Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/crypto/dist/heimdal/lib/gssapi Backout previous pullup; ...
details: https://anonhg.NetBSD.org/src/rev/237334a1e421
branches: netbsd-1-5
changeset: 490485:237334a1e421
user: jhawk <jhawk%NetBSD.org@localhost>
date: Thu Jan 25 13:55:57 2001 +0000
description:
Backout previous pullup; should have been relative to the head of the
HEIMDAL branch, not to rev 1.1.
diffstat:
crypto/dist/heimdal/lib/gssapi/acquire_cred.c | 61 +------
crypto/dist/heimdal/lib/gssapi/gssapi.h | 42 +---
crypto/dist/heimdal/lib/gssapi/init_sec_context.c | 202 +++------------------
crypto/dist/heimdal/lib/gssapi/release_cred.c | 4 +-
4 files changed, 43 insertions(+), 266 deletions(-)
diffs (truncated from 458 to 300 lines):
diff -r 4578f8de2ec0 -r 237334a1e421 crypto/dist/heimdal/lib/gssapi/acquire_cred.c
--- a/crypto/dist/heimdal/lib/gssapi/acquire_cred.c Thu Jan 25 07:40:04 2001 +0000
+++ b/crypto/dist/heimdal/lib/gssapi/acquire_cred.c Thu Jan 25 13:55:57 2001 +0000
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: acquire_cred.c,v 1.1.1.1.2.1 2001/01/25 07:33:37 jhawk Exp $");
+RCSID("$Id: acquire_cred.c,v 1.1.1.1.2.2 2001/01/25 13:55:57 jhawk Exp $");
OM_uint32 gss_acquire_cred
(OM_uint32 * minor_status,
@@ -48,67 +48,21 @@
{
gss_cred_id_t handle;
OM_uint32 ret;
- krb5_principal def_princ;
- krb5_ccache ccache;
- krb5_error_code pret = -1, kret = 0;
- krb5_keytab kt;
- krb5_creds cred;
- krb5_get_init_creds_opt opt;
handle = (gss_cred_id_t)malloc(sizeof(*handle));
if (handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_FAILURE;
}
- memset(handle, 0, sizeof (*handle));
ret = gss_duplicate_name(minor_status, desired_name, &handle->principal);
if (ret) {
return ret;
}
- if (krb5_cc_default(gssapi_krb5_context, &ccache) == 0 &&
- (pret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
- &def_princ)) == 0 &&
- krb5_principal_compare(gssapi_krb5_context, handle->principal,
- def_princ) == TRUE) {
- handle->ccache = ccache;
- handle->keytab = NULL;
- } else {
- kret = krb5_kt_default(gssapi_krb5_context, &kt);
- if (kret != 0)
- goto out;
- krb5_get_init_creds_opt_init(&opt);
- memset(&cred, 0, sizeof(cred));
- kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
- handle->principal, kt, 0, NULL, &opt);
- if (kret != 0) {
- krb5_kt_close(gssapi_krb5_context, kt);
- goto out;
- }
- kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, &ccache);
- if (kret != 0) {
- krb5_kt_close(gssapi_krb5_context, kt);
- goto out;
- }
- kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
- if (kret != 0) {
- krb5_kt_close(gssapi_krb5_context, kt);
- krb5_cc_close(gssapi_krb5_context, ccache);
- goto out;
- }
- kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
- if (kret != 0) {
- krb5_kt_close(gssapi_krb5_context, kt);
- krb5_cc_close(gssapi_krb5_context, ccache);
- goto out;
- }
- handle->ccache = ccache;
- handle->keytab = kt;
- }
-
-
/* XXX */
handle->lifetime = time_req;
+
+ handle->keytab = NULL;
handle->usage = cred_usage;
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
@@ -129,14 +83,5 @@
*output_cred_handle = handle;
-out:
- if (pret == 0)
- krb5_free_principal(gssapi_krb5_context, def_princ);
-
- if (kret != 0) {
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
-
return GSS_S_COMPLETE;
}
diff -r 4578f8de2ec0 -r 237334a1e421 crypto/dist/heimdal/lib/gssapi/gssapi.h
--- a/crypto/dist/heimdal/lib/gssapi/gssapi.h Thu Jan 25 07:40:04 2001 +0000
+++ b/crypto/dist/heimdal/lib/gssapi/gssapi.h Thu Jan 25 13:55:57 2001 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: gssapi.h,v 1.1.1.1.2.1 2001/01/25 07:33:42 jhawk Exp $ */
+/* $Id: gssapi.h,v 1.1.1.1.2.2 2001/01/25 13:55:58 jhawk Exp $ */
#ifndef GSSAPI_H_
#define GSSAPI_H_
@@ -55,8 +55,6 @@
typedef u_int32_t OM_uint32;
-typedef u_int32_t gss_uint32;
-
/*
* This is to avoid having to include <krb5.h>
*/
@@ -90,9 +88,6 @@
} gss_OID_set_desc, *gss_OID_set;
struct krb5_keytab_data;
-struct krb5_ccache_data;
-
-struct krb5_ccache_data;
typedef int gss_cred_usage_t;
@@ -102,7 +97,6 @@
OM_uint32 lifetime;
gss_cred_usage_t usage;
gss_OID_set mechanisms;
- struct krb5_ccache_data *ccache;
} gss_cred_id_t_desc;
typedef gss_cred_id_t_desc *gss_cred_id_t;
@@ -259,30 +253,10 @@
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
* corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)). The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc. This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}. The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 2(gss-host-based-services)}. The constant
+ * GSS_C_NT_HOSTBASED_SERVICE should be initialized to point
+ * to that gss_OID_desc.
