;p=thirdparty%2Fkrb5.git harmonize get_attribute_types SPI with naming_exts; cleanup git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22649 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 363dcee1ec..02e04e46a0 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1361,8 +1361,9 @@ krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute_types (krb5_context kcontext, krb5_authdata_context context, + krb5_data **verified, krb5_data **asserted, - krb5_data **verified); + krb5_data **all_attrs); krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute (krb5_context kcontext, diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index 9c7f41daa3..16b03c0dbd 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -196,8 +196,9 @@ typedef krb5_error_code (*authdata_client_get_attribute_types_proc)(krb5_context context, void *plugin_context, void *request_context, + krb5_data **verified, krb5_data **asserted, - krb5_data **verified); + krb5_data **all_attrs); typedef krb5_error_code (*authdata_client_get_attribute_proc)(krb5_context context, diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c index 1bcda9f026..789c24aaba 100644 --- a/src/lib/gssapi/krb5/naming_exts.c +++ b/src/lib/gssapi/krb5/naming_exts.c @@ -37,53 +37,56 @@ kg_init_name(krb5_context context, krb5_principal principal, krb5_authdata_context ad_context, krb5_flags flags, - krb5_gss_name_t *name) + krb5_gss_name_t *ret_name) { krb5_error_code code; + krb5_gss_name_t name; + + *ret_name = NULL; assert(principal != NULL); if (principal == NULL) return EINVAL; - *name = xmalloc(sizeof(krb5_gss_name_rec)); - if (*name == NULL) { + name = xmalloc(sizeof(krb5_gss_name_rec)); + if (name == NULL) return ENOMEM; - } - memset(*name, 0, sizeof(krb5_gss_name_rec)); - code = k5_mutex_init(&(*name)->lock); + memset(name, 0, sizeof(krb5_gss_name_rec)); + + code = k5_mutex_init(&name->lock); if (code != 0) goto cleanup; if ((flags & KG_INIT_NAME_NO_COPY) == 0) { - code = krb5_copy_principal(context, principal, &(*name)->princ); + code = krb5_copy_principal(context, principal, &name->princ); if (code != 0) goto cleanup; if (ad_context != NULL) { code = krb5_authdata_context_copy(context, ad_context, - &(*name)->ad_context); + &name->ad_context); if (code != 0) goto cleanup; } } else { - (*name)->princ = principal; - (*name)->ad_context = ad_context; + name->princ = principal; + name->ad_context = ad_context; } if ((flags & KG_INIT_NAME_INTERN) && - !kg_save_name((gss_name_t)*name)) { + !kg_save_name((gss_name_t)name)) { code = G_VALIDATE_FAILED; goto cleanup; } - code = 0; + *ret_name = name; cleanup: if (code != 0) - kg_release_name(context, 0, name); + kg_release_name(context, 0, &name); return code; } @@ -178,8 +181,10 @@ kg_data_list_to_buffer_set_nocopy(krb5_data **pdata, return EINVAL; if (GSS_ERROR(gss_create_empty_buffer_set(&minor_status, - &set))) + &set))) { + assert(minor_status != 0); return minor_status; + } for (i = 0; data[i].data != NULL; i++) ; @@ -211,16 +216,14 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, gss_OID *MN_mech, gss_buffer_set_t *authenticated, gss_buffer_set_t *asserted, - gss_buffer_set_t *complete) + gss_buffer_set_t *all_attrs) { krb5_context context; krb5_error_code code; krb5_gss_name_t kname; krb5_data *kauthenticated = NULL; krb5_data *kasserted = NULL; -#if 0 - krb5_data *kcomplete = NULL; -#endif + krb5_data *kall_attrs = NULL; if (minor_status != NULL) *minor_status = 0; @@ -229,9 +232,8 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, *authenticated = GSS_C_NO_BUFFER_SET; if (asserted != NULL) *asserted = GSS_C_NO_BUFFER_SET; -#if 0 - *complete = GSS_C_NO_BUFFER_SET; -#endif + if (all_attrs != NULL) + *all_attrs = GSS_C_NO_BUFFER_SET; code = krb5_gss_init_context(&context); if (code != 0) { @@ -261,8 +263,14 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, code = krb5_authdata_get_attribute_types(context, kname->ad_context, + &kauthenticated, &kasserted, - &kauthenticated); + &kall_attrs); + if (code != 0) + goto cleanup; + + code = kg_data_list_to_buffer_set_nocopy(&kauthenticated, + authenticated); if (code != 0) goto cleanup; @@ -271,15 +279,16 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, if (code != 0) goto cleanup; - code = kg_data_list_to_buffer_set_nocopy(&kauthenticated, - authenticated); + code = kg_data_list_to_buffer_set_nocopy(&kall_attrs, + all_attrs); if (code != 0) goto cleanup; cleanup: