svn rev #21653: branches/mskrb-integ/src/lib/gssapi/krb5/
lhoward@MIT.EDU
lhoward at MIT.EDU
Wed Dec 31 21:56:17 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21653
Commit By: lhoward
Log Message:
Back out r2164[78]; although the mech_invoke abstraction is superfluous
when building mech_krb5 today, it will help anyone that wants to
correctly build it dynamically.
(By correctly, I mean that mechanism-specific API should go in
libgssapi_krb5 and the mechanism itself in mech_krb5; one cannot assume
that one can link against loadable modules on all platforms. I notice in
OpenSolaris Sun link against mech_krb5 directly to get mech-specific
API, but this won't work on Darwin.)
Changed Files:
U branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c
U branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h
U branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c
U branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c
U branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c
U branches/mskrb-integ/src/lib/gssapi/krb5/set_ccache.c
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c 2009-01-01 02:05:21 UTC (rev 21652)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/acquire_cred.c 2009-01-01 02:56:15 UTC (rev 21653)
@@ -97,8 +97,11 @@
static char *krb5_gss_keytab = NULL;
/* Heimdal calls this gsskrb5_register_acceptor_identity. */
-OM_uint32 KRB5_CALLCONV
-krb5_gss_register_acceptor_identity(const char *keytab)
+OM_uint32
+gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
char *new, *old;
int err;
@@ -107,10 +110,10 @@
if (err != 0)
return GSS_S_FAILURE;
- if (keytab == NULL)
- return GSS_S_CALL_INACCESSIBLE_READ;
+ if (value->value == NULL)
+ return GSS_S_FAILURE;
- new = strdup(keytab);
+ new = strdup((char *)value->value);
if (new == NULL)
return GSS_S_FAILURE;
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-01 02:05:21 UTC (rev 21652)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-01-01 02:56:15 UTC (rev 21653)
@@ -823,14 +823,34 @@
const gss_OID desired_oid,
const gss_buffer_t value);
+#define GSS_KRB5_CCACHE_NAME_OID_LENGTH 11
+#define GSS_KRB5_CCACHE_NAME_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
+
+struct krb5_gss_ccache_name_req {
+ const char *name;
+ const char **out_name;
+};
+
+OM_uint32 KRB5_CALLCONV gss_krb5int_ccache_name
+ (OM_uint32 *minor_status,
+ const gss_OID,
+ const gss_OID,
+ const gss_buffer_t);
+
#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11
-#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
+#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
struct krb5_gss_set_allowable_enctypes_req {
OM_uint32 num_ktypes;
krb5_enctype *ktypes;
};
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
+
+OM_uint32
+gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
+
OM_uint32 KRB5_CALLCONV
gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
gss_cred_id_t cred,
@@ -838,7 +858,7 @@
const gss_buffer_t value);
#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
+#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
OM_uint32
gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
@@ -846,14 +866,32 @@
const gss_OID desired_object,
gss_buffer_set_t *data_set);
-#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
-#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
+#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
OM_uint32
-gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
+gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
+ const gss_OID, gss_buffer_t);
+extern k5_mutex_t kg_kdc_flag_mutex;
+krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
+
+#define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
+
+OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
+ const gss_OID, gss_buffer_t);
+
+krb5_error_code krb5_gss_use_kdc_context(void);
+
+#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11
+#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
+
+OM_uint32
+gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
+
#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
