svn rev #21649: branches/mskrb-integ/src/lib/gssapi/krb5/
lhoward@MIT.EDU
lhoward at MIT.EDU
Wed Dec 31 20:58:05 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21649
Commit By: lhoward
Log Message:
gssspi_mech_invoke() is superfluous for mech_krb5, it's only useful for
mechanisms that are dynamically loaded (in which case the mechanism
would provide a separate library with mechanism-specific APIs that
wrapped gsspi_mech_invoke())
Changed Files:
U branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c
U branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h
U branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c
U branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c
U branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c 2009-01-01 01:44:25 UTC (rev 21648)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c 2009-01-01 01:58:04 UTC (rev 21649)
@@ -97,11 +97,8 @@
static char *krb5_gss_keytab = NULL;
/* Heimdal calls this gsskrb5_register_acceptor_identity. */
-OM_uint32
-gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+OM_uint32 KRB5_CALLCONV
+krb5_gss_register_acceptor_identity(const char *keytab)
{
char *new, *old;
int err;
@@ -110,10 +107,10 @@
if (err != 0)
return GSS_S_FAILURE;
- if (value->value == NULL)
- return GSS_S_FAILURE;
+ if (keytab == NULL)
+ return GSS_S_CALL_INACCESSIBLE_READ;
- new = strdup((char *)value->value);
+ new = strdup(keytab);
if (new == NULL)
return GSS_S_FAILURE;
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-01 01:44:25 UTC (rev 21648)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-01 01:58:04 UTC (rev 21649)
@@ -806,7 +806,7 @@
*/
#define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11
-#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02"
+#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags
(OM_uint32 *minor_status,
@@ -815,7 +815,7 @@
gss_buffer_set_t *data_set);
#define GSS_KRB5_COPY_CCACHE_OID_LENGTH 11
-#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
+#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02"
OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache
(OM_uint32 *minor_status,
@@ -824,7 +824,7 @@
const gss_buffer_t value);
#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11
-#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
+#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
struct krb5_gss_set_allowable_enctypes_req {
OM_uint32 num_ktypes;
@@ -838,7 +838,7 @@
const gss_buffer_t value);
#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
+#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
OM_uint32
gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
@@ -846,32 +846,10 @@
const gss_OID desired_object,
gss_buffer_set_t *data_set);
-#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
+/* 1.2.840.113554.1.2.2.5.5 reserved for GSS_C_INQ_SSPI_SESSION_KEY */
-OM_uint32
-gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
- const gss_OID, gss_buffer_t);
-
-extern k5_mutex_t kg_kdc_flag_mutex;
-krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
-
-#define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c"
-
-OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
- const gss_OID, gss_buffer_t);
-
-krb5_error_code krb5_gss_use_kdc_context(void);
-
-#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11
-#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
-
-OM_uint32
-gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
-
#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
+#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
OM_uint32
gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
@@ -879,28 +857,20 @@
const gss_OID desired_object,
gss_buffer_set_t *ad_data);
-#if 0
-#define GSS_KRB5_SET_ACCEPTOR_ALIAS_OID_LENGTH 11
-#define GSS_KRB5_SET_ACCEPTOR_ALIAS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
-
-OM_uint32
-gss_krb5int_set_cred_alias(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
-#endif
-
#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
-#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
OM_uint32
gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
#define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
-#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0d"
+#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
OM_uint32
gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t);
#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0e"
+#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
OM_uint32
gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
@@ -916,6 +886,10 @@
OM_uint32 gss_krb5int_initialize_library(void);
void gss_krb5int_cleanup_library(void);
+extern k5_mutex_t kg_kdc_flag_mutex;
+krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
+krb5_error_code krb5_gss_use_kdc_context(void);
+
/* For error message handling. */
/* Returns a shared string, not a private copy! */
extern char *
