An interposer mech needs to be able to handle multiple mechanisms.
When importing a mech token for a name, cred, or context, the
interposer mech needs to know the mech type of the token being
imported. To make this work, add SPI calls which accept a mech type
argument.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
{
OM_uint32 status, tmpMinor;
gss_mechanism mech;
+ gss_OID public_mech;
mech = gssint_get_mechanism (mech_type);
if (mech == NULL)
}
}
- if (mech->gss_import_name == NULL)
+ if (mech->gssspi_import_name_by_mech) {
+ public_mech = gssint_get_public_oid(mech_type);
+ status = mech->gssspi_import_name_by_mech(minor_status, public_mech,
+ union_name->external_name,
+ union_name->name_type,
+ internal_name);
+ } else if (mech->gss_import_name) {
+ status = mech->gss_import_name(minor_status, union_name->external_name,
+ union_name->name_type, internal_name);
+ } else {
return (GSS_S_UNAVAILABLE);
+ }
- status = mech->gss_import_name(minor_status,
- union_name->external_name,
- union_name->name_type,
- internal_name);
if (status == GSS_S_COMPLETE) {
/* Attempt to round-trip attributes */
(void) import_internal_attributes(&tmpMinor, mech,
if (status != GSS_S_COMPLETE)
goto error;
mech = gssint_get_mechanism(selected_mech);
- if (mech == NULL || mech->gss_import_cred == NULL) {
+ if (mech == NULL || (mech->gss_import_cred == NULL &&
+ mech->gssspi_import_cred_by_mech == NULL)) {
status = GSS_S_DEFECTIVE_TOKEN;
goto error;
}
- status = mech->gss_import_cred(minor_status, &mech_token, &mech_cred);
+ if (mech->gssspi_import_cred_by_mech) {
+ status = mech->gssspi_import_cred_by_mech(minor_status,
+ gssint_get_public_oid(selected_mech),
+ &mech_token, &mech_cred);
+ } else {
+ status = mech->gss_import_cred(minor_status, &mech_token,
+ &mech_cred);
+ }
if (status != GSS_S_COMPLETE) {
map_error(minor_status, mech);
goto error;
if ((mech = gssint_get_mechanism(&mechOid)) == NULL)
return (GSS_S_BAD_MECH);
- if (mech->gss_import_name == NULL)
+ if (mech->gssspi_import_name_by_mech == NULL &&
+ mech->gss_import_name == NULL)
return (GSS_S_UNAVAILABLE);
/*
* have created it.
*/
if (mech->gss_export_name) {
- major = mech->gss_import_name(minor,
- &expName, (gss_OID)GSS_C_NT_EXPORT_NAME,
- &unionName->mech_name);
+ if (mech->gssspi_import_name_by_mech) {
+ major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+ GSS_C_NT_EXPORT_NAME,
+ &unionName->mech_name);
+ } else {
+ major = mech->gss_import_name(minor, &expName,
+ GSS_C_NT_EXPORT_NAME,
+ &unionName->mech_name);
+ }
if (major != GSS_S_COMPLETE)
map_error(minor, mech);
else {
*/
expName.length = nameLen;
expName.value = nameLen ? (void *)buf : NULL;
- major = mech->gss_import_name(minor, &expName,
- GSS_C_NULL_OID, &unionName->mech_name);
+ if (mech->gssspi_import_name_by_mech) {
+ major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+ GSS_C_NULL_OID,
+ &unionName->mech_name);
+ } else {
+ major = mech->gss_import_name(minor, &expName,
+ GSS_C_NULL_OID, &unionName->mech_name);
+ }
if (major != GSS_S_COMPLETE) {
map_error(minor, mech);
return (major);
OM_uint32 status;
char *p;
gss_union_ctx_id_t ctx;
+ gss_ctx_id_t mctx;
gss_buffer_desc token;
gss_OID selected_mech = GSS_C_NO_OID;
+ gss_OID public_mech;
gss_mechanism mech;
status = val_imp_sec_ctx_args(minor_status,
status = GSS_S_BAD_MECH;
goto error_out;
}
- if (!mech->gss_import_sec_context) {
+ if (!mech->gssspi_import_sec_context_by_mech &&
+ !mech->gss_import_sec_context) {
status = GSS_S_UNAVAILABLE;
goto error_out;
}
- status = mech->gss_import_sec_context(minor_status,
- &token, &ctx->internal_ctx_id);
-
+ if (mech->gssspi_import_sec_context_by_mech) {
+ public_mech = gssint_get_public_oid(selected_mech);
+ status = mech->gssspi_import_sec_context_by_mech(minor_status,
+ public_mech,
+ &token, &mctx);
+ } else {
+ status = mech->gss_import_sec_context(minor_status, &token, &mctx);
+ }
if (status == GSS_S_COMPLETE) {
+ ctx->internal_ctx_id = mctx;
ctx->loopback = ctx;
*context_handle = (gss_ctx_id_t)ctx;
return (GSS_S_COMPLETE);
/* RFC 5587 */
GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_attrs_for_mech);
GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
+ GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
+ GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
+ GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);
assert(mech_type != GSS_C_NO_OID);
/* RFC 5587 */
RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_attrs_for_mech);
RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _acquire_cred_with_password);
+ RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_sec_context_by_mech);
+ RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_name_by_mech);
+ RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_cred_by_mech);
mech->mech_type = *mech_type;
return mech;
gss_cred_id_t * /* cred_handle */
/* */);
+ OM_uint32 (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* desired_mech */
+ gss_buffer_t, /* interprocess_token */
+ gss_ctx_id_t * /* context_handle */
+ /* */);
+
+ OM_uint32 (KRB5_CALLCONV *gssspi_import_name_by_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* mech_type */
+ gss_buffer_t, /* input_name_buffer */
+ gss_OID, /* input_name_type */
+ gss_name_t* /* output_name */
+ /* */);
+
+ OM_uint32 (KRB5_CALLCONV *gssspi_import_cred_by_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* mech_type */
+ gss_buffer_t, /* token */
+ gss_cred_id_t * /* cred_handle */
+ /* */);
+
} *gss_mechanism;
/*
projects / thirdparty / krb5.git / commitdiff
