svn rev #24877: trunk/src/lib/gssapi/ generic/ krb5/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Apr 13 11:15:56 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24877
Commit By: ghudson
Log Message:
Remove pointer validation code from the gss krb5 mech.
Changed Files:
U trunk/src/lib/gssapi/generic/Makefile.in
U trunk/src/lib/gssapi/generic/gssapiP_generic.h
D trunk/src/lib/gssapi/generic/util_validate.c
D trunk/src/lib/gssapi/generic/utl_nohash_validate.c
U trunk/src/lib/gssapi/krb5/accept_sec_context.c
U trunk/src/lib/gssapi/krb5/acquire_cred.c
U trunk/src/lib/gssapi/krb5/compare_name.c
U trunk/src/lib/gssapi/krb5/context_time.c
U trunk/src/lib/gssapi/krb5/delete_sec_context.c
U trunk/src/lib/gssapi/krb5/disp_name.c
U trunk/src/lib/gssapi/krb5/duplicate_name.c
U trunk/src/lib/gssapi/krb5/export_name.c
U trunk/src/lib/gssapi/krb5/export_sec_context.c
U trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
U trunk/src/lib/gssapi/krb5/gssapi_krb5.c
U trunk/src/lib/gssapi/krb5/iakerb.c
U trunk/src/lib/gssapi/krb5/import_name.c
U trunk/src/lib/gssapi/krb5/import_sec_context.c
U trunk/src/lib/gssapi/krb5/init_sec_context.c
U trunk/src/lib/gssapi/krb5/inq_context.c
U trunk/src/lib/gssapi/krb5/inq_cred.c
U trunk/src/lib/gssapi/krb5/k5seal.c
U trunk/src/lib/gssapi/krb5/k5sealiov.c
U trunk/src/lib/gssapi/krb5/k5unseal.c
U trunk/src/lib/gssapi/krb5/k5unsealiov.c
U trunk/src/lib/gssapi/krb5/lucid_context.c
U trunk/src/lib/gssapi/krb5/naming_exts.c
U trunk/src/lib/gssapi/krb5/prf.c
U trunk/src/lib/gssapi/krb5/process_context_token.c
U trunk/src/lib/gssapi/krb5/rel_cred.c
U trunk/src/lib/gssapi/krb5/rel_name.c
U trunk/src/lib/gssapi/krb5/s4u_gss_glue.c
U trunk/src/lib/gssapi/krb5/ser_sctx.c
U trunk/src/lib/gssapi/krb5/val_cred.c
U trunk/src/lib/gssapi/krb5/wrap_size_limit.c
Modified: trunk/src/lib/gssapi/generic/Makefile.in
===================================================================
--- trunk/src/lib/gssapi/generic/Makefile.in 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/generic/Makefile.in 2011-04-13 15:15:56 UTC (rev 24877)
@@ -60,14 +60,6 @@
##DOS##gssapi.h: gssapi.hin
##DOS## $(CP) $** $@
-#if HasHashLibrary
-# UTIL_VALIDATE_SRC= $(srcdir)/util_validate.c
-# UTIL_VALIDATE_OBJ= util_validate.$(OBJEXT)
-#else
-#UTIL_VALIDATE_SRC= $(srcdir)/utl_nohash_validate.c
-#UTIL_VALIDATE_OBJ= utl_nohash_validate.$(OBJEXT)
-#endif
-
SRCS = \
$(srcdir)/disp_com_err_status.c \
$(srcdir)/disp_major_status.c \
@@ -81,7 +73,6 @@
$(srcdir)/util_ordering.c \
$(srcdir)/util_set.c \
$(srcdir)/util_token.c \
- $(srcdir)/util_validate.c \
gssapi_err_generic.c
OBJS = \
@@ -97,7 +88,6 @@
$(OUTPRE)util_ordering.$(OBJEXT) \
$(OUTPRE)util_set.$(OBJEXT) \
$(OUTPRE)util_token.$(OBJEXT) \
- $(OUTPRE)util_validate.$(OBJEXT) \
$(OUTPRE)gssapi_err_generic.$(OBJEXT)
STLIBOBJS = \
@@ -113,7 +103,6 @@
util_ordering.o \
util_set.o \
util_token.o \
- util_validate.o \
gssapi_err_generic.o
EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h
Modified: trunk/src/lib/gssapi/generic/gssapiP_generic.h
===================================================================
--- trunk/src/lib/gssapi/generic/gssapiP_generic.h 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/generic/gssapiP_generic.h 2011-04-13 15:15:56 UTC (rev 24877)
@@ -103,18 +103,6 @@
#define g_set_entry_add gssint_g_set_entry_add
#define g_set_entry_delete gssint_g_set_entry_delete
#define g_set_entry_get gssint_g_set_entry_get
-#define g_save_name gssint_g_save_name
-#define g_save_cred_id gssint_g_save_cred_id
-#define g_save_ctx_id gssint_g_save_ctx_id
-#define g_save_lucidctx_id gssint_g_save_lucidctx_id
-#define g_validate_name gssint_g_validate_name
-#define g_validate_cred_id gssint_g_validate_cred_id
-#define g_validate_ctx_id gssint_g_validate_ctx_id
-#define g_validate_lucidctx_id gssint_g_validate_lucidctx_id
-#define g_delete_name gssint_g_delete_name
-#define g_delete_cred_id gssint_g_delete_cred_id
-#define g_delete_ctx_id gssint_g_delete_ctx_id
-#define g_delete_lucidctx_id gssint_g_delete_lucidctx_id
#define g_make_string_buffer gssint_g_make_string_buffer
#define g_token_size gssint_g_token_size
#define g_make_token_header gssint_g_make_token_header
