Hello community, here is the log from the commit of package libgssglue for openSUSE:Factory checked in at Tue Jun 28 10:03:59 CEST 2011.
-------- --- libgssglue/libgssglue.changes 2010-10-31 19:03:42.000000000 +0100 +++ /mounts/work_src_done/STABLE/libgssglue/libgssglue.changes 2011-05-23 16:20:04.000000000 +0200 @@ -1,0 +2,11 @@ +Mon May 23 16:19:42 CEST 2011 - [email protected] + +- Release 0.2 + - Modify the gss_acquire_cred() code to accept, and + properly handle, an input name of GSS_C_NO_NAME. + Other misc. changes to support this change. + - Remove some generated files from git. Change + autogen.sh to clean up files that might become + outdated and incompatible. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- libgssglue-0.1.tar.bz2 libgssglue-fclose.patch New: ---- libgssglue-0.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgssglue.spec ++++++ --- /var/tmp/diff_new_pack.uRFT0F/_old 2011-06-28 10:03:07.000000000 +0200 +++ /var/tmp/diff_new_pack.uRFT0F/_new 2011-06-28 10:03:07.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libgssglue (Version 0.1) +# spec file for package libgssglue # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,8 +21,8 @@ Name: libgssglue Url: http://www.citi.umich.edu/projects/nfsv4/linux Summary: Generic GSSAPI Library -Version: 0.1 -Release: 16 +Version: 0.2 +Release: 1 Group: Development/Libraries/C and C++ License: BSD3c(or similar) ; MIT License (or similar) BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -31,7 +31,6 @@ PreReq: %fillup_prereq %insserv_prereq AutoReqProv: on Source: %{name}-%{version}.tar.bz2 -Patch: %{name}-fclose.patch %description This library exports a gssapi interface, but does not implement any @@ -88,7 +87,6 @@ %prep %setup -q -%patch %build %{?suse_update_config:%{suse_update_config -f }} ++++++ libgssglue-0.1.tar.bz2 -> libgssglue-0.2.tar.bz2 ++++++ ++++ 69004 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/ChangeLog new/libgssglue-0.2/ChangeLog --- old/libgssglue-0.1/ChangeLog 2007-09-04 15:43:16.000000000 +0200 +++ new/libgssglue-0.2/ChangeLog 2011-03-17 00:31:46.000000000 +0100 @@ -1,3 +1,13 @@ +2011-03-16: kwc + Release 0.2 + Changes since libgssglue-0.1: + - Modify the gss_acquire_cred() code to accept, and + properly handle, an input name of GSS_C_NO_NAME. + Other misc. changes to support this change. + - Remove some generated files from git. Change + autogen.sh to clean up files that might become + outdated and incompatible. + 2007-09-04: kwc Release 0.1 (of libgssglue) * **************************************** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/configure.in new/libgssglue-0.2/configure.in --- old/libgssglue-0.1/configure.in 2007-09-02 23:31:51.000000000 +0200 +++ new/libgssglue-0.2/configure.in 2011-03-17 00:31:46.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT(libgssglue, 0.1, [email protected]) +AC_INIT(libgssglue, 0.2, [email protected]) AC_CONFIG_SRCDIR([src/g_accept_sec_context.c]) AM_INIT_AUTOMAKE AM_PROG_LIBTOOL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/debian/libgssapi2.install new/libgssglue-0.2/debian/libgssapi2.install --- old/libgssglue-0.1/debian/libgssapi2.install 2007-09-04 16:15:26.000000000 +0200 +++ new/libgssglue-0.2/debian/libgssapi2.install 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -doc/gssapi_mech.conf etc -debian/tmp/usr/lib/lib*.so.* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/missing new/libgssglue-0.2/missing --- old/libgssglue-0.1/missing 2007-09-04 15:39:45.000000000 +0200 +++ new/libgssglue-0.2/missing 2011-03-17 00:39:27.000000000 +0100 @@ -1,10 +1,10 @@ #! /bin/sh # Common stub for a few missing GNU programs while installing. -scriptversion=2005-06-08.21 +scriptversion=2009-04-28.21; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 -# Free Software Foundation, Inc. +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, +# 2008, 2009 Free Software Foundation, Inc. # Originally by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify @@ -18,9 +18,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see <http://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -33,6 +31,8 @@ fi run=: +sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' +sed_minuso='s/.