krb5 commit: Import names immediately with COMPOSITE_EXPORT
Greg Hudson
ghudson at mit.edu
Thu Mar 12 18:42:32 EDT 2015
https://github.com/krb5/krb5/commit/29dec110c43ae9cebdcd935906a3131ca9ac0c99
commit 29dec110c43ae9cebdcd935906a3131ca9ac0c99
Author: Solly Ross <sross at redhat.com>
Date: Thu Mar 5 13:22:58 2015 -0500
Import names immediately with COMPOSITE_EXPORT
RFC 6680 specifies that GSS_Export_name_composite() "outputs a token that
"can be imported with GSS_Import_name(), using GSS_C_NT_COMPOSITE_EXPORT
as the name type...". Therefore, in the gss_import_name mechglue, we
should perform the import process imediately when either
GSS_C_NT_COMPOSITE_EXPORT or GSS_C_NT_EXPORT_NAME are used (not just
for the later, as is the current functionality).
The naming extension test was also updated to display the result
of importing with GSS_C_NT_COMPOSITE_EXPORT in addition to
GSS_C_NT_EXPORT_NAME.
[ghudson at mit.edu: minor style changes]
ticket: 8153 (new)
target_version: 1.13.2
tags: pullup
src/lib/gssapi/mechglue/g_imp_name.c | 15 ++++++++-------
src/tests/gssapi/t_export_name.c | 17 ++++++++++++++---
src/tests/gssapi/t_gssapi.py | 5 +++++
src/tests/gssapi/t_namingexts.c | 24 ++++++++++++++++++++++++
4 files changed, 51 insertions(+), 10 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c
index b2c5091..374965b 100644
--- a/src/lib/gssapi/mechglue/g_imp_name.c
+++ b/src/lib/gssapi/mechglue/g_imp_name.c
@@ -36,7 +36,7 @@
#include <errno.h>
/* local function to import GSS_C_EXPORT_NAME names */
-static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t);
+static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t, gss_OID);
static OM_uint32
val_imp_name_args(
@@ -151,8 +151,9 @@ gss_name_t * output_name;
* do however make this an MN for names of GSS_C_NT_EXPORT_NAME type.
*/
if (input_name_type != GSS_C_NULL_OID &&
- g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
- major_status = importExportName(minor_status, union_name);
+ (g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME) ||
+ g_OID_equal(input_name_type, GSS_C_NT_COMPOSITE_EXPORT))) {
+ major_status = importExportName(minor_status, union_name, input_name_type);
if (major_status != GSS_S_COMPLETE)
goto allocation_failure;
}
@@ -188,9 +189,10 @@ static const unsigned int mechOidLenLen = 2;
static const unsigned int nameTypeLenLen = 2;
static OM_uint32
-importExportName(minor, unionName)
+importExportName(minor, unionName, inputNameType)
OM_uint32 *minor;
gss_union_name_t unionName;
+ gss_OID inputNameType;
{
gss_OID_desc mechOid;
gss_buffer_desc expName;
@@ -263,11 +265,10 @@ importExportName(minor, unionName)
if (mech->gss_export_name) {
if (mech->gssspi_import_name_by_mech) {
major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
- GSS_C_NT_EXPORT_NAME,
+ inputNameType,
&unionName->mech_name);
} else {
- major = mech->gss_import_name(minor, &expName,
- GSS_C_NT_EXPORT_NAME,
+ major = mech->gss_import_name(minor, &expName, inputNameType,
&unionName->mech_name);
}
if (major != GSS_S_COMPLETE)
diff --git a/src/tests/gssapi/t_export_name.c b/src/tests/gssapi/t_export_name.c
index 676ac54..5f3eccf 100644
--- a/src/tests/gssapi/t_export_name.c
+++ b/src/tests/gssapi/t_export_name.c
@@ -57,6 +57,8 @@ main(int argc, char *argv[])
gss_OID mech = (gss_OID)gss_mech_krb5;
gss_name_t name, mechname, impname;
gss_buffer_desc buf, buf2;
+ krb5_boolean use_composite = FALSE;
+ gss_OID ntype;
const char *name_arg;
char opt;
@@ -68,6 +70,8 @@ main(int argc, char *argv[])
mech = &mech_krb5;
else if (opt == 's')
mech = &mech_spnego;
+ else if (opt == 'c')
