svn rev #21576: branches/mskrb-integ/src/lib/gssapi/ generic/ krb5/
lhoward@MIT.EDU
lhoward at MIT.EDU
Tue Dec 23 01:05:17 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21576
Commit By: lhoward
Log Message:
Cleanup, add generic_gss_oid_compose()/generic_gss_oid_decompose()
helpers
Changed Files:
U branches/mskrb-integ/src/lib/gssapi/generic/gssapiP_generic.h
U branches/mskrb-integ/src/lib/gssapi/generic/oid_ops.c
U branches/mskrb-integ/src/lib/gssapi/krb5/inq_context.c
U branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c
U branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c
Modified: branches/mskrb-integ/src/lib/gssapi/generic/gssapiP_generic.h
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/generic/gssapiP_generic.h 2008-12-23 05:29:17 UTC (rev 21575)
+++ branches/mskrb-integ/src/lib/gssapi/generic/gssapiP_generic.h 2008-12-23 06:05:15 UTC (rev 21576)
@@ -261,6 +261,22 @@
gss_buffer_t, /* oid_str */
gss_OID *); /* oid */
+OM_uint32
+generic_gss_oid_compose(
+ OM_uint32 *, /* minor_status */
+ const char *, /* prefix */
+ size_t, /* prefix_len */
+ int, /* suffix */
+ gss_OID_desc *); /* oid */
+
+OM_uint32
+generic_gss_oid_decompose(
+ OM_uint32 *, /* minor_status */
+ const char *, /*prefix */
+ size_t, /* prefix_len */
+ gss_OID_desc *, /* oid */
+ int *); /* suffix */
+
int gssint_mecherrmap_init(void);
void gssint_mecherrmap_destroy(void);
OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc *oid);
Modified: branches/mskrb-integ/src/lib/gssapi/generic/oid_ops.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/generic/oid_ops.c 2008-12-23 05:29:17 UTC (rev 21575)
+++ branches/mskrb-integ/src/lib/gssapi/generic/oid_ops.c 2008-12-23 06:05:15 UTC (rev 21576)
@@ -403,6 +403,92 @@
return(GSS_S_FAILURE);
}
+/* Compose an OID of a prefix and an integer suffix */
+OM_uint32
+generic_gss_oid_compose(
+ OM_uint32 *minor_status,
+ const char *prefix,
+ size_t prefix_len,
+ int suffix,
+ gss_OID_desc *oid)
+{
+ int osuffix, i;
+ size_t nbytes;
+ unsigned char *op;
+
+ if (oid == GSS_C_NO_OID) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ if (oid->length < prefix_len) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(oid->elements, prefix, prefix_len);
+
+ nbytes = 0;
+ osuffix = suffix;
+ while (suffix) {
+ nbytes++;
+ suffix >>= 7;
+ }
+ suffix = osuffix;
+
+ if (oid->length < prefix_len + nbytes) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ op = oid->elements + prefix_len + nbytes;
+ i = -1;
+ while (suffix) {
+ op[i] = (unsigned char)suffix & 0x7f;
+ if (i != -1)
+ op[i] |= 0x80;
+ i--;
+ suffix >>= 7;
+ }
+
+ oid->length = prefix_len + nbytes;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+generic_gss_oid_decompose(
+ OM_uint32 *minor_status,
+ const char *prefix,
+ size_t prefix_len,
+ gss_OID_desc *oid,
+ int *suffix)
+{
+ size_t i, slen;
+ unsigned char *op;
+
+ if (oid->length < prefix_len ||
+ memcmp(oid->elements, prefix, prefix_len) != 0) {
+ return GSS_S_BAD_MECH;
+ }
+
+ op = oid->elements + prefix_len;
+
+ *suffix = 0;
+
+ slen = oid->length - prefix_len;
+
+ for (i = 0; i < slen; i++) {
+ *suffix = (*suffix << 7) | (op[i] & 0x7f);
+ if (i + 1 != slen && (op[i] & 0x80) == 0) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ return GSS_S_COMPLETE;
+}
+
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
@@ -480,3 +566,4 @@
return (major);
}
+
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/inq_context.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/inq_context.c 2008-12-23 05:29:17 UTC (rev 21575)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/inq_context.c 2008-12-23 06:05:15 UTC (rev 21576)
@@ -201,9 +201,7 @@
gss_buffer_desc keyvalue, keyinfo;
OM_uint32 major_status, minor;
unsigned char oid_buf[GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + 6];
- unsigned char *op;
- size_t nbytes;
- int enctype, i;
+ gss_OID_desc oid;
ctx = (krb5_gss_ctx_id_rec *) context_handle;
key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey;
@@ -212,45 +210,37 @@
