Add SPI calls to import objects by mech oid

An interposer mech needs to be able to handle multiple mechanisms. When importing a mech token for a name, cred, or context, the interposer mech needs to know the mech type of the token being imported. To make this work, add SPI calls which accept a mech type argument. [ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
author: Simo Sorce <simo@redhat.com> 2012-08-28 16:47:23 +0200
committer: Greg Hudson <ghudson@mit.edu> 2012-10-02 00:54:36 -0400
commit: a71abbaf9a6757d4728fe01dae23289765790df6 (patch)
tree: bcd88799e9e0a854127ca5f4c85a308555c285a2 /src/lib/gssapi
parent: e40dc3cedbcee397526f797c4465927bc5f91aea (diff)
download: krb5-a71abbaf9a6757d4728fe01dae23289765790df6.tar.gz
krb5-a71abbaf9a6757d4728fe01dae23289765790df6.tar.xz
krb5-a71abbaf9a6757d4728fe01dae23289765790df6.zip
6 files changed, 85 insertions, 17 deletions
diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c
index e9ff4c8075..e438a032ca 100644
--- a/src/lib/gssapi/mechglue/g_glue.c
+++ b/src/lib/gssapi/mechglue/g_glue.c
@@ -358,6 +358,7 @@ gss_name_t	*internal_name;
 {
     OM_uint32		status, tmpMinor;
     gss_mechanism	mech;
+    gss_OID		public_mech;
 
     mech = gssint_get_mechanism (mech_type);
     if (mech == NULL)
@@ -381,13 +382,19 @@ gss_name_t	*internal_name;
 	}
     }
 
-    if (mech->gss_import_name == NULL)
+    if (mech->gssspi_import_name_by_mech) {
+	public_mech = gssint_get_public_oid(mech_type);
+	status = mech->gssspi_import_name_by_mech(minor_status, public_mech,
+						  union_name->external_name,
+						  union_name->name_type,
+						  internal_name);
+    } else if (mech->gss_import_name) {
+	status = mech->gss_import_name(minor_status, union_name->external_name,
+				       union_name->name_type, internal_name);
+    } else {
 	return (GSS_S_UNAVAILABLE);
+    }
 
-    status = mech->gss_import_name(minor_status,
-				   union_name->external_name,
-				   union_name->name_type,
-				   internal_name);
     if (status == GSS_S_COMPLETE) {
         /* Attempt to round-trip attributes */
 	(void) import_internal_attributes(&tmpMinor, mech,
diff --git a/src/lib/gssapi/mechglue/g_imp_cred.c b/src/lib/gssapi/mechglue/g_imp_cred.c
index 1611daf043..77e2ff55ce 100644
--- a/src/lib/gssapi/mechglue/g_imp_cred.c
+++ b/src/lib/gssapi/mechglue/g_imp_cred.c
@@ -134,11 +134,19 @@ gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
         if (status != GSS_S_COMPLETE)
             goto error;
         mech = gssint_get_mechanism(selected_mech);
-        if (mech == NULL || mech->gss_import_cred == NULL) {
+        if (mech == NULL || (mech->gss_import_cred == NULL &&
+                             mech->gssspi_import_cred_by_mech == NULL)) {
             status = GSS_S_DEFECTIVE_TOKEN;
             goto error;
         }
-        status = mech->gss_import_cred(minor_status, &mech_token, &mech_cred);
+        if (mech->gssspi_import_cred_by_mech) {
+            status = mech->gssspi_import_cred_by_mech(minor_status,
+                                        gssint_get_public_oid(selected_mech),
+                                        &mech_token, &mech_cred);
+        } else {
+            status = mech->gss_import_cred(minor_status, &mech_token,
+                                           &mech_cred);
+        }
         if (status != GSS_S_COMPLETE) {
             map_error(minor_status, mech);
             goto error;
diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c
index 8fcc3d0f26..b2c5091fde 100644
--- a/src/lib/gssapi/mechglue/g_imp_name.c
+++ b/src/lib/gssapi/mechglue/g_imp_name.c
@@ -250,7 +250,8 @@ importExportName(minor, unionName)
     if ((mech = gssint_get_mechanism(&mechOid)) == NULL)
 	return (GSS_S_BAD_MECH);
 
-    if (mech->gss_import_name == NULL)
+    if (mech->gssspi_import_name_by_mech == NULL &&
+	mech->gss_import_name == NULL)
 	return (GSS_S_UNAVAILABLE);
 