+ use_composite = TRUE;
else
usage();
}
@@ -81,13 +85,20 @@ main(int argc, char *argv[])
/* Canonicalize and export the name. */
major = gss_canonicalize_name(&minor, name, mech, &mechname);
check_gsserr("gss_canonicalize_name", major, minor);
- major = gss_export_name(&minor, mechname, &buf);
+ if (use_composite)
+ major = gss_export_name_composite(&minor, mechname, &buf);
+ else
+ major = gss_export_name(&minor, mechname, &buf);
check_gsserr("gss_export_name", major, minor);
/* Import and re-export the name, and compare the results. */
- major = gss_import_name(&minor, &buf, GSS_C_NT_EXPORT_NAME, &impname);
+ ntype = use_composite ? GSS_C_NT_COMPOSITE_EXPORT : GSS_C_NT_EXPORT_NAME;
+ major = gss_import_name(&minor, &buf, ntype, &impname);
check_gsserr("gss_export_name", major, minor);
- major = gss_export_name(&minor, impname, &buf2);
+ if (use_composite)
+ major = gss_export_name_composite(&minor, mechname, &buf2);
+ else
+ major = gss_export_name(&minor, mechname, &buf2);
check_gsserr("gss_export_name", major, minor);
if (buf.length != buf2.length ||
memcmp(buf.value, buf2.value, buf.length) != 0) {
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
index 4da7d62..395187d 100755
--- a/src/tests/gssapi/t_gssapi.py
+++ b/src/tests/gssapi/t_gssapi.py
@@ -191,6 +191,11 @@ output = realm.run(['./t_export_name', '-s', 'p:a at b'])
if output != '0401000806062B060105050200000003614062\n':
fail('Unexpected output from t_export_name (SPNEGO krb5 principal)')
+# Test that composite-export tokens can be imported.
+output = realm.run(['./t_export_name', '-c', 'p:a at b'])
+if (output != '0402000B06092A864886F7120102020000000361406200000000\n'):
+ fail('Unexpected output from t_export_name (using COMPOSITE_EXPORT)')
+
# Test gss_inquire_mechs_for_name behavior.
krb5_mech = '{ 1 2 840 113554 1 2 2 }'
spnego_mech = '{ 1 3 6 1 5 5 2 }'
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index c7bfe3e..739592b 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -32,11 +32,26 @@
static int use_spnego = 0;
static void
+display_name(const char *tag, gss_name_t name)
+{
+ OM_uint32 major, minor;
+ gss_buffer_desc buf;
+
+ major = gss_display_name(&minor, name, &buf, NULL);
+ check_gsserr("gss_display_name", major, minor);
+
+ printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value);
+
+ (void)gss_release_buffer(&minor, &buf);
+}
+
+static void
test_export_import_name(gss_name_t name)
{
OM_uint32 major, minor;
gss_buffer_desc exported_name = GSS_C_EMPTY_BUFFER;
gss_name_t imported_name = GSS_C_NO_NAME;
+ gss_name_t imported_name_comp = GSS_C_NO_NAME;
unsigned int i;
major = gss_export_name_composite(&minor, name, &exported_name);
@@ -53,6 +68,10 @@ test_export_import_name(gss_name_t name)
major = gss_import_name(&minor, &exported_name, GSS_C_NT_EXPORT_NAME,
&imported_name);
check_gsserr("gss_import_name", major, minor);
+
+ major = gss_import_name(&minor, &exported_name, GSS_C_NT_COMPOSITE_EXPORT,
+ &imported_name_comp);
+ check_gsserr("gss_import_name", major, minor);
(void)gss_release_buffer(&minor, &exported_name);
printf("\n");
@@ -60,7 +79,12 @@ test_export_import_name(gss_name_t name)
printf("Re-imported attributes:\n\n");
enumerate_attributes(imported_name, 0);
+ display_name("Re-imported (as composite) name", imported_name_comp);
+ printf("Re-imported (as composite) attributes:\n\n");
+ enumerate_attributes(imported_name_comp, 0);
+
(void)gss_release_name(&minor, &imported_name);
+ (void)gss_release_name(&minor, &imported_name_comp);
}
static void
More information about the cvs-krb5
mailing list