k5_mutex_unlock(&kname->lock); - krb5int_free_data_list(context, kasserted); krb5int_free_data_list(context, kauthenticated); + krb5int_free_data_list(context, kasserted); + krb5int_free_data_list(context, kall_attrs); krb5_free_context(context); diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index 83e2634843..e649c98abf 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -28,15 +28,15 @@ #include "authdata.h" #include "auth_con.h" -#define DEBUG 1 - -/* Based on preauth2.c */ +/* Loosely based on preauth2.c */ +static const char *objdirs[] = { #if TARGET_OS_MAC -static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */ -#else -static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL }; + KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, #endif + LIBDIR "/krb5/plugins/authdata", + NULL + }; /* should be a list */ /* Internal authdata systems */ static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = { @@ -236,7 +236,8 @@ krb5_authdata_context_free(krb5_context kcontext, for (i = 0; i < context->n_modules; i++) { struct _krb5_authdata_context_module *module = &context->modules[i]; - if (module->client_req_fini != NULL && module->request_context != NULL) + if (module->client_req_fini != NULL && + module->request_context != NULL) (*module->client_req_fini)(kcontext, module->plugin_context, module->request_context); @@ -388,20 +389,24 @@ k5_merge_data_list(krb5_data **dst, krb5_data *src, unsigned int *len) krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute_types(krb5_context kcontext, krb5_authdata_context context, + krb5_data **verified_attrs, krb5_data **asserted_attrs, - krb5_data **verified_attrs) + krb5_data **all_attrs) { int i; - krb5_error_code code; - krb5_data *asserted = NULL; + krb5_error_code code = ENOENT; krb5_data *verified = NULL; - unsigned int asserted_len = 0; + krb5_data *asserted = NULL; + krb5_data *all = NULL; unsigned int verified_len = 0; + unsigned int asserted_len = 0; + unsigned int all_len = 0; for (i = 0; i < context->n_modules; i++) { struct _krb5_authdata_context_module *module = &context->modules[i]; - krb5_data *asserted2 = NULL; krb5_data *verified2 = NULL; + krb5_data *asserted2 = NULL; + krb5_data *all2 = NULL; if (module->ftable->get_attribute_types == NULL) continue; @@ -409,12 +414,24 @@ krb5_authdata_get_attribute_types(krb5_context kcontext, if ((*module->ftable->get_attribute_types)(kcontext, module->plugin_context, *(module->request_context_pp), + verified_attrs ? + &verified2 : NULL, asserted_attrs ? &asserted2 : NULL, - verified_attrs ? - &verified2 : NULL) != 0) + all_attrs ? + &all2 : NULL)) continue; + if (verified_attrs != NULL) { + code = k5_merge_data_list(&verified, verified2, &verified_len); + if (code != 0) { + krb5int_free_data_list(kcontext, verified2); + break; + } + if (verified2 != NULL) + free(verified2); + } + if (asserted_attrs != NULL) { code = k5_merge_data_list(&asserted, asserted2, &asserted_len); if (code != 0) { @@ -425,24 +442,35 @@ krb5_authdata_get_attribute_types(krb5_context kcontext, free(asserted2); } - if (verified_attrs != NULL) { - code = k5_merge_data_list(&verified, verified2, &verified_len); + if (all_attrs != NULL) { + code = k5_merge_data_list(&all, all2, &all_len); if (code != 0) { - krb5int_free_data_list(kcontext, verified2); + krb5int_free_data_list(kcontext, all2); break; } - if (verified2 != NULL) - free(verified2); + if (all2 != NULL) + free(all2); } } - if (code == 0) { - if (asserted_attrs != NULL) - *asserted_attrs = asserted; - if (verified_attrs != NULL) - *verified_attrs = verified; + if (code != 0) { + krb5int_free_data_list(kcontext, verified); + verified = NULL; + + krb5int_free_data_list(kcontext, asserted); + asserted = NULL; + + krb5int_free_data_list(kcontext, all); + all = NULL; } + if (verified_attrs != NULL) + *verified_attrs = verified; + if (asserted_attrs != NULL) + *asserted_attrs = asserted; + if (all_attrs != NULL) + *all_attrs = all; + return code; } diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 06c8be7523..7ab3313e4f 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -1107,8 +1107,9 @@ static krb5_error_code mspac_get_attribute_types(krb5_context context, void *plugin_context, void *request_context, + krb5_data **verified, krb5_data **asserted, - krb5_data **verified) + krb5_data **complete) { struct mspac_context *pacctx = (struct mspac_context *)request_context; unsigned int i, j;