Modified: trunk/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/accept_sec_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/accept_sec_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -346,8 +346,8 @@
ctx->established = 1;
if (src_name) {
- if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
- KG_INIT_NAME_INTERN, &name))) {
+ code = kg_duplicate_name(ctx->k5_context, ctx->there, &name);
+ if (code) {
major_status = GSS_S_FAILURE;
goto fail;
}
@@ -905,16 +905,6 @@
ctx->big_endian = bigend;
ctx->cred_rcache = cred_rcache;
- /* Intern the ctx pointer so that delete_sec_context works */
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- xfree(ctx);
- ctx = 0;
-
- code = G_VALIDATE_FAILED;
- major_status = GSS_S_FAILURE;
- goto fail;
- }
-
/* XXX move this into gss_name_t */
if ( (code = krb5_merge_authdata(context,
ticket->enc_part2->authorization_data,
@@ -1161,8 +1151,8 @@
/* set the return arguments */
if (src_name) {
- if ((code = kg_duplicate_name(context, ctx->there,
- KG_INIT_NAME_INTERN, &name))) {
+ code = kg_duplicate_name(context, ctx->there, &name);
+ if (code) {
major_status = GSS_S_FAILURE;
goto fail;
}
@@ -1183,15 +1173,8 @@
if (src_name)
*src_name = (gss_name_t) name;
- if (delegated_cred_handle) {
- if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
- major_status = GSS_S_FAILURE;
- code = G_VALIDATE_FAILED;
- goto fail;
- }
-
+ if (delegated_cred_handle)
*delegated_cred_handle = (gss_cred_id_t) deleg_cred;
- }
/* finally! */
@@ -1228,13 +1211,13 @@
if (deleg_cred->ccache)
(void)krb5_cc_close(context, deleg_cred->ccache);
if (deleg_cred->name)
- kg_release_name(context, 0, &deleg_cred->name);
+ kg_release_name(context, &deleg_cred->name);
xfree(deleg_cred);
}
if (token.value)
xfree(token.value);
if (name) {
- (void) kg_release_name(context, 0, &name);
+ (void) kg_release_name(context, &name);
}
*minor_status = code;
Modified: trunk/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/acquire_cred.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/acquire_cred.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -240,7 +240,7 @@
}
assert(cred->name == NULL);
- code = kg_duplicate_name(context, desired_name, 0, &cred->name);
+ code = kg_duplicate_name(context, desired_name, &cred->name);
if (code) {
*minor_status = code;
return GSS_S_FAILURE;
@@ -650,11 +650,6 @@
*time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0;
}
- if (!kg_save_cred_id((gss_cred_id_t)cred)) {
- ret = GSS_S_FAILURE;
- goto error_out;
- }
-
*minor_status = 0;
*output_cred_handle = (gss_cred_id_t) cred;
@@ -674,7 +669,7 @@
krb5_kt_close(context, cred->keytab);
#endif /* LEAN_CLIENT */
if (cred->name)
- kg_release_name(context, 0, &cred->name);
+ kg_release_name(context, &cred->name);
k5_mutex_destroy(&cred->lock);
xfree(cred);
}
@@ -745,11 +740,6 @@
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.time_req = time_req;
@@ -775,11 +765,6 @@
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.time_req = time_req;
@@ -803,11 +788,6 @@
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.password = password;
@@ -832,11 +812,6 @@
{
struct acquire_cred_args args;
- if (desired_name && !kg_validate_name(desired_name)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_FAILURE;
- }
-
memset(&args, 0, sizeof(args));
args.desired_name = desired_name;
args.password = password;
Modified: trunk/src/lib/gssapi/krb5/compare_name.c
===================================================================
--- trunk/src/lib/gssapi/krb5/compare_name.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/compare_name.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -37,16 +37,6 @@
krb5_context context;
krb5_error_code code;
- if (! kg_validate_name(name1)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
- if (! kg_validate_name(name2)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
code = krb5_gss_init_context(&context);
if (code) {
*minor_status = code;
Modified: trunk/src/lib/gssapi/krb5/context_time.c
===================================================================
--- trunk/src/lib/gssapi/krb5/context_time.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/context_time.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -38,12 +38,6 @@
krb5_timestamp now;
krb5_deltat lifetime;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