keyvalue.length = key->length;
major_status = generic_gss_add_buffer_set_member(minor_status, &keyvalue, data_set);
- if (GSS_ERROR(major_status)) {
- gss_release_buffer_set(&minor, data_set);
- return major_status;
- }
+ if (GSS_ERROR(major_status))
+ goto cleanup;
- /* Construct the OID 1.2.840.113554.1.2.2.4.<enctype> */
- memcpy(oid_buf, GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
- GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH);
+ oid.elements = oid_buf;
+ oid.length = sizeof(oid_buf);
- nbytes = 0;
- enctype = key->enctype;
- while (enctype) {
- nbytes++;
- enctype >>= 7;
- }
- enctype = key->enctype;
- op = oid_buf + GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + nbytes;
- i = -1;
- while (enctype) {
- op[i] = (unsigned char)enctype & 0x7f;
- if (i != -1)
- op[i] |= 0x80;
- i--;
- enctype >>= 7;
- }
+ major_status = generic_gss_oid_compose(minor_status,
+ GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
+ GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
+ key->enctype,
+ &oid);
+ if (GSS_ERROR(major_status))
+ goto cleanup;
- keyinfo.value = oid_buf;
- keyinfo.length = GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + nbytes;
- assert(keyinfo.length <= sizeof(oid_buf));
+ keyinfo.value = oid.elements;
+ keyinfo.length = oid.length;
major_status = generic_gss_add_buffer_set_member(minor_status, &keyinfo, data_set);
- if (GSS_ERROR(major_status)) {
- assert(*data_set != GSS_C_NO_BUFFER_SET);
- memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length);
+ if (GSS_ERROR(major_status))
+ goto cleanup;
+
+ return GSS_S_COMPLETE;
+
+cleanup:
+ if (*data_set != GSS_C_NO_BUFFER_SET) {
+ if ((*data_set)->count != 0)
+ memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length);
gss_release_buffer_set(&minor, data_set);
- return major_status;
}
- return GSS_S_COMPLETE;
+ return major_status;
}
OM_uint32
@@ -264,32 +254,21 @@
krb5_gss_ctx_id_rec *ctx;
int ad_type = 0;
size_t i;
- unsigned char *cp;
*data_set = GSS_C_NO_BUFFER_SET;
ctx = (krb5_gss_ctx_id_rec *) context_handle;
- major_status = GSS_S_FAILURE;
- *minor_status = ENOENT;
-
- /* Determine authorization data type from DER encoded OID suffix */
- cp = desired_object->elements;
- cp += GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH;
-
- for (i = 0;
- i < desired_object->length - GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH;
- i++)
- {
- ad_type = (ad_type << 7) | (cp[i] & 0x7f);
- if ((cp[i] & 0x80) == 0)
- break;
- /* XXX should we return an error if there is another arc */
+ major_status = generic_gss_oid_decompose(minor_status,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+ desired_object,
+ &ad_type);
+ if (major_status != GSS_S_COMPLETE || ad_type == 0) {
+ *minor_status = ENOENT;
+ return GSS_S_FAILURE;
}
- if (ad_type == 0)
- return GSS_S_FAILURE;
-
if (ctx->authdata != NULL) {
for (i = 0; ctx->authdata[i] != NULL; i++) {
if (ctx->authdata[i]->ad_type == ad_type) {
@@ -298,8 +277,8 @@
ad_data.length = ctx->authdata[i]->length;
ad_data.value = ctx->authdata[i]->contents;
- major_status = generic_gss_add_buffer_set_member(
- minor_status, &ad_data, data_set);
+ major_status = generic_gss_add_buffer_set_member(minor_status,
+ &ad_data, data_set);
if (GSS_ERROR(major_status))
break;
}
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c 2008-12-23 05:29:17 UTC (rev 21575)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c 2008-12-23 06:05:15 UTC (rev 21576)
@@ -619,47 +619,25 @@
{
unsigned char oid_buf[GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + 6];
gss_OID_desc req_oid;
- OM_uint32 major_status;
+ OM_uint32 major_status, minor;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
- int oversion, i;
- unsigned char *op;
- OM_uint32 nbytes;
if (kctx == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
*kctx = NULL;
- /*
- * This absolutely horrible code is used to DER encode the
- * requested authorization data type into the last element
- * of the request OID. Oh for an ASN.1 library...
