krb5 commit: Add SPI calls to import objects by mech oid
Greg Hudson
ghudson at MIT.EDU
Tue Oct 2 00:57:18 EDT 2012
https://github.com/krb5/krb5/commit/a71abbaf9a6757d4728fe01dae23289765790df6
commit a71abbaf9a6757d4728fe01dae23289765790df6
Author: Simo Sorce <simo at redhat.com>
Date: Tue Aug 28 16:47:23 2012 +0200
Add SPI calls to import objects by mech oid
An interposer mech needs to be able to handle multiple mechanisms.
When importing a mech token for a name, cred, or context, the
interposer mech needs to know the mech type of the token being
imported. To make this work, add SPI calls which accept a mech type
argument.
[ghudson at mit.edu: Stylistic changes, commit squashing, commit message]
src/lib/gssapi/mechglue/g_glue.c | 17 ++++++++++++-----
src/lib/gssapi/mechglue/g_imp_cred.c | 12 ++++++++++--
src/lib/gssapi/mechglue/g_imp_name.c | 25 +++++++++++++++++++------
src/lib/gssapi/mechglue/g_imp_sec_context.c | 17 +++++++++++++----
src/lib/gssapi/mechglue/g_initialize.c | 6 ++++++
src/lib/gssapi/mechglue/mglueP.h | 25 +++++++++++++++++++++++++
6 files changed, 85 insertions(+), 17 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c
index e9ff4c8..e438a03 100644
--- a/src/lib/gssapi/mechglue/g_glue.c
+++ b/src/lib/gssapi/mechglue/g_glue.c
@@ -358,6 +358,7 @@ gss_name_t *internal_name;
{
OM_uint32 status, tmpMinor;
gss_mechanism mech;
+ gss_OID public_mech;
mech = gssint_get_mechanism (mech_type);
if (mech == NULL)
@@ -381,13 +382,19 @@ gss_name_t *internal_name;
}
}
- if (mech->gss_import_name == NULL)
+ if (mech->gssspi_import_name_by_mech) {
+ public_mech = gssint_get_public_oid(mech_type);
+ status = mech->gssspi_import_name_by_mech(minor_status, public_mech,
+ union_name->external_name,
+ union_name->name_type,
+ internal_name);
+ } else if (mech->gss_import_name) {
+ status = mech->gss_import_name(minor_status, union_name->external_name,
+ union_name->name_type, internal_name);
+ } else {
return (GSS_S_UNAVAILABLE);
+ }
- status = mech->gss_import_name(minor_status,
- union_name->external_name,
- union_name->name_type,
- internal_name);
if (status == GSS_S_COMPLETE) {
/* Attempt to round-trip attributes */
(void) import_internal_attributes(&tmpMinor, mech,
diff --git a/src/lib/gssapi/mechglue/g_imp_cred.c b/src/lib/gssapi/mechglue/g_imp_cred.c
index 1611daf..77e2ff5 100644
--- a/src/lib/gssapi/mechglue/g_imp_cred.c
+++ b/src/lib/gssapi/mechglue/g_imp_cred.c
@@ -134,11 +134,19 @@ gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
if (status != GSS_S_COMPLETE)
goto error;
mech = gssint_get_mechanism(selected_mech);
- if (mech == NULL || mech->gss_import_cred == NULL) {
+ if (mech == NULL || (mech->gss_import_cred == NULL &&
+ mech->gssspi_import_cred_by_mech == NULL)) {
status = GSS_S_DEFECTIVE_TOKEN;
goto error;
}
- status = mech->gss_import_cred(minor_status, &mech_token, &mech_cred);
+ if (mech->gssspi_import_cred_by_mech) {
+ status = mech->gssspi_import_cred_by_mech(minor_status,
+ gssint_get_public_oid(selected_mech),
+ &mech_token, &mech_cred);
+ } else {
+ status = mech->gss_import_cred(minor_status, &mech_token,
+ &mech_cred);
+ }
if (status != GSS_S_COMPLETE) {
map_error(minor_status, mech);
goto error;
diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c
index 8fcc3d0..b2c5091 100644
--- a/src/lib/gssapi/mechglue/g_imp_name.c
+++ b/src/lib/gssapi/mechglue/g_imp_name.c
@@ -250,7 +250,8 @@ importExportName(minor, unionName)
if ((mech = gssint_get_mechanism(&mechOid)) == NULL)
return (GSS_S_BAD_MECH);
- if (mech->gss_import_name == NULL)
+ if (mech->gssspi_import_name_by_mech == NULL &&
+ mech->gss_import_name == NULL)
return (GSS_S_UNAVAILABLE);
/*
@@ -260,9 +261,15 @@ importExportName(minor, unionName)
* have created it.
