krb5 commit: Simplify SPNEGO get_available_mechs()
Greg Hudson
ghudson at mit.edu
Sat Nov 23 13:31:17 EST 2019
https://github.com/krb5/krb5/commit/74132a3b59956db5c43efd2909a14392cfa7289c
commit 74132a3b59956db5c43efd2909a14392cfa7289c
Author: Luke Howard <lukeh at padl.com>
Date: Thu Nov 21 17:45:46 2019 -0500
Simplify SPNEGO get_available_mechs()
Exclude all negotiation mechanisms when getting the set of available
mechs, avoiding the need to make a copy and specifically exclude
SPNEGO.
[ghudson at mit.edu: extracted this from a larger commit and wrote commit
message]
src/lib/gssapi/spnego/spnego_mech.c | 52 +++++++++-------------------------
1 files changed, 14 insertions(+), 38 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 9123d9c..de46225 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -3099,57 +3099,33 @@ get_available_mechs(OM_uint32 *minor_status,
gss_const_key_value_set_t cred_store,
gss_cred_id_t *creds, gss_OID_set *rmechs, OM_uint32 *time_rec)
{
- unsigned int i;
- int found = 0;
OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
gss_OID_set mechs, goodmechs;
gss_OID_set_desc except_attrs;
- gss_OID_desc attr_oids[2];
+ gss_OID_desc attr_oids[3];
+
+ *rmechs = GSS_C_NO_OID_SET;
attr_oids[0] = *GSS_C_MA_DEPRECATED;
attr_oids[1] = *GSS_C_MA_NOT_DFLT_MECH;
- except_attrs.count = 2;
+ attr_oids[2] = *GSS_C_MA_MECH_NEGO; /* Exclude ourselves */
+ except_attrs.count = sizeof(attr_oids) / sizeof(attr_oids[0]);
except_attrs.elements = attr_oids;
major_status = gss_indicate_mechs_by_attrs(minor_status,
GSS_C_NO_OID_SET,
&except_attrs,
GSS_C_NO_OID_SET, &mechs);
- if (major_status != GSS_S_COMPLETE) {
- return (major_status);
- }
-
- major_status = gss_create_empty_oid_set(minor_status, rmechs);
-
- if (major_status != GSS_S_COMPLETE) {
- (void) gss_release_oid_set(minor_status, &mechs);
- return (major_status);
- }
-
- for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) {
- if ((mechs->elements[i].length
- != spnego_mechanism.mech_type.length) ||
- memcmp(mechs->elements[i].elements,
- spnego_mechanism.mech_type.elements,
- spnego_mechanism.mech_type.length)) {
-
- major_status = gss_add_oid_set_member(minor_status,
- &mechs->elements[i],
- rmechs);
- if (major_status == GSS_S_COMPLETE)
- found++;
- }
- }
-
/*
* If the caller wanted a list of creds returned,
* trim the list of mechanisms down to only those
* for which the creds are valid.
*/
- if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) {
+ if (mechs->count > 0 && major_status == GSS_S_COMPLETE &&
+ creds != NULL) {
major_status = gss_acquire_cred_from(minor_status, name,
GSS_C_INDEFINITE,
- *rmechs, usage,
+ mechs, usage,
cred_store, creds,
&goodmechs, time_rec);
@@ -3157,16 +3133,16 @@ get_available_mechs(OM_uint32 *minor_status,
* Drop the old list in favor of the new
* "trimmed" list.
*/
- (void) gss_release_oid_set(&tmpmin, rmechs);
if (major_status == GSS_S_COMPLETE) {
- (void) gssint_copy_oid_set(&tmpmin,
- goodmechs, rmechs);
- (void) gss_release_oid_set(&tmpmin, &goodmechs);
+ (void) gss_release_oid_set(&tmpmin, &mechs);
+ mechs = goodmechs;
}
}
- (void) gss_release_oid_set(&tmpmin, &mechs);
- if (found == 0 || major_status != GSS_S_COMPLETE) {
+ if (mechs->count > 0 && major_status == GSS_S_COMPLETE) {
+ *rmechs = mechs;
+ } else {
+ (void) gss_release_oid_set(&tmpmin, &mechs);
*minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
map_errcode(minor_status);
if (major_status == GSS_S_COMPLETE)
More information about the cvs-krb5
mailing list