- */
-
- memcpy(oid_buf, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
- GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH);
-
- nbytes = 0;
- oversion = version;
- while (version) {
- nbytes++;
- version >>= 7;
- }
- version = oversion;
- op = oid_buf + GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + nbytes;
- i = -1;
- while (version) {
- op[i] = (unsigned char)version & 0x7f;
- if (i != -1)
- op[i] |= 0x80;
- i--;
- version >>= 7;
- }
-
req_oid.elements = oid_buf;
- req_oid.length = GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + nbytes;
- assert(req_oid.length <= sizeof(oid_buf));
+ req_oid.length = sizeof(oid_buf);
+ major_status = generic_gss_oid_compose(minor_status,
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+ (int)version,
+ &req_oid);
+ if (GSS_ERROR(major_status))
+ return major_status;
+
major_status = gss_inquire_sec_context_by_oid(minor_status,
*context_handle,
&req_oid,
@@ -682,7 +660,7 @@
(void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
*context_handle = GSS_C_NO_CONTEXT;
- generic_gss_release_buffer_set(&nbytes, &data_set);
+ generic_gss_release_buffer_set(&minor, &data_set);
return GSS_S_COMPLETE;
}
@@ -828,43 +806,21 @@
unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
OM_uint32 major_status;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
- int oad_type, i;
- unsigned char *op;
- OM_uint32 nbytes;
if (ad_data == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
- /*
- * This absolutely horrible code is used to DER encode the
- * requested authorization data type into the last element
- * of the request OID. Oh for an ASN.1 library...
- */
-
- memcpy(oid_buf, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
- GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH);
-
- nbytes = 0;
- oad_type = ad_type;
- while (ad_type) {
- nbytes++;
- ad_type >>= 7;
- }
- ad_type = oad_type;
- op = oid_buf + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + nbytes;
- i = -1;
- while (ad_type) {
- op[i] = (unsigned char)ad_type & 0x7f;
- if (i != -1)
- op[i] |= 0x80;
- i--;
- ad_type >>= 7;
- }
-
req_oid.elements = oid_buf;
- req_oid.length = GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + nbytes;
- assert(req_oid.length <= sizeof(oid_buf));
+ req_oid.length = sizeof(oid_buf);
+ major_status = generic_gss_oid_compose(minor_status,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+ ad_type,
+ &req_oid);
+ if (GSS_ERROR(major_status))
+ return major_status;
+
major_status = gss_inquire_sec_context_by_oid(minor_status,
context_handle,
(const gss_OID)&req_oid,
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c 2008-12-23 05:29:17 UTC (rev 21575)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c 2008-12-23 06:05:15 UTC (rev 21576)
@@ -52,7 +52,7 @@
static krb5_error_code
make_external_lucid_ctx_v1(
krb5_gss_ctx_id_rec * gctx,
- unsigned int version,
+ int version,
void **out_ptr);
@@ -71,9 +71,7 @@
OM_uint32 retval;
krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle;
void *lctx = NULL;
- unsigned char *cp;
- unsigned int version = 0;
- size_t i;
+ int version = 0;
gss_buffer_desc rep;
/* Assume failure */
@@ -81,20 +79,14 @@
*minor_status = 0;
*data_set = GSS_C_NO_BUFFER_SET;
- /* Determine authorization data type from DER encoded OID suffix */
- cp = desired_object->elements;
- cp += GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH;
+ retval = generic_gss_oid_decompose(minor_status,
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+ GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+ desired_object,
+ &version);
+ if (GSS_ERROR(retval))
+ return retval;
- for (i = 0;
- i < desired_object->length - GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH;
- i++)
- {
- version = (version << 7) | (cp[i] & 0x7f);
- if ((cp[i] & 0x80) == 0)
- break;
- /* XXX should we return an error if there is another arc */
- }
-
/* Externalize a structure of the right version */
switch (version) {
case 1:
@@ -194,7 +186,7 @@
static krb5_error_code
make_external_lucid_ctx_v1(
krb5_gss_ctx_id_rec * gctx,
- unsigned int version,
+ int version,
void **out_ptr)
{
gss_krb5_lucid_context_v1_t *lctx = NULL;
More information about the cvs-krb5
mailing list