From: Luke Howard <lukeh@padl.com>
Date: Tue, 25 Aug 2009 22:40:17 +0000 (+0000)
Subject: implement krb5_gss_export_name_composite
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1f63eba9c5018fb6d998cd114c58e4d3557fc2b;p=thirdparty%2Fkrb5.git

implement krb5_gss_export_name_composite

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22607 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 0fab4e454b..445647e38d 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -688,7 +688,7 @@ static struct gss_config krb5_mechanism = {
     krb5_gss_get_name_attribute,
     krb5_gss_set_name_attribute,
     krb5_gss_delete_name_attribute,
-    NULL,               /* export_name_composite */
+    krb5_gss_export_name_composite,
     krb5_gss_map_name_to_any,
     krb5_gss_release_any_name_mapping,
 };
diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index e6ae9e86b2..1ec16bbad1 100644
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -615,14 +615,113 @@ krb5_gss_release_any_name_mapping(OM_uint32 *minor_status,
 
 }
 
-#if 0
 OM_uint32
 krb5_gss_export_name_composite(OM_uint32 *minor_status,
                                gss_name_t name,
                                gss_buffer_t exp_composite_name)
 {
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    krb5_authdata **authdata = NULL;
+    krb5_data *enc_authdata = NULL;
+    char *princstr = NULL, *cp;
+    size_t princlen;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    if (!kg_validate_name(name)) {
+        *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
+    }
+
+    kname = (krb5_gss_name_t)name;
+
+    code = k5_mutex_lock(&kname->lock);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    if (kname->ad_context == NULL) {
+        code = ENOENT;
+        goto cleanup;
+    }
+
+    code = krb5_unparse_name(context, kname->princ, &princstr);
+    if (code != 0)
+        goto cleanup;
+
+    princlen = strlen(princstr);
+
+    code = krb5_authdata_export_attributes(context,
+                                           kname->ad_context,
+                                           AD_USAGE_AP_REQ,
+                                           &authdata);
+    if (code != 0)
+        goto cleanup;
+
+    if (authdata != NULL) {
+        code = encode_krb5_authdata(authdata, &enc_authdata);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    /* 04 02 OID Name AuthData */
+
+    exp_composite_name->length = 14 + princlen +
+        (enc_authdata != NULL ? enc_authdata->length : 0) +
+        gss_mech_krb5->length;
+    exp_composite_name->value = malloc(exp_composite_name->length);
+    if (exp_composite_name->value == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    cp = exp_composite_name->value;
+
+    /* Note: we assume the OID will be less than 128 bytes... */
+    *cp++ = 0x04;
+    *cp++ = 0x02;
+
+    store_16_be(gss_mech_krb5->length + 2, cp);
+    cp += 2;
+    *cp++ = 0x06;
+    *cp++ = (gss_mech_krb5->length) & 0xFF;
+    memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
+    cp += gss_mech_krb5->length;
+
+    store_32_be(princlen, cp);
+    cp += 4;
+    memcpy(cp, princstr, princlen);
+    cp += princlen;
+
+    if (enc_authdata != NULL) {
+        store_32_be(enc_authdata->length, cp);
+        cp += 4;
+        memcpy(cp, enc_authdata->data, enc_authdata->length);
+        cp += enc_authdata->length;
+    }
+
+cleanup:
+    krb5_free_unparsed_name(context, princstr);
+    krb5_free_data(context, enc_authdata);
+    krb5_free_authdata(context, authdata);
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
 }
 
+#if 0
 OM_uint32
 krb5_gss_display_name_ext(OM_uint32 *minor_status,
                           gss_name_t name,
diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index 3bc0f490eb..c2140a2b83 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -584,6 +584,8 @@ krb5_authdata_export_attributes(krb5_context kcontext,
         len += j;
     }
 
+    authdata[len] = NULL;
+
     *pauthdata = authdata;
 
     return code;
@@ -722,77 +724,3 @@ krb5_authdata_context_copy(krb5_context kcontext,
     return code;
 }
 
-#ifdef DEBUG
-static void
-debug_authdata_attribute(krb5_context kcontext,
-                         krb5_authdata_context context,
-                         const krb5_data *attr)
-{
-    krb5_error_code code;
-    krb5_boolean authenticated, complete;
-    krb5_data value, display_value;
-    int more = -1;
-
-    while (more != 0) {
-        code = krb5_authdata_get_attribute(kcontext, context, attr,
-                                           &authenticated, &complete,
-                                           &value, &display_value, &more);
-        if (code != 0)
-            break;
-
-        fprintf(stderr, "AD Attribute %.*s Value Length %d "
-                "Disp Value Length %d More %d\n",
-                attr->length, attr->data, value.length, display_value.length, more);
-
-        krb5_free_data_contents(kcontext, &value);
-        krb5_free_data_contents(kcontext, &display_value);
-    }
-}
-
-void
-krb5_authdata_debug(krb5_context kcontext,
-                    krb5_authdata_context context)
-{
-    krb5_error_code code;
-    krb5_data *asserted = NULL;
-    krb5_data *verified = NULL;
-    int i;
-
-#if 0
-    {
-    krb5_data fooattr = { KV5M_DATA, sizeof("mspac:1234"), "mspac:1234" };
-    krb5_data foovalue = { KV5M_DATA, sizeof("abcdefghijklmnop"), "abcdefghijklmnop" };
-
-    code = krb5_authdata_set_attribute(kcontext, context, TRUE, &fooattr, &foovalue);
-    if (code != 0) {
-        fprintf(stderr, "krb5_authdata_debug failed: %s\n",
-                krb5_get_error_message(kcontext, code));
-    }
-    }
-#endif
-
-    code = krb5_authdata_get_attribute_types(kcontext, context,
-                                             &asserted, &verified);
-    if (code != 0) {
-        fprintf(stderr, "krb5_authdata_debug failed: %s\n",
-                krb5_get_error_message(kcontext, code));
-        return;
-    }
-
-    fprintf(stderr, "Asserted attributes:\n");
-    if (asserted != NULL) {
-        for (i = 0; asserted[i].data != NULL; i++) {
-            debug_authdata_attribute(kcontext, context, &asserted[i]);
-        }
-    }
-    fprintf(stderr, "Authenticated attributes:\n");
-    if (verified != NULL) {
-        for (i = 0; verified[i].data != NULL; i++) {
-            debug_authdata_attribute(kcontext, context, &verified[i]);
-        }
-    }
-    krb5int_free_data_list(kcontext, asserted);
-    krb5int_free_data_list(kcontext, verified);
-}
-#endif /* DEBUG */
-
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 290e159267..eb2c88761d 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -1303,6 +1303,10 @@ mspac_export_attributes(krb5_context context,
     authdata[0]->length = data.length;
     authdata[0]->contents = (krb5_octet *)data.data;
 
+    authdata[1] = NULL;
+
+    *out_authdata = authdata;
+
     return 0;
 }