*/
if (mech->gss_export_name) {
- major = mech->gss_import_name(minor,
- &expName, (gss_OID)GSS_C_NT_EXPORT_NAME,
- &unionName->mech_name);
+ if (mech->gssspi_import_name_by_mech) {
+ major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+ GSS_C_NT_EXPORT_NAME,
+ &unionName->mech_name);
+ } else {
+ major = mech->gss_import_name(minor, &expName,
+ GSS_C_NT_EXPORT_NAME,
+ &unionName->mech_name);
+ }
if (major != GSS_S_COMPLETE)
map_error(minor, mech);
else {
@@ -358,8 +365,14 @@ importExportName(minor, unionName)
*/
expName.length = nameLen;
expName.value = nameLen ? (void *)buf : NULL;
- major = mech->gss_import_name(minor, &expName,
- GSS_C_NULL_OID, &unionName->mech_name);
+ if (mech->gssspi_import_name_by_mech) {
+ major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+ GSS_C_NULL_OID,
+ &unionName->mech_name);
+ } else {
+ major = mech->gss_import_name(minor, &expName,
+ GSS_C_NULL_OID, &unionName->mech_name);
+ }
if (major != GSS_S_COMPLETE) {
map_error(minor, mech);
return (major);
diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
index 8207488..53310dd 100644
--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -82,8 +82,10 @@ gss_ctx_id_t * context_handle;
OM_uint32 status;
char *p;
gss_union_ctx_id_t ctx;
+ gss_ctx_id_t mctx;
gss_buffer_desc token;
gss_OID selected_mech = GSS_C_NO_OID;
+ gss_OID public_mech;
gss_mechanism mech;
status = val_imp_sec_ctx_args(minor_status,
@@ -144,15 +146,22 @@ gss_ctx_id_t * context_handle;
status = GSS_S_BAD_MECH;
goto error_out;
}
- if (!mech->gss_import_sec_context) {
+ if (!mech->gssspi_import_sec_context_by_mech &&
+ !mech->gss_import_sec_context) {
status = GSS_S_UNAVAILABLE;
goto error_out;
}
- status = mech->gss_import_sec_context(minor_status,
- &token, &ctx->internal_ctx_id);
-
+ if (mech->gssspi_import_sec_context_by_mech) {
+ public_mech = gssint_get_public_oid(selected_mech);
+ status = mech->gssspi_import_sec_context_by_mech(minor_status,
+ public_mech,
+ &token, &mctx);
+ } else {
+ status = mech->gss_import_sec_context(minor_status, &token, &mctx);
+ }
if (status == GSS_S_COMPLETE) {
+ ctx->internal_ctx_id = mctx;
ctx->loopback = ctx;
*context_handle = (gss_ctx_id_t)ctx;
return (GSS_S_COMPLETE);
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index fbd0b07..b4cc4da 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -690,6 +690,9 @@ build_dynamicMech(void *dl, const gss_OID mech_type)
/* RFC 5587 */
GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_attrs_for_mech);
GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
+ GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
+ GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
+ GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);
assert(mech_type != GSS_C_NO_OID);
@@ -785,6 +788,9 @@ build_interMech(void *dl, const gss_OID mech_type)
/* RFC 5587 */
RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_attrs_for_mech);
RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _acquire_cred_with_password);
+ RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_sec_context_by_mech);
+ RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_name_by_mech);
+ RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_cred_by_mech);
mech->mech_type = *mech_type;
return mech;
diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
index 2d0fd4a..9e02474 100644
--- a/src/lib/gssapi/mechglue/mglueP.h
+++ b/src/lib/gssapi/mechglue/mglueP.h
@@ -649,6 +649,31 @@ typedef struct gss_config {
gss_cred_id_t * /* cred_handle */
/* */);
+ OM_uint32 (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* desired_mech */
+ gss_buffer_t, /* interprocess_token */
+ gss_ctx_id_t * /* context_handle */
+ /* */);
+
+ OM_uint32 (KRB5_CALLCONV *gssspi_import_name_by_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* mech_type */
+ gss_buffer_t, /* input_name_buffer */
+ gss_OID, /* input_name_type */
+ gss_name_t* /* output_name */
+ /* */);
+
+ OM_uint32 (KRB5_CALLCONV *gssspi_import_cred_by_mech)
+ (
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* mech_type */
+ gss_buffer_t, /* token */
+ gss_cred_id_t * /* cred_handle */
+ /* */);
+
} *gss_mechanism;
/*
More information about the cvs-krb5
mailing list