Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP1:Update
gssproxy
0001-Add-support-for-the-NO_CI_FLAG-credentials...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Add-support-for-the-NO_CI_FLAG-credentials-option.REVERT of Package gssproxy
From 7150e488e0f7b2a3bbc55f24a8ebd8e0dce4796a Mon Sep 17 00:00:00 2001 From: Simo Sorce <simo@redhat.com> Date: Fri, 3 Mar 2017 16:10:58 -0500 Subject: [PATCH] Add support for the NO_CI_FLAG credentials option Signed-off-by: Simo Sorce <simo@redhat.com> Closes #160 Reviewed-by: Robbie Harwood <rharwood@redhat.com> PR: #163 --- src/gp_export.c | 18 ------------- src/gp_util.c | 14 ++++------ src/mechglue/gpp_creds.c | 64 ++++++++++++++++++----------------------------- 3 files changed, 31 insertions(+), 65 deletions(-) --- a/src/gp_export.c +++ b/src/gp_export.c @@ -389,7 +389,6 @@ done: } #define KRB5_SET_ALLOWED_ENCTYPE "krb5_set_allowed_enctype_values" -#define KRB5_SET_NO_CI_FLAGS "krb5_set_no_ci_flags" static void gp_set_cred_options(gssx_cred *cred, gss_cred_id_t gss_cred) { @@ -397,7 +396,6 @@ static void gp_set_cred_options(gssx_cre struct gssx_option *op; uint32_t num_ktypes = 0; krb5_enctype *ktypes; - bool no_ci_flags = false; uint32_t maj, min; int i, j; @@ -413,12 +411,6 @@ static void gp_set_cred_options(gssx_cre num_ktypes = op->value.octet_string_len / sizeof(krb5_enctype); ktypes = (krb5_enctype *)op->value.octet_string_val; break; - } else if ((op->option.octet_string_len == - sizeof(KRB5_SET_NO_CI_FLAGS)) && - (strncmp(KRB5_SET_NO_CI_FLAGS, - op->option.octet_string_val, - op->option.octet_string_len) == 0)) { - no_ci_flags = true; } } } @@ -430,16 +422,6 @@ static void gp_set_cred_options(gssx_cre GPDEBUG("Failed to set allowable enctypes\n"); } } - - if (no_ci_flags) { - gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER; - maj = gss_set_cred_option(&min, &gss_cred, - discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X), - &empty_buffer); - if (maj != GSS_S_COMPLETE) { - GPDEBUG("Failed to set NO CI Flags\n"); - } - } } uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, --- a/src/gp_util.c +++ b/src/gp_util.c @@ -160,15 +160,13 @@ uint32_t gp_add_option(gssx_option **opt memcpy(opt.option.octet_string_val, option, option_len); opt.option.octet_string_len = option_len; - if (value_len != 0) { - opt.value.octet_string_val = malloc(value_len); - if (!opt.value.octet_string_val) { - ret = ENOMEM; - goto done; - } - memcpy(opt.value.octet_string_val, value, value_len); - opt.value.octet_string_len = value_len; + opt.value.octet_string_val = malloc(value_len); + if (!opt.value.octet_string_val) { + ret = ENOMEM; + goto done; } + memcpy(opt.value.octet_string_val, value, value_len); + opt.value.octet_string_len = value_len; out = realloc(*options_val, (*options_len + 1) * sizeof(gssx_option)); if (!out) { --- a/src/mechglue/gpp_creds.c +++ b/src/mechglue/gpp_creds.c @@ -561,9 +561,12 @@ static uint32_t gpp_set_opt_allowable_en struct gpp_allowable_enctypes *ae; struct gssx_cred_element *ce = NULL; gss_OID_desc mech; + gssx_option *to; + gssx_buffer *tb; + int i; /* Find the first element that matches one of the krb related OIDs */ - for (unsigned i = 0; i < cred->elements.elements_len; i++) { + for (i = 0; i < cred->elements.elements_len; i++) { gp_conv_gssx_to_oid(&cred->elements.elements_val[i].mech, &mech); if (gpp_is_krb5_oid(&mech)) { ce = &cred->elements.elements_val[i]; @@ -576,51 +579,36 @@ static uint32_t gpp_set_opt_allowable_en return GSS_S_FAILURE; } - ae = (struct gpp_allowable_enctypes *)value->value; - *min = gp_add_option(&ce->options.options_val, - &ce->options.options_len, - KRB5_SET_ALLOWED_ENCTYPE, - sizeof(KRB5_SET_ALLOWED_ENCTYPE), - ae->ktypes, - sizeof(krb5_enctype) * ae->num_ktypes); - if (*min != 0) { + to = realloc(ce->options.options_val, + sizeof(gssx_option) * (ce->options.options_len + 1)); + if (!to) { + *min = ENOMEM; return GSS_S_FAILURE; } + ce->options.options_val = to; + i = ce->options.options_len; - return GSS_S_COMPLETE; -} - -#define KRB5_SET_NO_CI_FLAGS "krb5_set_no_ci_flags" - -static uint32_t gpp_set_no_ci_flags(uint32_t *min, gssx_cred *cred, - const gss_buffer_t value) -{ - struct gssx_cred_element *ce = NULL; - gss_OID_desc mech; - - /* Find the first element that matches one of the krb related OIDs */ - for (unsigned i = 0; i < cred->elements.elements_len; i++) { - gp_conv_gssx_to_oid(&cred->elements.elements_val[i].mech, &mech); - if (gpp_is_krb5_oid(&mech)) { - ce = &cred->elements.elements_val[i]; - break; - } - } - - if (!ce) { - *min = EINVAL; + tb = &ce->options.options_val[i].option; + tb->octet_string_len = sizeof(KRB5_SET_ALLOWED_ENCTYPE); + tb->octet_string_val = strdup(KRB5_SET_ALLOWED_ENCTYPE); + if (!tb->octet_string_val) { + *min = ENOMEM; return GSS_S_FAILURE; } - *min = gp_add_option(&ce->options.options_val, - &ce->options.options_len, - KRB5_SET_NO_CI_FLAGS, - sizeof(KRB5_SET_NO_CI_FLAGS), - NULL, 0); - if (*min != 0) { + ae = (struct gpp_allowable_enctypes *)value->value; + tb = &ce->options.options_val[i].value; + tb->octet_string_len = sizeof(krb5_enctype) * ae->num_ktypes; + tb->octet_string_val = malloc(tb->octet_string_len); + if (!tb->octet_string_val) { + *min = ENOMEM; return GSS_S_FAILURE; } + memcpy(tb->octet_string_val, ae->ktypes, tb->octet_string_len); + + ce->options.options_len++; + *min = 0; return GSS_S_COMPLETE; } @@ -632,8 +620,6 @@ static uint32_t gpp_remote_options(uint3 if (gss_oid_equal(&gpp_allowed_enctypes_oid, desired_object)) { maj = gpp_set_opt_allowable_entypes(min, cred, value); - } else if (gss_oid_equal(GSS_KRB5_CRED_NO_CI_FLAGS_X, desired_object)) { - maj = gpp_set_no_ci_flags(min, cred, value); } return maj;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor