diff options
| author | Simo Sorce <simo@redhat.com> | 2012-06-15 14:43:07 -0400 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2012-06-26 14:44:44 +0200 |
| commit | 80d7f68e49c58db3b63b12849cac6429af347f0f (patch) | |
| tree | f5522903370fcd99131f86ae44b4e3874b75e197 | |
| parent | e3a355d5f2a46f90aa13653c0178442d84e7d1d3 (diff) | |
| download | gss-proxy-80d7f68e49c58db3b63b12849cac6429af347f0f.tar.gz gss-proxy-80d7f68e49c58db3b63b12849cac6429af347f0f.tar.xz gss-proxy-80d7f68e49c58db3b63b12849cac6429af347f0f.zip | |
WIP: Add name handlers
| -rw-r--r-- | proxy/src/mechglue/gpm_import_and_canon_name.c | 29 | ||||
| -rw-r--r-- | proxy/src/mechglue/gpm_init_sec_context.c | 6 | ||||
| -rw-r--r-- | proxy/src/mechglue/gpp_acquire_cred.c | 14 | ||||
| -rw-r--r-- | proxy/src/mechglue/gpp_import_and_canon_name.c | 2 | ||||
| -rw-r--r-- | proxy/src/mechglue/gpp_init_sec_context.c | 31 | ||||
| -rw-r--r-- | proxy/src/mechglue/gss_plugin.c | 41 | ||||
| -rw-r--r-- | proxy/src/mechglue/gss_plugin.h | 2 | ||||
| -rw-r--r-- | proxy/src/mechglue/gssapi_gpm.h | 6 |
8 files changed, 93 insertions, 38 deletions
diff --git a/proxy/src/mechglue/gpm_import_and_canon_name.c b/proxy/src/mechglue/gpm_import_and_canon_name.c index c18b52a..fb78abb 100644 --- a/proxy/src/mechglue/gpm_import_and_canon_name.c +++ b/proxy/src/mechglue/gpm_import_and_canon_name.c @@ -26,14 +26,12 @@ #include "gssapi_gpm.h" OM_uint32 gpm_display_name(OM_uint32 *minor_status, - gss_name_t input_name, + gssx_name *in_name, gss_buffer_t output_name_buffer, gss_OID *output_name_type) { gss_buffer_desc input_name_buffer = GSS_C_EMPTY_BUFFER; gssx_name *output_name = NULL; - gss_name_t tmp; - gssx_name *name; uint32_t ret_maj; uint32_t ret_min; uint32_t discard; @@ -44,46 +42,43 @@ OM_uint32 gpm_display_name(OM_uint32 *minor_status, } *minor_status = 0; - if (!input_name) { + if (!in_name) { return GSS_S_CALL_INACCESSIBLE_READ; } if (!output_name_buffer || !output_name_type) { return GSS_S_CALL_INACCESSIBLE_WRITE; } - name = (gssx_name *)input_name; - - if (name->display_name.octet_string_len == 0) { - if (name->exported_name.octet_string_len == 0) { + if (in_name->display_name.octet_string_len == 0) { + if (in_name->exported_name.octet_string_len == 0) { return GSS_S_BAD_NAME; } - gp_conv_gssx_to_buffer(&name->exported_name, &input_name_buffer); - tmp = (gss_name_t)output_name; + gp_conv_gssx_to_buffer(&in_name->exported_name, &input_name_buffer); ret_maj = gpm_import_name(&ret_min, &input_name_buffer, - GSS_C_NT_EXPORT_NAME, &tmp); + GSS_C_NT_EXPORT_NAME, &output_name); if (ret_maj) { goto done; } /* steal display_name and name_type */ - name->display_name = output_name->display_name; + in_name->display_name = output_name->display_name; output_name->display_name.octet_string_len = 0; output_name->display_name.octet_string_val = NULL; - name->name_type = output_name->name_type; + in_name->name_type = output_name->name_type; output_name->name_type.octet_string_len = 0; output_name->name_type.octet_string_val = NULL; } - ret = gp_copy_gssx_to_buffer(&name->display_name, output_name_buffer); + ret = gp_copy_gssx_to_buffer(&in_name->display_name, output_name_buffer); if (ret) { ret_min = ret; ret_maj = GSS_S_FAILURE; goto done; } - ret = gp_conv_gssx_to_oid_alloc(&name->name_type, output_name_type); + ret = gp_conv_gssx_to_oid_alloc(&in_name->name_type, output_name_type); if (ret) { gss_release_buffer(&discard, output_name_buffer); ret_min = ret; @@ -106,7 +101,7 @@ done: OM_uint32 gpm_import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer, gss_OID input_name_type, - gss_name_t *output_name) + gssx_name **output_name) { gssx_name *name; int ret; @@ -142,7 +137,7 @@ OM_uint32 gpm_import_name(OM_uint32 *minor_status, return GSS_S_FAILURE; } - *output_name = (gss_name_t)name; + *output_name = name; return GSS_S_COMPLETE; } diff --git a/proxy/src/mechglue/gpm_init_sec_context.c b/proxy/src/mechglue/gpm_init_sec_context.c index ab6ed80..12df858 100644 --- a/proxy/src/mechglue/gpm_init_sec_context.c +++ b/proxy/src/mechglue/gpm_init_sec_context.c @@ -29,7 +29,7 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, gssx_cred *cred_handle, gssx_ctx **context_handle, - gss_name_t target_name, + gssx_name *target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, @@ -63,9 +63,7 @@ OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, arg->context_handle = *context_handle; } - if (target_name != GSS_C_NO_NAME) { - arg->target_name = (gssx_name *)target_name; - } + arg->target_name = target_name; ret = gp_conv_oid_to_gssx(mech_type, &arg->mech_type); if (ret) { diff --git a/proxy/src/mechglue/gpp_acquire_cred.c b/proxy/src/mechglue/gpp_acquire_cred.c index acd9fc2..c0d3c1f 100644 --- a/proxy/src/mechglue/gpp_acquire_cred.c +++ b/proxy/src/mechglue/gpp_acquire_cred.c @@ -66,7 +66,7 @@ OM_uint32 gssi_add_cred(OM_uint32 *minor_status, maj = gpm_add_cred(&min, input_cred_handle, - desired_name, + (gssx_name *)desired_name, desired_mech, cred_usage, initiator_time_req, @@ -90,9 +90,10 @@ OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status, gss_OID_set *actual_mechs, OM_uint32 *time_rec) { + gssx_name *name = (gssx_name *)desired_name; + gss_name_t mech_name = GSS_C_NO_NAME; struct gpm_cred_handle *cred_handle; gss_cred_id_t local_cred_handle; - gss_name_t mech_name = GSS_C_NO_NAME; gss_OID_set special_mechs; gss_OID_set ret_mechs; OM_uint32 maj, min; @@ -112,12 +113,11 @@ OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (desired_name) { - gssx_name *name = (gssx_name *)desired_name; - - maj = gp_conv_gssx_to_name(&min, name, &mech_name); + if (name) { + maj = gpm_name_to_local(&min, name, GSS_C_NO_OID, &mech_name); if (maj) { - return GSS_S_FAILURE; + *minor_status = gpm_map_error(min); + return maj; } } diff --git a/proxy/src/mechglue/gpp_import_and_canon_name.c b/proxy/src/mechglue/gpp_import_and_canon_name.c index 69ecaee..51a1b9d 100644 --- a/proxy/src/mechglue/gpp_import_and_canon_name.c +++ b/proxy/src/mechglue/gpp_import_and_canon_name.c @@ -51,7 +51,7 @@ OM_uint32 gssi_import_name(OM_uint32 *minor_status, maj = gpm_import_name(&min, input_name_buffer, input_name_type, - output_name); + (gssx_name **)output_name); *minor_status = gpm_map_error(min); return maj; diff --git a/proxy/src/mechglue/gpp_init_sec_context.c b/proxy/src/mechglue/gpp_init_sec_context.c index 80bab99..b258d4c 100644 --- a/proxy/src/mechglue/gpp_init_sec_context.c +++ b/proxy/src/mechglue/gpp_init_sec_context.c @@ -41,6 +41,8 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, { struct gpm_context_handle *ctx_handle = NULL; struct gpm_cred_handle *cred_handle = NULL; + gssx_name *name = (gssx_name *)target_name; + gss_name_t mech_name = GSS_C_NO_NAME; gss_cred_id_t local_cred_handle = GSS_C_NO_CREDENTIAL; gssx_cred *remote_cred_handle = NULL; OM_uint32 maj, min; @@ -76,14 +78,22 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, if (mech_type == GSS_C_NO_OID) { /* shouldn't happen, but if it does we need to return an error * or we might just loop */ - *minor_status = 0; - return GSS_S_BAD_MECH; + min = 0; + maj = GSS_S_BAD_MECH; + goto done; + } + + if (name) { + maj = gpm_name_to_local(&min, name, mech_type, &mech_name); + if (maj) { + goto done; + } } maj = gss_init_sec_context(&min, local_cred_handle, &ctx_handle->local_ctx_handle, - target_name, + mech_name, gpm_special_mech(mech_type), req_flags, time_req, @@ -93,12 +103,14 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, output_token, ret_flags, time_rec); + + (void)gss_release_name(&min, &mech_name); } else { maj = gpm_init_sec_context(&min, remote_cred_handle, &ctx_handle->remote_ctx_handle, - target_name, + name, mech_type, req_flags, time_req, @@ -110,7 +122,14 @@ OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, time_rec); } - *context_handle = (gss_ctx_id_t)ctx_handle; - *minor_status = gpm_map_error(min); +done: + if (maj) { + if (!*context_handle) { + free(ctx_handle); + } + *minor_status = gpm_map_error(min); + } else { + *context_handle = (gss_ctx_id_t)ctx_handle; + } return maj; } diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c index fd976a5..c73cadd 100644 --- a/proxy/src/mechglue/gss_plugin.c +++ b/proxy/src/mechglue/gss_plugin.c @@ -250,6 +250,47 @@ uint32_t gpm_unmap_error(uint32_t err) return err; } +uint32_t gpm_name_to_local(uint32_t *minor, gssx_name *name, + gss_OID mech_type, gss_name_t *mech_name) +{ + uint32_t maj, min; + gss_buffer_desc display_name_buffer = GSS_C_EMPTY_BUFFER; + gss_OID display_name_type = GSS_C_NO_OID; + gss_name_t tmpname = NULL; + + maj = gpm_display_name(minor, name, + &display_name_buffer, + &display_name_type); + if (maj) { + return maj; + } + + maj = gss_import_name(minor, + &display_name_buffer, + display_name_type, + &tmpname); + + (void)gss_release_buffer(&min, &display_name_buffer); + (void)gss_release_oid(&min, &display_name_type); + + if (maj) { + return maj; + } + + if (mech_type != GSS_C_NO_OID) { + /* name for specific mech requested */ + maj = gss_canonicalize_name(minor, + tmpname, + gpm_special_mech(mech_type), + mech_name); + (void)gss_release_name(&min, &tmpname); + } else { + *mech_name = tmpname; + } + + return maj; +} + /* gssi_acquire_cred gssi_release_cred diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h index 921bcd3..49d8175 100644 --- a/proxy/src/mechglue/gss_plugin.h +++ b/proxy/src/mechglue/gss_plugin.h @@ -45,6 +45,8 @@ const gss_OID gpm_special_mech(const gss_OID mech_type); gss_OID_set gpm_special_available_mechs(const gss_OID_set mechs); uint32_t gpm_map_error(uint32_t err); uint32_t gpm_unmap_error(uint32_t err); +uint32_t gpm_name_to_local(uint32_t *minor, gssx_name *name, + gss_OID mech_type, gss_name_t *mech_name); OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status, const gss_name_t desired_name, diff --git a/proxy/src/mechglue/gssapi_gpm.h b/proxy/src/mechglue/gssapi_gpm.h index e4281d2..0bb8d1e 100644 --- a/proxy/src/mechglue/gssapi_gpm.h +++ b/proxy/src/mechglue/gssapi_gpm.h @@ -123,13 +123,13 @@ OM_uint32 gpm_indicate_mechs_by_attrs(OM_uint32 *minor_status, gss_OID_set *mechs); OM_uint32 gpm_display_name(OM_uint32 *minor_status, - gss_name_t input_name, + gssx_name *in_name, gss_buffer_t output_name_buffer, gss_OID *output_name_type); OM_uint32 gpm_import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer, gss_OID input_name_type, - gss_name_t *output_name); + gssx_name **output_name); OM_uint32 gpm_export_name(OM_uint32 *minor_status, const gss_name_t input_name, gss_buffer_t exported_name); @@ -149,7 +149,7 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status, OM_uint32 gpm_init_sec_context(OM_uint32 *minor_status, gssx_cred *cred_handle, gssx_ctx **context_handle, - gss_name_t target_name, + gssx_name *target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, |