+#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a"
OM_uint32
gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
@@ -862,13 +900,13 @@
gss_buffer_set_t *ad_data);
#define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
-#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
+#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
OM_uint32
gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t);
#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11
-#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
+#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c"
OM_uint32
gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
@@ -884,10 +922,6 @@
OM_uint32 gss_krb5int_initialize_library(void);
void gss_krb5int_cleanup_library(void);
-extern k5_mutex_t kg_kdc_flag_mutex;
-krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
-krb5_error_code krb5_gss_use_kdc_context(void);
-
/* For error message handling. */
/* Returns a shared string, not a private copy! */
extern char *
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c 2009-01-01 02:05:21 UTC (rev 21652)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/init_sec_context.c 2009-01-01 02:56:15 UTC (rev 21653)
@@ -987,19 +987,25 @@
}
#ifndef _WIN32
-krb5_error_code
-krb5_gss_use_kdc_context()
+OM_uint32
+krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
- krb5_error_code err;
+ OM_uint32 err;
+ *minor_status = 0;
+
err = gss_krb5int_initialize_library();
if (err)
- return err;
- err = k5_mutex_lock(&kg_kdc_flag_mutex);
- if (err)
- return err;
+ return err;
+ *minor_status = k5_mutex_lock(&kg_kdc_flag_mutex);
+ if (*minor_status) {
+ return GSS_S_FAILURE;
+ }
kdc_flag = 1;
k5_mutex_unlock(&kg_kdc_flag_mutex);
- return 0;
+ return GSS_S_COMPLETE;
}
#endif
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-01-01 02:05:21 UTC (rev 21652)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-01-01 02:56:15 UTC (rev 21653)
@@ -307,6 +307,65 @@
return GSS_S_UNAVAILABLE;
}
+/*
+ * gssspi_mech_invoke() methods
+ */
+static struct {
+ gss_OID_desc oid;
+ OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
+} krb5_gssspi_mech_invoke_ops[] = {
+ {
+ {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
+ gss_krb5int_register_acceptor_identity
+ },
+ {
+ {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID},
+ gss_krb5int_ccache_name
+ },
+ {
+ {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
+ gss_krb5int_free_lucid_sec_context
+ },
+ {
+ {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
+ krb5int_gss_use_kdc_context
+ }
+};
+
+static OM_uint32
+krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
+{
+ size_t i;
+
+ if (minor_status == NULL)
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+ *minor_status = 0;
+
+ if (desired_mech == GSS_C_NO_OID)
+ return GSS_S_BAD_MECH;
+
+ if (desired_object == GSS_C_NO_OID)
+ return GSS_S_CALL_INACCESSIBLE_READ;
+
+ for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
+ sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
+ if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
+ return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
+ desired_mech,
+ desired_object,
+ value);
+ }
+ }
+
+ *minor_status = EINVAL;
+
+ return GSS_S_UNAVAILABLE;
+}
+
static struct gss_config krb5_mechanism = {
{ GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
NULL,
@@ -358,7 +417,7 @@
krb5_gss_inquire_cred_by_oid,
krb5_gss_set_sec_context_option,
krb5_gssspi_set_cred_option,
- NULL, /* mech_invoke */
+ krb5_gssspi_mech_invoke,
NULL, /* wrap_aead */
NULL, /* unwrap_aead */
krb5_gss_wrap_iov,
@@ -634,6 +693,97 @@
return major_status;
}
+OM_uint32 KRB5_CALLCONV
+gss_krb5_ccache_name(
+ OM_uint32 *minor_status,
+ const char *name,
+ const char **out_name)
+{
+ static const gss_OID_desc const req_oid = {
+ GSS_KRB5_CCACHE_NAME_OID_LENGTH,
+ GSS_KRB5_CCACHE_NAME_OID };
+ OM_uint32 major_status;
+ struct krb5_gss_ccache_name_req req;
+ gss_buffer_desc req_buffer;
+
+ req.name = name;
+ req.out_name = out_name;
+
+ req_buffer.length = sizeof(req);
+ req_buffer.value = &req;
+
