From: Luke Howard Date: Tue, 25 Aug 2009 21:54:55 +0000 (+0000) Subject: refactor authdata context copying X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=745926b65c77c83ec2ce691ccc0e154c63bac330;p=thirdparty%2Fkrb5.git refactor authdata context copying git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22603 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index b74effacb0..dde605718f 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1400,12 +1400,6 @@ krb5_error_code KRB5_CALLCONV krb5_authdata_export_internal const char *module, void **ptr); -krb5_error_code KRB5_CALLCONV krb5_authdata_import_internal -(krb5_context kcontext, - krb5_authdata_context context, - const char *module, - void *ptr); - krb5_error_code KRB5_CALLCONV krb5_authdata_context_copy (krb5_context kcontext, krb5_authdata_context src, diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index 6a5e73914e..1e9957b1e2 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -241,12 +241,11 @@ typedef krb5_error_code krb5_boolean restrict_authenticated, void **ptr); -/* NB: this takes ownership of ptr */ typedef krb5_error_code -(*authdata_client_import_internal_proc)(krb5_context context, - void *plugin_context, - void *request_context, - void *ptr); +(*authdata_client_copy_context_proc)(krb5_context context, + void *plugin_context, + void *request_context, + void **dst_request_context); typedef void (*authdata_client_free_internal_proc)(krb5_context context, @@ -269,8 +268,8 @@ typedef struct krb5plugin_authdata_client_ftable_v0 { authdata_client_delete_attribute_proc delete_attribute; authdata_client_export_attributes_proc export_attributes; authdata_client_export_internal_proc export_internal; - authdata_client_import_internal_proc import_internal; authdata_client_free_internal_proc free_internal; + authdata_client_copy_context_proc copy_context; } krb5plugin_authdata_client_ftable_v0; #endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */ diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c index b3c68eb8ff..e6ae9e86b2 100644 --- a/src/lib/gssapi/krb5/naming_exts.c +++ b/src/lib/gssapi/krb5/naming_exts.c @@ -41,6 +41,8 @@ kg_init_name(krb5_context context, { krb5_error_code code; + assert(principal != NULL); + if (principal == NULL) return EINVAL; diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index ee9f7915ee..d44f10dbdd 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -621,35 +621,6 @@ krb5_authdata_export_internal(krb5_context kcontext, return code; } -krb5_error_code KRB5_CALLCONV -krb5_authdata_import_internal(krb5_context kcontext, - krb5_authdata_context context, - const char *module_name, - void *ptr) -{ - int i; - krb5_error_code code = ENOENT; - - for (i = 0; i < context->n_modules; i++) { - struct _krb5_authdata_context_module *module = &context->modules[i]; - - if (strcmp(module_name, module->name) != 0) - continue; - - if (module->ftable->import_internal == NULL) - continue; - - code = (*module->ftable->import_internal)(kcontext, - module->plugin_context, - *(module->request_context_pp), - ptr); - - break; - } - - return code; -} - krb5_error_code KRB5_CALLCONV krb5_authdata_free_internal(krb5_context kcontext, krb5_authdata_context context, @@ -680,14 +651,13 @@ krb5_authdata_free_internal(krb5_context kcontext, } static krb5_error_code -import_export_authdata(krb5_context kcontext, - struct _krb5_authdata_context_module *src_module, - krb5_authdata_context dst) +copy_authdata_context(krb5_context kcontext, + struct _krb5_authdata_context_module *src_module, + krb5_authdata_context dst) { int i; krb5_error_code code; struct _krb5_authdata_context_module *dst_module = NULL; - void *ptr = NULL; for (i = 0; i < dst->n_modules; i++) { struct _krb5_authdata_context_module *module = &dst->modules[i]; @@ -702,30 +672,20 @@ import_export_authdata(krb5_context kcontext, if (dst_module == NULL) return ENOENT; - if (src_module->ftable->export_internal == NULL || - dst_module->ftable->import_internal == NULL) - return 0; + assert(strcmp(dst_module->name, src_module->name) == 0); - code = (*src_module->ftable->export_internal)(kcontext, - src_module->plugin_context, - *(src_module->request_context_pp), - FALSE, - &ptr); - if (code != 0) - return code; + if (dst_module->client_req_init == NULL) { + /* only copy the context for the head module */ + return 0; + } - code = (*dst_module->ftable->import_internal)(kcontext, - dst_module->plugin_context, - *(dst_module->request_context_pp), - ptr); + assert(src_module->request_context_pp == &src_module->request_context); + assert(dst_module->request_context_pp == &dst_module->request_context); - /* assume import takes ownership */ - if (code != 0 && src_module->ftable->free_internal != NULL) { - (*src_module->ftable->free_internal)(kcontext, - src_module->plugin_context, - *(src_module->request_context_pp), - ptr); - } + code = (*src_module->ftable->copy_context)(kcontext, + src_module->plugin_context, + src_module->request_context, + dst_module->request_context_pp); return code; } @@ -739,8 +699,7 @@ krb5_authdata_context_copy(krb5_context kcontext, krb5_error_code code; krb5_authdata_context dst; - /* This is a bit of a hack and potentially very expensive. */ - + /* XXX we need to init a new context because we can't copy plugins */ code = krb5_authdata_context_init(kcontext, &dst); if (code != 0) return code; @@ -748,7 +707,7 @@ krb5_authdata_context_copy(krb5_context kcontext, for (i = 0; i < src->n_modules; i++) { struct _krb5_authdata_context_module *module = &src->modules[i]; - code = import_export_authdata(kcontext, module, dst); + code = copy_authdata_context(kcontext, module, dst); if (code != 0) break; } diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 2c9962cb1e..290e159267 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -284,7 +284,7 @@ krb5_pac_init(krb5_context context, pac->pac = (PACTYPE *)malloc(sizeof(PACTYPE)); if (pac->pac == NULL) { - free( pac); + free(pac); return ENOMEM; } @@ -305,6 +305,47 @@ krb5_pac_init(krb5_context context, return 0; } +static krb5_error_code +k5_pac_copy(krb5_context context, + krb5_pac src, + krb5_pac *dst) +{ + size_t header_len; + krb5_ui_4 cbuffers; + krb5_error_code code; + krb5_pac pac; + + cbuffers = src->pac->cBuffers; + if (cbuffers != 0) + cbuffers--; + + header_len = sizeof(PACTYPE) + cbuffers * sizeof(PAC_INFO_BUFFER); + + pac = (krb5_pac)malloc(sizeof(*pac)); + if (pac == NULL) + return ENOMEM; + + pac->pac = (PACTYPE *)malloc(header_len); + if (pac->pac == NULL) { + free(pac); + return ENOMEM; + } + + memcpy(pac->pac, src->pac, header_len); + + code = krb5int_copy_data_contents(context, &src->data, &pac->data); + if (code != 0) { + free(pac->pac); + free(pac); + return ENOMEM; + } + + pac->verified = src->verified; + *dst = pac; + + return 0; +} + /* * Parse the supplied data into the PAC allocated by this function */ @@ -1294,21 +1335,27 @@ mspac_export_internal(krb5_context context, return code; } -/* Note: this takes ownership of ptr by design */ static krb5_error_code -mspac_import_internal(krb5_context context, - void *plugin_context, - void *request_context, - void *ptr) +mspac_copy_context(krb5_context context, + void *plugin_context, + void *request_context, + void **dst_request_context) { - struct mspac_context *pacctx = (struct mspac_context *)request_context; - krb5_pac pac = (krb5_pac)ptr; + struct mspac_context *srcctx = (struct mspac_context *)request_context; + struct mspac_context *dstctx; + krb5_error_code code; - if (pac == NULL) - return EINVAL; + code = mspac_request_init(context, plugin_context, (void **)&dstctx); + if (code != 0) + return code; + + code = k5_pac_copy(context, srcctx->pac, &dstctx->pac); + if (code != 0) { + free(dstctx); + return code; + } - krb5_pac_free(context, pacctx->pac); - pacctx->pac = pac; + *dst_request_context = dstctx; return 0; } @@ -1342,8 +1389,8 @@ krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable = { NULL, /* delete_attribute_proc */ mspac_export_attributes, mspac_export_internal, - mspac_import_internal, - mspac_free_internal + mspac_free_internal, + mspac_copy_context }; diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c index 8829349903..d799c17aa5 100644 --- a/src/tests/gssapi/t_namingexts.c +++ b/src/tests/gssapi/t_namingexts.c @@ -167,11 +167,11 @@ enumerateAttributes(OM_uint32 *minor, dumpAttribute(minor, name, &authenticated->elements[i]); } if (asserted != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < authenticated->count; i++) + for (i = 0; i < asserted->count; i++) dumpAttribute(minor, name, &asserted->elements[i]); } if (complete != GSS_C_NO_BUFFER_SET) { - for (i = 0; i < authenticated->count; i++) + for (i = 0; i < complete->count; i++) dumpAttribute(minor, name, &complete->elements[i]); }