Modified: trunk/src/lib/gssapi/krb5/delete_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/delete_sec_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/delete_sec_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -47,13 +47,6 @@
return(GSS_S_COMPLETE);
}
- /*SUPPRESS 29*/
- /* validate the context handle */
- if (! kg_validate_ctx_id(*context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_t) *context_handle;
context = ctx->k5_context;
@@ -72,10 +65,6 @@
}
}
- /* invalidate the context handle */
-
- (void)kg_delete_ctx_id(*context_handle);
-
/* free all the context state */
if (ctx->seqstate)
@@ -88,9 +77,9 @@
krb5_k_free_key(context, ctx->seq);
if (ctx->here)
- kg_release_name(context, 0, &ctx->here);
+ kg_release_name(context, &ctx->here);
if (ctx->there)
- kg_release_name(context, 0, &ctx->there);
+ kg_release_name(context, &ctx->there);
if (ctx->subkey)
krb5_k_free_key(context, ctx->subkey);
if (ctx->acceptor_subkey)
Modified: trunk/src/lib/gssapi/krb5/disp_name.c
===================================================================
--- trunk/src/lib/gssapi/krb5/disp_name.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/disp_name.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -46,11 +46,6 @@
output_name_buffer->length = 0;
output_name_buffer->value = NULL;
- if (! kg_validate_name(input_name)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) {
if (krb5_principal_compare(context, k5name->princ,
krb5_anonymous_principal()))
Modified: trunk/src/lib/gssapi/krb5/duplicate_name.c
===================================================================
--- trunk/src/lib/gssapi/krb5/duplicate_name.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/duplicate_name.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -44,15 +44,9 @@
return GSS_S_FAILURE;
}
- if (! kg_validate_name(input_name)) {
- if (minor_status)
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
princ = (krb5_gss_name_t)input_name;
- if ((code = kg_duplicate_name(context, princ, KG_INIT_NAME_INTERN, &outprinc))) {
+ code = kg_duplicate_name(context, princ, &outprinc);
+ if (code) {
*minor_status = code;
save_error_info(*minor_status, context);
krb5_free_context(context);
@@ -60,7 +54,6 @@
}
krb5_free_context(context);
*dest_name = (gss_name_t) outprinc;
- assert(kg_validate_name(*dest_name));
return(GSS_S_COMPLETE);
}
Modified: trunk/src/lib/gssapi/krb5/export_name.c
===================================================================
--- trunk/src/lib/gssapi/krb5/export_name.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/export_name.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -49,13 +49,6 @@
exported_name->length = 0;
exported_name->value = NULL;
- if (! kg_validate_name(input_name)) {
- if (minor_status)
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
if ((code = krb5_unparse_name(context, ((krb5_gss_name_t) input_name)->princ,
&str))) {
if (minor_status)
Modified: trunk/src/lib/gssapi/krb5/export_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/export_sec_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/export_sec_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -44,12 +44,6 @@
retval = GSS_S_FAILURE;
*minor_status = 0;
- if (!kg_validate_ctx_id(*context_handle)) {
- kret = (OM_uint32) G_VALIDATE_FAILED;
- retval = GSS_S_NO_CONTEXT;
- goto error_out;
- }
-
ctx = (krb5_gss_ctx_id_t) *context_handle;
context = ctx->k5_context;
kret = krb5_gss_ser_init(context);
Modified: trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- trunk/src/lib/gssapi/krb5/gssapiP_krb5.h 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/gssapiP_krb5.h 2011-04-13 15:15:56 UTC (rev 24877)
@@ -245,25 +245,6 @@
extern k5_mutex_t gssint_krb5_keytab_lock;
#endif /* LEAN_CLIENT */
-/* helper macros */
-
-#define kg_save_name(name) g_save_name(&kg_vdb,name)
-#define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred)
-#define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx)
-#define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx)
-
-#define kg_validate_name(name) g_validate_name(&kg_vdb,name)
-#define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred)
-#define kg_validate_ctx_id(ctx) (g_validate_ctx_id(&kg_vdb,ctx) && \
- ((krb5_gss_ctx_id_t)ctx)->magic == \
- KG_CONTEXT)