+ major_status = gssspi_mech_invoke(minor_status,
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
+
+ return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_free_lucid_sec_context(
+ OM_uint32 *minor_status,
+ void *kctx)
+{
+ static const gss_OID_desc const req_oid = {
+ GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
+ GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
+ OM_uint32 major_status;
+ gss_buffer_desc req_buffer;
+
+ req_buffer.length = sizeof(kctx);
+ req_buffer.value = kctx;
+
+ major_status = gssspi_mech_invoke(minor_status,
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
+
+ return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_register_acceptor_identity(const char *keytab)
+{
+ static const gss_OID_desc const req_oid = {
+ GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
+ GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ gss_buffer_desc req_buffer;
+
+ req_buffer.length = strlen(keytab);
+ req_buffer.value = (char *)keytab;
+
+ major_status = gssspi_mech_invoke(&minor_status,
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
+
+ return major_status;
+}
+
+krb5_error_code
+krb5_gss_use_kdc_context(void)
+{
+ static const gss_OID_desc const req_oid = {
+ GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
+ GSS_KRB5_USE_KDC_CONTEXT_OID };
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ gss_buffer_desc req_buffer;
+
+ req_buffer.length = 0;
+ req_buffer.value = NULL;
+
+ major_status = gssspi_mech_invoke(&minor_status,
+ (const gss_OID)gss_mech_krb5,
+ (const gss_OID)&req_oid,
+ &req_buffer);
+
+ return major_status;
+}
+
/*
* This API should go away and be replaced with an accessor
* into a gss_name_t.
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c 2009-01-01 02:05:21 UTC (rev 21652)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/lucid_context.c 2009-01-01 02:56:15 UTC (rev 21653)
@@ -124,19 +124,28 @@
* Frees the storage associated with an
* exported lucid context structure.
*/
-OM_uint32 KRB5_CALLCONV
-gss_krb5_free_lucid_sec_context(
+OM_uint32
+gss_krb5int_free_lucid_sec_context(
OM_uint32 *minor_status,
- void *kctx)
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
OM_uint32 retval;
krb5_error_code kret = 0;
int version;
+ void *kctx;
/* Assume failure */
retval = GSS_S_FAILURE;
*minor_status = 0;
+ kctx = value->value;
+ if (!kctx) {
+ kret = EINVAL;
+ goto error_out;
+ }
+
/* Verify pointer is valid lucid context */
if (! kg_validate_lucidctx_id(kctx)) {
kret = G_VALIDATE_FAILED;
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/set_ccache.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/set_ccache.c 2009-01-01 02:05:21 UTC (rev 21652)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/set_ccache.c 2009-01-01 02:56:15 UTC (rev 21653)
@@ -32,15 +32,16 @@
#include "gssapiP_krb5.h"
OM_uint32 KRB5_CALLCONV
-gss_krb5_ccache_name(minor_status, name, out_name)
- OM_uint32 *minor_status;
- const char *name;
- const char **out_name;
+gss_krb5int_ccache_name(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ const gss_OID desired_object,
+ gss_buffer_t value)
{
char *old_name = NULL;
OM_uint32 err = 0;
OM_uint32 minor = 0;
char *gss_out_name;
+ struct krb5_gss_ccache_name_req *req;
err = gss_krb5int_initialize_library();
if (err) {
@@ -48,9 +49,16 @@
return GSS_S_FAILURE;
}
+ assert(value->length == sizeof(*req));
+
+ if (value->length != sizeof(*req))
+ return GSS_S_FAILURE;
+
+ req = (struct krb5_gss_ccache_name_req *)value->value;
+
gss_out_name = k5_getspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME);
- if (out_name) {
+ if (req->out_name) {
const char *tmp_name = NULL;
if (!err) {
@@ -65,7 +73,7 @@
don't free up any storage (leave old_name NULL). */
if (!err)
- kg_set_ccache_name (&err, name);
+ kg_set_ccache_name (&err, req->name);
minor = k5_setspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, gss_out_name);
if (minor) {
@@ -78,8 +86,8 @@
}
if (!err) {
- if (out_name) {
- *out_name = gss_out_name;
+ if (req->out_name) {
+ *(req->out_name) = gss_out_name;
}
}
More information about the cvs-krb5
mailing list