gss: remove superfluous SPNEGO cred wrappers

author Luke Howard <lukeh@padl.com>

Mon, 13 Apr 2020 10:51:44 +0000 (20:51 +1000)

committer Luke Howard <lukeh@padl.com>

Mon, 13 Apr 2020 11:06:37 +0000 (21:06 +1000)
author Luke Howard <lukeh@padl.com>
Mon, 13 Apr 2020 10:51:44 +0000 (20:51 +1000)
committer Luke Howard <lukeh@padl.com>
Mon, 13 Apr 2020 11:06:37 +0000 (21:06 +1000)
diff --git a/lib/gssapi/spnego/cred_stubs.c b/lib/gssapi/spnego/cred_stubs.c

index 7d3399ab9dfd6702b0afa582a0d2d54fe635ab86..0124c8f44d39c984ba1b5676d3ea3e4fd6259565 100644 (file)
--- a/lib/gssapi/spnego/cred_stubs.c
+++ b/lib/gssapi/spnego/cred_stubs.c
@@ -33,23 +33,6 @@
  #include "spnego_locl.h"
  #include <gssapi_mech.h>
  
-OM_uint32 GSSAPI_CALLCONV
-_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
-{
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
-       return GSS_S_COMPLETE;
-
-    ret = gss_release_cred(minor_status, cred_handle);
-
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    return ret;
-}
-
  /*
   * For now, just a simple wrapper that avoids recursion. When
   * we support gss_{get,set}_neg_mechs() we will need to expose
@@ -95,6 +78,11 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
              gss_OID_set * mechanisms
             )
  {
+    /*
+     * A wrapper around the mechglue is required to error out
+     * where cred_handle == GSS_C_NO_CREDENTIAL, otherwise we
+     * would infinitely recurse.
+     */
      if (cred_handle == GSS_C_NO_CREDENTIAL) {
         *minor_status = 0;
         return GSS_S_NO_CRED;
@@ -114,30 +102,12 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
              gss_cred_usage_t * cred_usage
             )
  {
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       *minor_status = 0;
-       return GSS_S_NO_CRED;
-    }
-
-    return gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type,
-                                  name, initiator_lifetime,
-                                  acceptor_lifetime, cred_usage);
-}
-
-OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
-           (OM_uint32 * minor_status,
-            gss_const_cred_id_t cred_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       *minor_status = 0;
-       return GSS_S_NO_CRED;
-    }
-
-    return gss_inquire_cred_by_oid(minor_status, cred_handle,
-                                  desired_object, data_set);
+    /* Similar to _gss_spnego_inquire_cred(), wrapper is required */
+    heim_assert(gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM),
+               "Mechglue called inquire_cred_by_mech with wrong OID");
  
+    *minor_status = 0;
+    return GSS_S_BAD_MECH;
  }
  
  OM_uint32 GSSAPI_CALLCONV
@@ -146,6 +116,7 @@ _gss_spnego_set_cred_option (OM_uint32 *minor_status,
                              const gss_OID object,
                              const gss_buffer_t value)
  {
+    /* Similar to _gss_spnego_inquire_cred(), wrapper is required */
      if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
         *minor_status = 0;
         return GSS_S_NO_CRED;
@@ -158,23 +129,6 @@ _gss_spnego_set_cred_option (OM_uint32 *minor_status,
  }
  
  
-OM_uint32 GSSAPI_CALLCONV
-_gss_spnego_export_cred (OM_uint32 *minor_status,
-                        gss_cred_id_t cred_handle,
-                        gss_buffer_t value)
-{
-    return gss_export_cred(minor_status, cred_handle, value);
-}
-
-OM_uint32 GSSAPI_CALLCONV
-_gss_spnego_import_cred (OM_uint32 *minor_status,
-                        gss_buffer_t value,
-                        gss_cred_id_t *cred_handle)
-{
-    return gss_import_cred(minor_status, value, cred_handle);
-}
-
-
  OM_uint32 GSSAPI_CALLCONV
  _gss_spnego_set_neg_mechs (OM_uint32 *minor_status,
                            gss_cred_id_t cred_handle,
diff --git a/lib/gssapi/spnego/external.c b/lib/gssapi/spnego/external.c

index b1393f9d5c3e0219c733059efeea0b84e4c06791..eeefa6a71581f515b26317b816c7e12a4962e99f 100644 (file)
--- a/lib/gssapi/spnego/external.c
+++ b/lib/gssapi/spnego/external.c
@@ -90,7 +90,7 @@ static gssapi_mech_interface_desc spnego_mech = {
      {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") },
      0,
      NULL, /* gm_acquire_cred */
-    _gss_spnego_release_cred,
+    gss_release_cred,
      _gss_spnego_init_sec_context,
      _gss_spnego_accept_sec_context,
      _gss_spnego_process_context_token,
@@ -119,7 +119,7 @@ static gssapi_mech_interface_desc spnego_mech = {
      _gss_spnego_canonicalize_name,
      _gss_spnego_duplicate_name,
      _gss_spnego_inquire_sec_context_by_oid,
-    _gss_spnego_inquire_cred_by_oid,
+    gss_inquire_cred_by_oid,
      _gss_spnego_set_sec_context_option,
      _gss_spnego_set_cred_option,
      _gss_spnego_pseudo_random,
@@ -127,8 +127,8 @@ static gssapi_mech_interface_desc spnego_mech = {
      _gss_spnego_unwrap_iov,
      _gss_spnego_wrap_iov_length,
      NULL,
-    _gss_spnego_export_cred,
-    _gss_spnego_import_cred,
+    gss_export_cred,
+    gss_import_cred,
      _gss_spnego_acquire_cred_from,
      NULL,
      NULL,
author	Luke Howard <lukeh@padl.com>
	Mon, 13 Apr 2020 10:51:44 +0000 (20:51 +1000)
committer	Luke Howard <lukeh@padl.com>
	Mon, 13 Apr 2020 11:06:37 +0000 (21:06 +1000)
lib/gssapi/spnego/cred_stubs.c		patch \| blob \| history
lib/gssapi/spnego/external.c		patch \| blob \| history