* -o \([^ ]*\).*/\1/p' # In the cases where this matters, `missing' is being run in the # srcdir already. @@ -44,7 +44,7 @@ msg="missing on your system" -case "$1" in +case $1 in --run) # Try to run requested program, and just exit if it succeeds. run= @@ -77,6 +77,7 @@ aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' + autom4te touch the output file, or create a stub one automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c @@ -86,6 +87,9 @@ tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch] +Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and +\`g' are ignored when checking the name. + Send bug reports to <[email protected]>." exit $? ;; @@ -103,15 +107,22 @@ esac +# normalize program name to check for. +program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + # Now exit if we have it, but it failed. Also exit now if we # don't have it and --version was passed (most likely to detect -# the program). -case "$1" in - lex|yacc) +# the program). This is about non-GNU programs, so use $1 not +# $program. +case $1 in + lex*|yacc*) # Not GNU programs, they don't have --version. ;; - tar) + tar*) if test -n "$run"; then echo 1>&2 "ERROR: \`tar' requires --run" exit 1 @@ -135,7 +146,7 @@ # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. -case "$1" in +case $program in aclocal*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if @@ -145,7 +156,7 @@ touch aclocal.m4 ;; - autoconf) + autoconf*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`${configure_ac}'. You might want to install the @@ -154,7 +165,7 @@ touch configure ;; - autoheader) + autoheader*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want @@ -164,7 +175,7 @@ test -z "$files" && files="config.h" touch_files= for f in $files; do - case "$f" in + case $f in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; @@ -184,7 +195,7 @@ while read f; do touch "$f"; done ;; - autom4te) + autom4te*) echo 1>&2 "\ WARNING: \`$1' is needed, but is $msg. You might have modified some files without having the @@ -192,8 +203,8 @@ You can get \`$1' as part of \`Autoconf' from any GNU archive site." - file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` - test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else @@ -207,80 +218,78 @@ fi ;; - bison|yacc) + bison*|yacc*) echo 1>&2 "\ WARNING: \`$1' $msg. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h - if [ $# -ne 1 ]; then + if test $# -ne 1; then eval LASTARG="\${$#}" - case "$LASTARG" in + case $LASTARG in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if [ -f "$SRCFILE" ]; then + if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if [ -f "$SRCFILE" ]; then + if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.h fi ;; esac fi - if [ ! -f y.tab.h ]; then + if test ! -f y.tab.h; then echo >y.tab.h fi - if [ ! -f y.tab.c ]; then + if test ! -f y.tab.c; then echo 'main() { return 0; }' >y.tab.c fi ;; - lex|flex) + lex*|flex*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c - if [ $# -ne 1 ]; then + if test $# -ne 1; then eval LASTARG="\${$#}" - case "$LASTARG" in + case $LASTARG in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if [ -f "$SRCFILE" ]; then + if test -f "$SRCFILE"; then cp "$SRCFILE" lex.yy.c fi ;; esac fi - if [ ! -f lex.yy.c ]; then + if test ! -f lex.yy.c; then echo 'main() { return 0; }' >lex.yy.c fi ;; - help2man) + help2man*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the \`Help2man' package in order for those modifications to take effect. You can get \`Help2man' from any GNU archive site." - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` - fi - if [ -f "$file" ]; then + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" - exit 1 + exit $? fi ;; - makeinfo) + makeinfo*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file @@ -289,11 +298,17 @@ DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -z "$file"; then # ... or it is the one specified with @setfilename ... infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile` + file=`sed -n ' + /^@setfilename/{ + s/.