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c 2009-01-01 01:44:25 UTC (rev 21648)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c 2009-01-01 01:58:04 UTC (rev 21649)
@@ -987,25 +987,19 @@
}
#ifndef _WIN32
-OM_uint32
-krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+krb5_error_code
+krb5_gss_use_kdc_context()
{
- OM_uint32 err;
+ krb5_error_code err;
- *minor_status = 0;
-
err = gss_krb5int_initialize_library();
if (err)
- return err;
- *minor_status = k5_mutex_lock(&kg_kdc_flag_mutex);
- if (*minor_status) {
- return GSS_S_FAILURE;
- }
+ return err;
+ err = k5_mutex_lock(&kg_kdc_flag_mutex);
+ if (err)
+ return err;
kdc_flag = 1;
k5_mutex_unlock(&kg_kdc_flag_mutex);
- return GSS_S_COMPLETE;
+ return 0;
}
#endif
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-01-01 01:44:25 UTC (rev 21648)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-01-01 01:58:04 UTC (rev 21649)
@@ -307,61 +307,6 @@
return GSS_S_UNAVAILABLE;
}
-/*
- * gssspi_mech_invoke() methods
- */
-static struct {
- gss_OID_desc oid;
- OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
-} krb5_gssspi_mech_invoke_ops[] = {
- {
- {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
- gss_krb5int_register_acceptor_identity
- },
- {
- {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
- gss_krb5int_free_lucid_sec_context
- },
- {
- {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
- krb5int_gss_use_kdc_context
- }
-};
-
-static OM_uint32
-krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
-{
- size_t i;
-
- if (minor_status == NULL)
- return GSS_S_CALL_INACCESSIBLE_WRITE;
-
- *minor_status = 0;
-
- if (desired_mech == GSS_C_NO_OID)
- return GSS_S_BAD_MECH;
-
- if (desired_object == GSS_C_NO_OID)
- return GSS_S_CALL_INACCESSIBLE_READ;
-
- for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
- sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
- if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
- return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
- desired_mech,
- desired_object,
- value);
- }
- }
-
- *minor_status = EINVAL;
-
- return GSS_S_UNAVAILABLE;
-}
-
static struct gss_config krb5_mechanism = {
{ GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
NULL,
@@ -413,7 +358,7 @@
krb5_gss_inquire_cred_by_oid,
krb5_gss_set_sec_context_option,
krb5_gssspi_set_cred_option,
- krb5_gssspi_mech_invoke,
+ NULL, /* mech_invoke */
NULL, /* wrap_aead */
NULL, /* unwrap_aead */
krb5_gss_wrap_iov,
@@ -689,70 +634,6 @@
return major_status;
}
-OM_uint32 KRB5_CALLCONV
-gss_krb5_free_lucid_sec_context(
- OM_uint32 *minor_status,
- void *kctx)
-{
- static const gss_OID_desc const req_oid = {
- GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
- GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
- OM_uint32 major_status;
- gss_buffer_desc req_buffer;
-
- req_buffer.length = sizeof(kctx);
- req_buffer.value = kctx;
-
- major_status = gssspi_mech_invoke(minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
-
- return major_status;
-}
-
-OM_uint32 KRB5_CALLCONV
-krb5_gss_register_acceptor_identity(const char *keytab)
-{
- static const gss_OID_desc const req_oid = {
- GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
- GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
- OM_uint32 major_status;
- OM_uint32 minor_status;
- gss_buffer_desc req_buffer;
-
- req_buffer.length = strlen(keytab);
- req_buffer.value = (char *)keytab;
-
- major_status = gssspi_mech_invoke(&minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
-
- return major_status;
-}
-
-krb5_error_code
-krb5_gss_use_kdc_context(void)
-{
- static const gss_OID_desc const req_oid = {
- GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
- GSS_KRB5_USE_KDC_CONTEXT_OID };
- OM_uint32 major_status;
- OM_uint32 minor_status;
- gss_buffer_desc req_buffer;
-
- req_buffer.length = 0;
- req_buffer.value = NULL;
-
- major_status = gssspi_mech_invoke(&minor_status,
- (const gss_OID)gss_mech_krb5,
- (const gss_OID)&req_oid,
- &req_buffer);
-
- return major_status;
-}
-
/*
* This API should go away and be replaced with an accessor
* into a gss_name_t.
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c 2009-01-01 01:44:25 UTC (rev 21648)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c 2009-01-01 01:58:04 UTC (rev 21649)
@@ -124,28 +124,19 @@
* Frees the storage associated with an
* exported lucid context structure.
*/
-OM_uint32
-gss_krb5int_free_lucid_sec_context(
+OM_uint32 KRB5_CALLCONV
+gss_krb5_free_lucid_sec_context(
OM_uint32 *minor_status,
- const gss_OID desired_mech,
- const gss_OID desired_object,
- gss_buffer_t value)
+ void *kctx)
{
OM_uint32 retval;
krb5_error_code kret = 0;
int version;
- void *kctx;
/* Assume failure */
retval = GSS_S_FAILURE;
*minor_status = 0;
- kctx = value->value;
- if (!kctx) {
- kret = EINVAL;
- goto error_out;
- }
-
/* Verify pointer is valid lucid context */
if (! kg_validate_lucidctx_id(kctx)) {
kret = G_VALIDATE_FAILED;
More information about the cvs-krb5
mailing list