From: Luke Howard Date: Tue, 15 Sep 2009 21:49:34 +0000 (+0000) Subject: cleanup; remove authenticated/asserted arguments from gss_inquire_name per ietf-kitte... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bfb33aa3e6235a77f30010c840f180f7e335744;p=thirdparty%2Fkrb5.git cleanup; remove authenticated/asserted arguments from gss_inquire_name per ietf-kitten discussion, instead use a singel attribute git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22768 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 6f000aaf92..7c25cdf170 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1379,8 +1379,7 @@ krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute_types (krb5_context kcontext, krb5_authdata_context context, - krb5_data **verified, - krb5_data **asserted); + krb5_data **attrs); krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute (krb5_context kcontext, diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index f6b945a40e..502b1c846e 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -210,8 +210,7 @@ typedef krb5_error_code struct _krb5_authdata_context *context, void *plugin_context, void *request_context, - krb5_data **verified, - krb5_data **asserted); + krb5_data **attrs); typedef krb5_error_code (*authdata_client_get_attribute_proc)(krb5_context kcontext, diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index b3ba97cb8d..12216775ad 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -301,8 +301,7 @@ OM_uint32 KRB5_CALLCONV gss_inquire_name gss_name_t, /* name */ int *, /* name_is_MN */ gss_OID *, /* MN_mech */ - gss_buffer_set_t *, /* authenticated */ - gss_buffer_set_t * /* asserted */ + gss_buffer_set_t * /* attrs */ ); OM_uint32 KRB5_CALLCONV gss_get_name_attribute diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index fd7acda75a..e05c5bc81f 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -867,8 +867,7 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, - gss_buffer_set_t *authenticated, - gss_buffer_set_t *asserted); + gss_buffer_set_t *attrs); OM_uint32 krb5_gss_get_name_attribute(OM_uint32 *minor_status, diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c index 18513660d2..86170efceb 100644 --- a/src/lib/gssapi/krb5/naming_exts.c +++ b/src/lib/gssapi/krb5/naming_exts.c @@ -214,22 +214,18 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, - gss_buffer_set_t *authenticated, - gss_buffer_set_t *asserted) + gss_buffer_set_t *attrs) { krb5_context context; krb5_error_code code; krb5_gss_name_t kname; - krb5_data *kauthenticated = NULL; - krb5_data *kasserted = NULL; + krb5_data *kattrs = NULL; if (minor_status != NULL) *minor_status = 0; - if (authenticated != NULL) - *authenticated = GSS_C_NO_BUFFER_SET; - if (asserted != NULL) - *asserted = GSS_C_NO_BUFFER_SET; + if (attrs != NULL) + *attrs = GSS_C_NO_BUFFER_SET; code = krb5_gss_init_context(&context); if (code != 0) { @@ -259,25 +255,17 @@ krb5_gss_inquire_name(OM_uint32 *minor_status, code = krb5_authdata_get_attribute_types(context, kname->ad_context, - &kauthenticated, - &kasserted); + &kattrs); if (code != 0) goto cleanup; - code = kg_data_list_to_buffer_set_nocopy(&kauthenticated, - authenticated); - if (code != 0) - goto cleanup; - - code = kg_data_list_to_buffer_set_nocopy(&kasserted, - asserted); + code = kg_data_list_to_buffer_set_nocopy(&kattrs, attrs); if (code != 0) goto cleanup; cleanup: k5_mutex_unlock(&kname->lock); - krb5int_free_data_list(context, kauthenticated); - krb5int_free_data_list(context, kasserted); + krb5int_free_data_list(context, kattrs); krb5_free_context(context); diff --git a/src/lib/gssapi/mechglue/g_inq_name.c b/src/lib/gssapi/mechglue/g_inq_name.c index 9a08e0e841..260ef20c62 100644 --- a/src/lib/gssapi/mechglue/g_inq_name.c +++ b/src/lib/gssapi/mechglue/g_inq_name.c @@ -35,8 +35,7 @@ gss_inquire_name(OM_uint32 *minor_status, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, - gss_buffer_set_t *authenticated, - gss_buffer_set_t *asserted) + gss_buffer_set_t *attrs) { OM_uint32 status, tmp; gss_union_name_t union_name; @@ -51,11 +50,8 @@ gss_inquire_name(OM_uint32 *minor_status, if (MN_mech != NULL) *MN_mech = GSS_C_NO_OID; - /* XXX really optional? */ - if (authenticated != NULL) - *authenticated = GSS_C_NO_BUFFER_SET; - if (asserted != NULL) - *asserted = GSS_C_NO_BUFFER_SET; + if (attrs != NULL) + *attrs = GSS_C_NO_BUFFER_SET; *minor_status = 0; union_name = (gss_union_name_t)name; @@ -94,8 +90,7 @@ gss_inquire_name(OM_uint32 *minor_status, union_name->mech_name, NULL, NULL, - authenticated, - asserted); + attrs); if (status != GSS_S_COMPLETE) { generic_gss_release_oid(&tmp, MN_mech); map_error(minor_status, mech); diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 8065e8c28b..177db62cc4 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -518,8 +518,7 @@ typedef struct gss_config { gss_name_t, /* name */ int *, /* name_is_MN */ gss_OID *, /* MN_mech */ - gss_buffer_set_t *, /* authenticated */ - gss_buffer_set_t * /* asserted */ + gss_buffer_set_t * /* attrs */ /* */); OM_uint32 (*gss_get_name_attribute) diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 51986f7d60..43b0049313 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -458,8 +458,7 @@ spnego_gss_inquire_name gss_name_t name, int *name_is_MN, gss_OID *MN_mech, - gss_buffer_set_t *authenticated, - gss_buffer_set_t *asserted + gss_buffer_set_t *attrs ); OM_uint32 diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 7ddf595885..999a5e3e80 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -2382,16 +2382,14 @@ spnego_gss_inquire_name(OM_uint32 *minor_status, gss_name_t name, int *name_is_MN, gss_OID *MN_mech, - gss_buffer_set_t *authenticated, - gss_buffer_set_t *asserted) + gss_buffer_set_t *attrs) { OM_uint32 ret; ret = gss_inquire_name(minor_status, name, name_is_MN, MN_mech, - authenticated, - asserted); + attrs); return (ret); } diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index 9b5b6466d1..8d42413127 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -461,20 +461,16 @@ k5_merge_data_list(krb5_data **dst, krb5_data *src, unsigned int *len) krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute_types(krb5_context kcontext, krb5_authdata_context context, - krb5_data **verified_attrs, - krb5_data **asserted_attrs) + krb5_data **out_attrs) { int i; krb5_error_code code = 0; - krb5_data *verified = NULL; - krb5_data *asserted = NULL; - unsigned int verified_len = 0; - unsigned int asserted_len = 0; + krb5_data *attrs = NULL; + unsigned int attrs_len = 0; for (i = 0; i < context->n_modules; i++) { struct _krb5_authdata_context_module *module = &context->modules[i]; - krb5_data *verified2 = NULL; - krb5_data *asserted2 = NULL; + krb5_data *attrs2 = NULL; if (module->ftable->get_attribute_types == NULL) continue; @@ -483,45 +479,24 @@ krb5_authdata_get_attribute_types(krb5_context kcontext, context, module->plugin_context, *(module->request_context_pp), - verified_attrs ? - &verified2 : NULL, - asserted_attrs ? - &asserted2 : NULL)) + &attrs2)) continue; - if (verified_attrs != NULL) { - code = k5_merge_data_list(&verified, verified2, &verified_len); - if (code != 0) { - krb5int_free_data_list(kcontext, verified2); - break; - } - if (verified2 != NULL) - free(verified2); - } - - if (asserted_attrs != NULL) { - code = k5_merge_data_list(&asserted, asserted2, &asserted_len); - if (code != 0) { - krb5int_free_data_list(kcontext, asserted2); - break; - } - if (asserted2 != NULL) - free(asserted2); + code = k5_merge_data_list(&attrs, attrs2, &attrs_len); + if (code != 0) { + krb5int_free_data_list(kcontext, attrs2); + break; } + if (attrs2 != NULL) + free(attrs2); } if (code != 0) { - krb5int_free_data_list(kcontext, verified); - verified = NULL; - - krb5int_free_data_list(kcontext, asserted); - asserted = NULL; + krb5int_free_data_list(kcontext, attrs); + attrs = NULL; } - if (verified_attrs != NULL) - *verified_attrs = verified; - if (asserted_attrs != NULL) - *asserted_attrs = asserted; + *out_attrs = attrs; return code; } diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index fad78fa100..79a347ea96 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -1141,22 +1141,16 @@ mspac_get_attribute_types(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, - krb5_data **verified, - krb5_data **asserted) + krb5_data **out_attrs) { struct mspac_context *pacctx = (struct mspac_context *)request_context; unsigned int i, j; krb5_data *attrs; krb5_error_code code; - krb5_data **outattrs; if (pacctx->pac == NULL) return ENOENT; - outattrs = pacctx->pac->verified ? verified : asserted; - if (outattrs == NULL) - return ENOENT; /* caller is not interested */ - attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data)); if (attrs == NULL) return ENOMEM; @@ -1198,7 +1192,7 @@ mspac_get_attribute_types(krb5_context kcontext, attrs[j].data = NULL; attrs[j].length = 0; - *outattrs = attrs; + *out_attrs = attrs; return 0; } diff --git a/src/plugins/authdata/greet_client/greet.c b/src/plugins/authdata/greet_client/greet.c index 1720c9b4ab..833965e047 100644 --- a/src/plugins/authdata/greet_client/greet.c +++ b/src/plugins/authdata/greet_client/greet.c @@ -53,7 +53,7 @@ greet_flags(krb5_context kcontext, krb5_authdatatype ad_type, krb5_flags *flags) { - *flags = AD_USAGE_TGS_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL; + *flags = AD_USAGE_AP_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL; } static void @@ -130,8 +130,7 @@ greet_get_attribute_types(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, - krb5_data **verified, - krb5_data **asserted) + krb5_data **out_attrs) { krb5_error_code code; struct greet_context *greet = (struct greet_context *)request_context; @@ -139,19 +138,16 @@ greet_get_attribute_types(krb5_context kcontext, if (greet->greeting.length == 0) return ENOENT; - if (asserted == NULL) - return 0; - - *asserted = calloc(2, sizeof(krb5_data)); - if (*asserted == NULL) + *out_attrs = calloc(2, sizeof(krb5_data)); + if (*out_attrs == NULL) return ENOMEM; code = krb5int_copy_data_contents_add0(kcontext, &greet_attr, - &(*asserted)[0]); + &(*out_attrs)[0]); if (code != 0) { - free(*asserted); - *asserted = NULL; + free(*out_attrs); + *out_attrs = NULL; return code; } diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c index f6da146c4a..4f41b7a085 100644 --- a/src/tests/gssapi/t_namingexts.c +++ b/src/tests/gssapi/t_namingexts.c @@ -31,11 +31,9 @@ #include #include -#define USE_SPNEGO 1 - -#ifdef USE_SPNEGO static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" }; -#endif + +static int use_spnego = 0; static void displayStatus_1(m, code, type) char *m; @@ -155,41 +153,26 @@ enumerateAttributes(OM_uint32 *minor, OM_uint32 major, tmp; int name_is_MN; gss_OID mech = GSS_C_NO_OID; - gss_buffer_set_t authenticated = GSS_C_NO_BUFFER_SET; - gss_buffer_set_t asserted = GSS_C_NO_BUFFER_SET; - gss_buffer_set_t complete = GSS_C_NO_BUFFER_SET; + gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET; unsigned int i; major = gss_inquire_name(minor, name, &name_is_MN, &mech, - &authenticated, - &asserted, - &complete); + &attrs); if (GSS_ERROR(major)) { displayStatus("gss_inquire_name", major, *minor); - goto cleanup; + return major; } - if (authenticated != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < authenticated->count; i++) - dumpAttribute(minor, name, &authenticated->elements[i], noisy); - } - if (asserted != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < asserted->count; i++) - dumpAttribute(minor, name, &asserted->elements[i], noisy); - } - if (complete != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < complete->count; i++) - dumpAttribute(minor, name, &complete->elements[i], noisy); + if (attrs != GSS_C_NO_BUFFER_SET) { + for (i = 0; i < attrs->count; i++) + dumpAttribute(minor, name, &attrs->elements[i], noisy); } -cleanup: gss_release_oid(&tmp, &mech); - gss_release_buffer_set(&tmp, &authenticated); - gss_release_buffer_set(&tmp, &asserted); - gss_release_buffer_set(&tmp, &complete); + gss_release_buffer_set(&tmp, &attrs); return major; } @@ -301,11 +284,9 @@ initAcceptSecContext(OM_uint32 *minor, verifier_cred_handle, &initiator_context, target_name, -#ifdef USE_SPNEGO - (gss_OID)&spnego_mech, -#else - (gss_OID)gss_mech_krb5, -#endif + use_spnego ? + (gss_OID)&spnego_mech : + (gss_OID)gss_mech_krb5, GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, @@ -361,6 +342,12 @@ int main(int argc, char *argv[]) gss_OID_set actual_mechs = GSS_C_NO_OID_SET; gss_name_t name = GSS_C_NO_NAME; + if (argc > 1 && strcmp(argv[1], "--spnego") == 0) { + use_spnego++; + argc--; + argv++; + } + if (argc > 1) { gss_buffer_desc name_buf; gss_name_t tmp_name; @@ -385,13 +372,11 @@ int main(int argc, char *argv[]) gss_release_name(&tmp, &tmp_name); -#if 1 major = testGreetAuthzData(&minor, name); if (GSS_ERROR(major)) goto out; -#endif } else { - fprintf(stderr, "Usage: %s [principal] [keytab]\n", argv[0]); + fprintf(stderr, "Usage: %s [--spnego] [principal] [keytab]\n", argv[0]); exit(1); } @@ -404,11 +389,8 @@ int main(int argc, char *argv[]) } -#if 0 /* XXX mechglue bug */ - mechs.elements = (gss_OID)&spnego_mech; -#else - mechs.elements = (gss_OID)gss_mech_krb5; -#endif + mechs.elements = use_spnego ? (gss_OID)&spnego_mech : + (gss_OID)gss_mech_krb5; mechs.count = 1; /* get default cred */ diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c index 33e0e94dcf..394313a684 100644 --- a/src/tests/gssapi/t_s4u.c +++ b/src/tests/gssapi/t_s4u.c @@ -59,7 +59,7 @@ static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" }; -int use_spnego = 0; +static int use_spnego = 0; static void displayStatus_1(m, code, type) char *m; @@ -199,41 +199,26 @@ enumerateAttributes(OM_uint32 *minor, OM_uint32 major, tmp_minor; int name_is_MN; gss_OID mech = GSS_C_NO_OID; - gss_buffer_set_t authenticated = GSS_C_NO_BUFFER_SET; - gss_buffer_set_t asserted = GSS_C_NO_BUFFER_SET; - gss_buffer_set_t complete = GSS_C_NO_BUFFER_SET; + gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET; unsigned int i; major = gss_inquire_name(minor, name, &name_is_MN, &mech, - &authenticated, - &asserted, - &complete); + &attrs); if (GSS_ERROR(major)) { displayStatus("gss_inquire_name", major, *minor); - goto cleanup; + return major; } - if (authenticated != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < authenticated->count; i++) - dumpAttribute(minor, name, &authenticated->elements[i], noisy); - } - if (asserted != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < asserted->count; i++) - dumpAttribute(minor, name, &asserted->elements[i], noisy); - } - if (complete != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < complete->count; i++) - dumpAttribute(minor, name, &complete->elements[i], noisy); + if (attrs != GSS_C_NO_BUFFER_SET) { + for (i = 0; i < attrs->count; i++) + dumpAttribute(minor, name, &attrs->elements[i], noisy); } -cleanup: gss_release_oid(&tmp_minor, &mech); - gss_release_buffer_set(&tmp_minor, &authenticated); - gss_release_buffer_set(&tmp_minor, &asserted); - gss_release_buffer_set(&tmp_minor, &complete); + gss_release_buffer_set(&tmp_minor, &attrs); return major; }