* \([^ ]*\) *$/\1/ + p + q + }' $infile` # ... or it is derived from the source name (dir/f.texi becomes f.info) test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info fi @@ -303,7 +318,7 @@ touch $file ;; - tar) + tar*) shift # We have already tried tar in the generic part. @@ -317,13 +332,13 @@ fi firstarg="$1" if shift; then - case "$firstarg" in + case $firstarg in *o*) firstarg=`echo "$firstarg" | sed s/o//` tar "$firstarg" "$@" && exit 0 ;; esac - case "$firstarg" in + case $firstarg in *h*) firstarg=`echo "$firstarg" | sed s/h//` tar "$firstarg" "$@" && exit 0 @@ -356,5 +371,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/src/g_acquire_cred.c new/libgssglue-0.2/src/g_acquire_cred.c --- old/libgssglue-0.1/src/g_acquire_cred.c 2006-04-01 00:05:14.000000000 +0200 +++ new/libgssglue-0.2/src/g_acquire_cred.c 2011-03-17 00:31:46.000000000 +0100 @@ -1,4 +1,4 @@ -/* #ident "@(#)gss_acquire_cred.c 1.19 95/08/07 SMI" */ +/* #pragma ident "@(#)g_acquire_cred.c 1.22 04/02/23 SMI" */ /* * Copyright 1996 by Sun Microsystems, Inc. @@ -25,6 +25,9 @@ /* * glue routine for gss_acquire_cred */ +// Define these away +#define map_errcode(code) +#define map_error(code, mech) #include "mglueP.h" #include <stdio.h> @@ -35,35 +38,51 @@ #include <errno.h> #include <time.h> -static gss_OID_set -create_actual_mechs(creds) - gss_union_cred_t creds; +static OM_uint32 +val_acq_cred_args( + OM_uint32 *minor_status, + gss_name_t desired_name, + OM_uint32 time_req, + gss_OID_set desired_mechs, + int cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) { - gss_OID_set actual_mechs; - int i; - actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); - if (!actual_mechs) - return NULL; + /* Initialize outputs. */ - actual_mechs->elements = (gss_OID) - malloc(sizeof(gss_OID_desc) * creds->count); - if (!actual_mechs->elements) { - free(actual_mechs); - return NULL; - } + if (minor_status != NULL) + *minor_status = 0; + + if (output_cred_handle != NULL) + *output_cred_handle = GSS_C_NO_CREDENTIAL; + + if (actual_mechs != NULL) + *actual_mechs = GSS_C_NULL_OID_SET; + + if (time_rec != NULL) + *time_rec = 0; - actual_mechs->count = creds->count; + /* Validate arguments. */ - for (i=0; i < creds->count; i++) { - actual_mechs->elements[i].length = creds->mechs_array[i].length; - actual_mechs->elements[i].elements = (void *) - malloc(creds->mechs_array[i].length); - memcpy(actual_mechs->elements[i].elements, - creds->mechs_array[i].elements, creds->mechs_array[i].length); + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (output_cred_handle == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (cred_usage != GSS_C_ACCEPT + && cred_usage != GSS_C_INITIATE + && cred_usage != GSS_C_BOTH) { + if (minor_status) { + *minor_status = EINVAL; + map_errcode(minor_status); + } + return GSS_S_FAILURE; } - return actual_mechs; + return (GSS_S_COMPLETE); } @@ -87,303 +106,176 @@ OM_uint32 * time_rec; { - OM_uint32 status, temp_minor_status, temp_time_rec = ~0; - unsigned int i, j, creds_acquired = 0; - int k; - gss_union_name_t union_name; - gss_name_t internal_name; - gss_union_cred_t creds; - gss_OID_set_desc default_OID_set; - gss_OID_desc default_OID; - gss_OID specific_mech_type = 0; - gss_mechanism mech; - - /* - * This struct is used to keep track of which mech_types are - * actually available and to store the credentials returned - * from them by each mechanism specific gss_acquire_cred() call. - * The results are used to construct the final union_cred - * structure returned by the glue layer gss_acquire_cred() call - * and the actual_mechs gss_OID_set returned. - */ + OM_uint32 major = GSS_S_FAILURE; + OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE; + gss_OID_set_desc