*/
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
@@ -321,10 +295,6 @@
extern gss_OID GSS_KRB5_MECHANISM;
-/* for compatibility with MIT api */
-
-#define gss_mech_krb5 GSS_KRB5_MECHANISM
-
/* Major status codes */
#define GSS_S_COMPLETE 0
diff -r 4578f8de2ec0 -r 237334a1e421 crypto/dist/heimdal/lib/gssapi/init_sec_context.c
--- a/crypto/dist/heimdal/lib/gssapi/init_sec_context.c Thu Jan 25 07:40:04 2001 +0000
+++ b/crypto/dist/heimdal/lib/gssapi/init_sec_context.c Thu Jan 25 13:55:57 2001 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: init_sec_context.c,v 1.1.1.1.2.1 2001/01/25 07:33:46 jhawk Exp $");
+RCSID("$Id: init_sec_context.c,v 1.1.1.1.2.2 2001/01/25 13:55:58 jhawk Exp $");
static OM_uint32
init_auth
@@ -63,9 +63,7 @@
krb5_data authenticator;
Checksum cksum;
krb5_enctype enctype;
- krb5_data fwd_data;
- krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
@@ -95,66 +93,7 @@
goto failure;
}
- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS &&
- input_chan_bindings->application_data.length ==
- 2 * sizeof((*context_handle)->auth_context->local_port)) {
- /* Port numbers are expected to be in application_data.value,
- * initator's port first */
-
- krb5_address initiator_addr, acceptor_addr;
-
- memset(&initiator_addr, 0, sizeof(initiator_addr));
- memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-
- (*context_handle)->auth_context->local_port =
- *(int16_t *) input_chan_bindings->application_data.value;
-
- (*context_handle)->auth_context->remote_port =
- *((int16_t *) input_chan_bindings->application_data.value + 1);
-
- kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
- &input_chan_bindings->acceptor_address,
- (*context_handle)->auth_context->remote_port,
- &acceptor_addr);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_BAD_BINDINGS;
- goto failure;
- }
-
- kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
- &input_chan_bindings->initiator_address,
- (*context_handle)->auth_context->local_port,
- &initiator_addr);
- if (kret) {
- krb5_free_address (gssapi_krb5_context, &acceptor_addr);
- *minor_status = kret;
- ret = GSS_S_BAD_BINDINGS;
- goto failure;
- }
-
- kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &initiator_addr, /* local address */
- &acceptor_addr); /* remote address */
-
- krb5_free_address (gssapi_krb5_context, &initiator_addr);
- krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-
-#if 0
- free(input_chan_bindings->application_data.value);
- input_chan_bindings->application_data.value = NULL;
- input_chan_bindings->application_data.length = 0;
-#endif
-
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_BAD_BINDINGS;
- goto failure;
- }
- }
-
- {
+ {
int32_t tmp;
krb5_auth_con_getflags(gssapi_krb5_context,
@@ -169,15 +108,36 @@
if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM;
- if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
- kret = krb5_cc_default (gssapi_krb5_context, &ccache);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
- } else
- ccache = initiator_cred_handle->ccache;
+ flags = 0;
Home |
Main Index |
Thread Index |
Old Index