     /*
@@ -260,9 +261,15 @@ importExportName(minor, unionName)
      * have created it.
      */
     if (mech->gss_export_name) {
-	major = mech->gss_import_name(minor,
-				      &expName, (gss_OID)GSS_C_NT_EXPORT_NAME,
-				      &unionName->mech_name);
+	if (mech->gssspi_import_name_by_mech) {
+	    major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+						     GSS_C_NT_EXPORT_NAME,
+						     &unionName->mech_name);
+	} else {
+	    major = mech->gss_import_name(minor, &expName,
+					  GSS_C_NT_EXPORT_NAME,
+					  &unionName->mech_name);
+	}
 	if (major != GSS_S_COMPLETE)
 	    map_error(minor, mech);
 	else {
@@ -358,8 +365,14 @@ importExportName(minor, unionName)
      */
     expName.length = nameLen;
     expName.value = nameLen ? (void *)buf : NULL;
-    major = mech->gss_import_name(minor, &expName,
-				  GSS_C_NULL_OID, &unionName->mech_name);
+    if (mech->gssspi_import_name_by_mech) {
+	major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+						 GSS_C_NULL_OID,
+						 &unionName->mech_name);
+    } else {
+	major = mech->gss_import_name(minor, &expName,
+				      GSS_C_NULL_OID, &unionName->mech_name);
+    }
     if (major != GSS_S_COMPLETE) {
 	map_error(minor, mech);
 	return (major);
diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
index 8207488aaa..53310ddcea 100644
--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -82,8 +82,10 @@ gss_ctx_id_t *		context_handle;
     OM_uint32		status;
     char		*p;
     gss_union_ctx_id_t	ctx;
+    gss_ctx_id_t	mctx;
     gss_buffer_desc	token;
     gss_OID		selected_mech = GSS_C_NO_OID;
+    gss_OID		public_mech;
     gss_mechanism	mech;
 
     status = val_imp_sec_ctx_args(minor_status,
@@ -144,15 +146,22 @@ gss_ctx_id_t *		context_handle;
 	status = GSS_S_BAD_MECH;
 	goto error_out;
     }
-    if (!mech->gss_import_sec_context) {
+    if (!mech->gssspi_import_sec_context_by_mech &&
+	!mech->gss_import_sec_context) {
 	status = GSS_S_UNAVAILABLE;
 	goto error_out;
     }
 
-    status = mech->gss_import_sec_context(minor_status,
-					  &token, &ctx->internal_ctx_id);
-
+    if (mech->gssspi_import_sec_context_by_mech) {
+	public_mech = gssint_get_public_oid(selected_mech);
+	status = mech->gssspi_import_sec_context_by_mech(minor_status,
+							 public_mech,
+							 &token, &mctx);
+    } else {
+	status = mech->gss_import_sec_context(minor_status, &token, &mctx);
+    }
     if (status == GSS_S_COMPLETE) {
+	ctx->internal_ctx_id = mctx;
 	ctx->loopback = ctx;
 	*context_handle = (gss_ctx_id_t)ctx;
 	return (GSS_S_COMPLETE);
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index fbd0b07e63..b4cc4da628 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -690,6 +690,9 @@ build_dynamicMech(void *dl, const gss_OID mech_type)
         /* RFC 5587 */
         GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_attrs_for_mech);
 	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);
 
 	assert(mech_type != GSS_C_NO_OID);
 
@@ -785,6 +788,9 @@ build_interMech(void *dl, const gss_OID mech_type)
 	/* RFC 5587 */
 	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_attrs_for_mech);
 	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _acquire_cred_with_password);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_sec_context_by_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_name_by_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_cred_by_mech);
 
 	mech->mech_type = *mech_type;
 	return mech;
diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
index 2d0fd4a834..9e02474a82 100644
--- a/src/lib/gssapi/mechglue/mglueP.h
+++ b/src/lib/gssapi/mechglue/mglueP.h
@@ -649,6 +649,31 @@ typedef struct gss_config {
 		gss_cred_id_t *		/* cred_handle */
 	/* */);
 
+	OM_uint32       (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_OID,			/* desired_mech */
+	    gss_buffer_t,		/* interprocess_token */
+	    gss_ctx_id_t *		/* context_handle */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gssspi_import_name_by_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_OID,			/* mech_type */
+	    gss_buffer_t,		/* input_name_buffer */
+	    gss_OID,			/* input_name_type */
+	    gss_name_t*			/* output_name */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gssspi_import_cred_by_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_OID,			/* mech_type */
+	    gss_buffer_t,		/* token */
+	    gss_cred_id_t *		/* cred_handle */
+	/* */);
+
 } *gss_mechanism;
 
 /*
author	Simo Sorce <simo@redhat.com>	2012-08-28 16:47:23 +0200
committer	Greg Hudson <ghudson@mit.edu>	2012-10-02 00:54:36 -0400
commit	a71abbaf9a6757d4728fe01dae23289765790df6 (patch)
tree	bcd88799e9e0a854127ca5f4c85a308555c285a2 /src/lib/gssapi
parent	e40dc3cedbcee397526f797c4465927bc5f91aea (diff)
download	krb5-a71abbaf9a6757d4728fe01dae23289765790df6.tar.gz krb5-a71abbaf9a6757d4728fe01dae23289765790df6.tar.xz krb5-a71abbaf9a6757d4728fe01dae23289765790df6.zip