-#define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx)
-
-#define kg_delete_name(name) g_delete_name(&kg_vdb,name)
-#define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred)
-#define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx)
-#define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx)
-
/** helper functions **/
OM_uint32 kg_get_defcred
@@ -891,8 +872,7 @@
int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
/* naming_exts.c */
-#define KG_INIT_NAME_INTERN 0x1
-#define KG_INIT_NAME_NO_COPY 0x2
+#define KG_INIT_NAME_NO_COPY 0x1
krb5_error_code
kg_init_name(krb5_context context, krb5_principal principal,
@@ -900,14 +880,10 @@
krb5_flags flags, krb5_gss_name_t *name);
krb5_error_code
-kg_release_name(krb5_context context,
- krb5_flags flags,
- krb5_gss_name_t *name);
+kg_release_name(krb5_context context, krb5_gss_name_t *name);
krb5_error_code
-kg_duplicate_name(krb5_context context,
- const krb5_gss_name_t src,
- krb5_flags flags,
+kg_duplicate_name(krb5_context context, const krb5_gss_name_t src,
krb5_gss_name_t *dst);
krb5_boolean
Modified: trunk/src/lib/gssapi/krb5/gssapi_krb5.c
===================================================================
--- trunk/src/lib/gssapi/krb5/gssapi_krb5.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/gssapi_krb5.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -367,9 +367,6 @@
*data_set = GSS_C_NO_BUFFER_SET;
- if (!kg_validate_ctx_id(context_handle))
- return GSS_S_NO_CONTEXT;
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (!ctx->established)
@@ -486,15 +483,6 @@
if (desired_object == GSS_C_NO_OID)
return GSS_S_CALL_INACCESSIBLE_READ;
- if (*context_handle != GSS_C_NO_CONTEXT) {
- krb5_gss_ctx_id_rec *ctx;
-
- if (!kg_validate_ctx_id(*context_handle))
- return GSS_S_NO_CONTEXT;
-
- ctx = (krb5_gss_ctx_id_rec *) context_handle;
- }
-
#if 0
for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
@@ -768,12 +756,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(pname)) {
- *minor = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)pname;
code = krb5_aname_to_localname(context, kname->princ,
@@ -813,11 +795,6 @@
return GSS_S_BAD_NAMETYPE;
}
- if (!kg_validate_name(pname)) {
- *minor = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)pname;
code = krb5_gss_init_context(&context);
Modified: trunk/src/lib/gssapi/krb5/iakerb.c
===================================================================
--- trunk/src/lib/gssapi/krb5/iakerb.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/iakerb.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -912,12 +912,6 @@
} else
ctx = (iakerb_ctx_id_t)*context_handle;
- if (!kg_validate_name(target_name)) {
- *minor_status = G_VALIDATE_FAILED;
- major_status = GSS_S_CALL_BAD_STRUCTURE | GSS_S_BAD_NAME;
- goto cleanup;
- }
-
kname = (krb5_gss_name_t)target_name;
if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
Modified: trunk/src/lib/gssapi/krb5/import_name.c
===================================================================
--- trunk/src/lib/gssapi/krb5/import_name.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/import_name.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -306,7 +306,7 @@
/* Create a name and save it in the validation database. */
code = kg_init_name(context, princ, service, host, ad_context,
- KG_INIT_NAME_INTERN | KG_INIT_NAME_NO_COPY, &name);
+ KG_INIT_NAME_NO_COPY, &name);
if (code)
goto cleanup;
princ = NULL;
Modified: trunk/src/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/import_sec_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/import_sec_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -109,13 +109,6 @@
}
krb5_free_context(context);
- /* intern the context handle */
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- (void)krb5_gss_delete_sec_context(minor_status,
- (gss_ctx_id_t *) &ctx, NULL);
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_FAILURE);
- }
ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
*context_handle = (gss_ctx_id_t) ctx;
Modified: trunk/src/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/init_sec_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/init_sec_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -609,10 +609,11 @@
ctx->krb_times.endtime = now + time_req;
}
- if ((code = kg_duplicate_name(context, cred->name, 0, &ctx->here)))
+ if ((code = kg_duplicate_name(context, cred->name, &ctx->here)))
goto cleanup;
- if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name, 0, &ctx->there)))
+ if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name,
+ &ctx->there)))
goto cleanup;
code = get_credentials(context, cred, ctx->there, now,
@@ -690,12 +691,6 @@
if (actual_mech_type)
*actual_mech_type = mech_type;
- /* At this point, the context is constructed and valid; intern it. */
- if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
- code = G_VALIDATE_FAILED;
- goto cleanup;
- }
-
/* return successfully */
*context_handle = (gss_ctx_id_t) ctx;
@@ -719,9 +714,9 @@
if (ctx_free->auth_context)
krb5_auth_con_free(context, ctx_free->auth_context);
if (ctx_free->here)
- kg_release_name(context, 0, &ctx_free->here);
+ kg_release_name(context, &ctx_free->here);
if (ctx_free->there)
- kg_release_name(context, 0, &ctx_free->there);
+ kg_release_name(context, &ctx_free->there);
if (ctx_free->subkey)
krb5_k_free_key(context, ctx_free->subkey);
xfree(ctx_free);
@@ -769,13 +764,6 @@
if (code)
goto fail;
- /* validate the context handle */
- /*SUPPRESS 29*/
- if (! kg_validate_ctx_id(*context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_t) *context_handle;
/* make sure the context is non-established, and that certain
@@ -970,16 +958,6 @@
if (actual_mech_type)
*actual_mech_type = NULL;
- /* verify that the target_name is valid and usable */
-
- if (! kg_validate_name(target_name)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- save_error_info(*minor_status, context);
- if (*context_handle == GSS_C_NO_CONTEXT)
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
/* verify the credential, or use the default */
/*SUPPRESS 29*/
if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
Modified: trunk/src/lib/gssapi/krb5/inq_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/inq_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/inq_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -103,12 +103,6 @@
if (acceptor_name)
*acceptor_name = (gss_name_t) NULL;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
@@ -131,8 +125,7 @@
if (initiator_name) {
if ((code = kg_duplicate_name(context,
- ctx->initiate?ctx->here:ctx->there,
- KG_INIT_NAME_INTERN,
+ ctx->initiate ? ctx->here : ctx->there,
&initiator))) {
*minor_status = code;
save_error_info(*minor_status, context);
@@ -142,12 +135,10 @@
if (acceptor_name) {
if ((code = kg_duplicate_name(context,
- ctx->initiate?ctx->there:ctx->here,
- KG_INIT_NAME_INTERN,
+ ctx->initiate ? ctx->there : ctx->here,
&acceptor))) {
if (initiator)
- kg_release_name(context, KG_INIT_NAME_INTERN,
- &initiator);
+ kg_release_name(context, &initiator);
*minor_status = code;
save_error_info(*minor_status, context);
return(GSS_S_FAILURE);
Modified: trunk/src/lib/gssapi/krb5/inq_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/inq_cred.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/inq_cred.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -146,8 +146,7 @@
if (name) {
if (cred->name) {
- code = kg_duplicate_name(context, cred->name, KG_INIT_NAME_INTERN,
- &ret_name);
+ code = kg_duplicate_name(context, cred->name, &ret_name);
} else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH)
&& cred->keytab != NULL) {
/* This is a default acceptor cred; use a name from the keytab if
@@ -155,8 +154,7 @@
code = k5_kt_get_principal(context, cred->keytab, &princ);
if (code == 0) {
code = kg_init_name(context, princ, NULL, NULL, NULL,
- KG_INIT_NAME_NO_COPY | KG_INIT_NAME_INTERN,
- &ret_name);
+ KG_INIT_NAME_NO_COPY, &ret_name);
if (code)
krb5_free_principal(context, princ);
} else if (code == KRB5_KT_NOTFOUND)
@@ -182,7 +180,7 @@
&mechs))) {
k5_mutex_unlock(&cred->lock);
if (ret_name)
- kg_release_name(context, KG_INIT_NAME_INTERN, &ret_name);
+ kg_release_name(context, &ret_name);
/* *minor_status set above */
goto fail;
}
Modified: trunk/src/lib/gssapi/krb5/k5seal.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5seal.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/k5seal.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -345,12 +345,6 @@
return GSS_S_FAILURE;
}
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
Modified: trunk/src/lib/gssapi/krb5/k5sealiov.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5sealiov.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/k5sealiov.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -284,11 +284,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
@@ -353,11 +348,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
Modified: trunk/src/lib/gssapi/krb5/k5unseal.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5unseal.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/k5unseal.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -485,12 +485,6 @@
int vfyflags = 0;
OM_uint32 ret;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
Modified: trunk/src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5unsealiov.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/k5unsealiov.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -627,11 +627,6 @@
krb5_gss_ctx_id_rec *ctx;
OM_uint32 code;
- if (!kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
ctx = (krb5_gss_ctx_id_rec *)context_handle;
if (!ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
Modified: trunk/src/lib/gssapi/krb5/lucid_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/lucid_context.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/lucid_context.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -97,12 +97,6 @@
if (kret)
goto error_out;
- /* Success! Record the context and return the buffer */
- if (! kg_save_lucidctx_id((void *)lctx)) {
- kret = G_VALIDATE_FAILED;
- goto error_out;
- }
-
rep.value = &lctx;
rep.length = sizeof(lctx);
@@ -142,17 +136,10 @@
goto error_out;
}
- /* Verify pointer is valid lucid context */
- if (! kg_validate_lucidctx_id(kctx)) {
- kret = G_VALIDATE_FAILED;
- goto error_out;
- }
-
/* Determine version and call correct free routine */
version = ((gss_krb5_lucid_context_version_t *)kctx)->version;
switch (version) {
case 1:
- (void)kg_delete_lucidctx_id(kctx);
free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx);
break;
default:
Modified: trunk/src/lib/gssapi/krb5/naming_exts.c
===================================================================
--- trunk/src/lib/gssapi/krb5/naming_exts.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/naming_exts.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -86,29 +86,20 @@
name->ad_context = ad_context;
}
- if ((flags & KG_INIT_NAME_INTERN) &&
- !kg_save_name((gss_name_t)name)) {
- code = G_VALIDATE_FAILED;
- goto cleanup;
- }
-
*ret_name = name;
cleanup:
if (code != 0)
- kg_release_name(context, 0, &name);
+ kg_release_name(context, &name);
return code;
}
krb5_error_code
kg_release_name(krb5_context context,
- krb5_flags flags,
krb5_gss_name_t *name)
{
if (*name != NULL) {
- if (flags & KG_INIT_NAME_INTERN)
- kg_delete_name((gss_name_t)*name);
krb5_free_principal(context, (*name)->princ);
free((*name)->service);
free((*name)->host);
@@ -124,7 +115,6 @@
krb5_error_code
kg_duplicate_name(krb5_context context,
const krb5_gss_name_t src,
- krb5_flags flags,
krb5_gss_name_t *dst)
{
krb5_error_code code;
@@ -134,7 +124,7 @@
return code;
code = kg_init_name(context, src->princ, src->service, src->host,
- src->ad_context, flags, dst);
+ src->ad_context, 0, dst);
k5_mutex_unlock(&src->lock);
@@ -284,12 +274,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
@@ -351,12 +335,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
@@ -435,12 +413,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
@@ -496,12 +468,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
@@ -554,12 +520,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
@@ -617,12 +577,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
@@ -684,12 +638,6 @@
return GSS_S_FAILURE;
}
- if (!kg_validate_name(name)) {
- *minor_status = (OM_uint32)G_VALIDATE_FAILED;
- krb5_free_context(context);
- return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
- }
-
kname = (krb5_gss_name_t)name;
code = k5_mutex_lock(&kname->lock);
Modified: trunk/src/lib/gssapi/krb5/prf.c
===================================================================
--- trunk/src/lib/gssapi/krb5/prf.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/prf.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -53,11 +53,6 @@
prf_out->length = 0;
prf_out->value = NULL;
- if (!kg_validate_ctx_id(context)) {
- *minor_status = G_VALIDATE_FAILED;
- return GSS_S_NO_CONTEXT;
- }
-
t.length = 0;
t.data = NULL;
Modified: trunk/src/lib/gssapi/krb5/process_context_token.c
===================================================================
--- trunk/src/lib/gssapi/krb5/process_context_token.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/process_context_token.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -37,12 +37,6 @@
krb5_gss_ctx_id_rec *ctx;
OM_uint32 majerr;
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_t) context_handle;
if (! ctx->established) {
Modified: trunk/src/lib/gssapi/krb5/rel_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/rel_cred.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/rel_cred.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -44,12 +44,6 @@
return(GSS_S_COMPLETE);
}
- if (! kg_delete_cred_id(*cred_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
- }
-
cred = (krb5_gss_cred_id_t)*cred_handle;
k5_mutex_destroy(&cred->lock);
@@ -75,7 +69,7 @@
else
code3 = 0;
if (cred->name)
- kg_release_name(context, 0, &cred->name);
+ kg_release_name(context, &cred->name);
if (cred->req_enctypes)
free(cred->req_enctypes);
Modified: trunk/src/lib/gssapi/krb5/rel_name.c
===================================================================
--- trunk/src/lib/gssapi/krb5/rel_name.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/rel_name.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -37,14 +37,7 @@
return GSS_S_FAILURE;
}
- if (! kg_validate_name(*input_name)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- krb5_free_context(context);
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
- }
-
- kg_release_name(context, KG_INIT_NAME_INTERN,
- (krb5_gss_name_t *)input_name);
+ kg_release_name(context, (krb5_gss_name_t *)input_name);
krb5_free_context(context);
*input_name = (gss_name_t) NULL;
Modified: trunk/src/lib/gssapi/krb5/s4u_gss_glue.c
===================================================================
--- trunk/src/lib/gssapi/krb5/s4u_gss_glue.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/s4u_gss_glue.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -258,11 +258,6 @@
*time_rec = cred->tgt_expire - now;
}
- if (!kg_save_cred_id((gss_cred_id_t)cred)) {
- code = G_VALIDATE_FAILED;
- goto cleanup;
- }
-
major_status = GSS_S_COMPLETE;
*minor_status = 0;
*output_cred = cred;
@@ -276,7 +271,7 @@
if (GSS_ERROR(major_status) && cred != NULL) {
k5_mutex_destroy(&cred->lock);
krb5_cc_destroy(context, cred->ccache);
- kg_release_name(context, 0, &cred->name);
+ kg_release_name(context, &cred->name);
xfree(cred);
}
Modified: trunk/src/lib/gssapi/krb5/ser_sctx.c
===================================================================
--- trunk/src/lib/gssapi/krb5/ser_sctx.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/ser_sctx.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -792,9 +792,9 @@
if (ctx->subkey)
krb5_k_free_key(kcontext, ctx->subkey);
if (ctx->there)
- kg_release_name(kcontext, 0, &ctx->there);
+ kg_release_name(kcontext, &ctx->there);
if (ctx->here)
- kg_release_name(kcontext, 0, &ctx->here);
+ kg_release_name(kcontext, &ctx->here);
xfree(ctx);
}
}
Modified: trunk/src/lib/gssapi/krb5/val_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/val_cred.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/val_cred.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -36,11 +36,6 @@
krb5_error_code code;
krb5_principal princ;
- if (!kg_validate_cred_id(cred_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL);
- }
-
cred = (krb5_gss_cred_id_t) cred_handle;
code = k5_mutex_lock(&cred->lock);
Modified: trunk/src/lib/gssapi/krb5/wrap_size_limit.c
===================================================================
--- trunk/src/lib/gssapi/krb5/wrap_size_limit.c 2011-04-12 18:35:31 UTC (rev 24876)
+++ trunk/src/lib/gssapi/krb5/wrap_size_limit.c 2011-04-13 15:15:56 UTC (rev 24877)
@@ -94,12 +94,6 @@
return(GSS_S_FAILURE);
}
- /* validate the context handle */
- if (! kg_validate_ctx_id(context_handle)) {
- *minor_status = (OM_uint32) G_VALIDATE_FAILED;
- return(GSS_S_NO_CONTEXT);
- }
-
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
More information about the cvs-krb5
mailing list