default_OID_set; + gss_OID_set mechs; + gss_OID_desc default_OID; + gss_mechanism mech; + unsigned int i; + gss_union_cred_t creds; + + major = val_acq_cred_args(minor_status, + desired_name, + time_req, + desired_mechs, + cred_usage, + output_cred_handle, + actual_mechs, + time_rec); + if (major != GSS_S_COMPLETE) + return (major); - struct creds_returned { - unsigned char available; - gss_cred_id_t cred; - } *creds_returned; - - GSS_INITIALIZE; - - /* Set this to NULL for now */ - - if (actual_mechs) - *actual_mechs = GSS_C_NULL_OID_SET; - - if (minor_status) - *minor_status = 0; - - /* No need to continue if we don't have a place to store the creds */ - if (output_cred_handle == NULL) - return GSS_S_COMPLETE; - - /* get desired_name cast as a union_name type */ - - union_name = (gss_union_name_t) desired_name; - - if (union_name) - specific_mech_type = union_name->mech_type; + /* Initial value needed below. */ + major = GSS_S_FAILURE; /* * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an - * appropriate default. + * appropriate default. We use the first mechanism in the + * mechansim list as the default. This set is created with + * statics thus needs not be freed */ if(desired_mechs == GSS_C_NULL_OID_SET) { - /* - * If union_name->mech_type is NULL then we get the default - * mechanism; otherwise, we get the mechanism for the - * mechanism-specific name. - */ - mech = __gss_get_mechanism(specific_mech_type); + mech = __gss_get_mechanism(NULL); if (mech == NULL) return (GSS_S_BAD_MECH); - desired_mechs = &default_OID_set; - default_OID_set.count = 1 ; + mechs = &default_OID_set; + default_OID_set.count = 1; default_OID_set.elements = &default_OID; default_OID.length = mech->mech_type.length; default_OID.elements = mech->mech_type.elements; - } + } else + mechs = desired_mechs; - /* - * Now allocate the creds returned array. There is one element - * for each member of the desired_mechs argument. - */ + if (mechs->count == 0) + return (GSS_S_BAD_MECH); - creds_returned = (struct creds_returned *) - malloc(sizeof(struct creds_returned) * desired_mechs->count); - - /* - * For each requested mechanism in desired_mechs, determine if it - * is supported. If so, mark the corresponding element in - * creds_returned->available as 1 and call the mechanism - * specific gss_acquire_cred(), placing the returned cred in - * creds_returned->cred. If not, mark creds_returned->available as - * 0. - */ - status = GSS_S_BAD_MECH; - for (j=0; j < desired_mechs->count; j++) { - creds_returned[j].available = 0; - - mech = __gss_get_mechanism (&desired_mechs->elements[j]); - if (!mech || !mech->gss_acquire_cred) - continue; - /* - * If this is a mechanism-specific name, then only use the - * mechanism of the name. - */ - if (specific_mech_type && !g_OID_equal(specific_mech_type, - &mech->mech_type)) - continue; - /* - * If this is not a mechanism-specific name, then we need to - * do an import the external name in union_name first. - */ - if (union_name == 0) - internal_name = (gss_name_t) 0; - else if (!union_name->mech_type) { - if (__gss_import_internal_name(&temp_minor_status, - &mech->mech_type, - union_name, &internal_name)) { - continue; + /* allocate the output credential structure */ + creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc)); + if (creds == NULL) + return (GSS_S_FAILURE); + + /* initialize to 0s */ + (void) memset(creds, 0, sizeof (gss_union_cred_desc)); + + /* for each requested mech attempt to obtain a credential */ + for (i = 0; i < mechs->count; i++) { + major = gss_add_cred(minor_status, (gss_cred_id_t)creds, + desired_name, + &mechs->elements[i], + cred_usage, time_req, time_req, NULL, + NULL, &initTimeOut, &acceptTimeOut); + if (major == GSS_S_COMPLETE) { + /* update the credential's time */ + if (cred_usage == GSS_C_ACCEPT) { + if (outTime > acceptTimeOut) + outTime = acceptTimeOut; + } else if (cred_usage == GSS_C_INITIATE) { + if (outTime > initTimeOut) + outTime = initTimeOut; + } else { + /* + * time_rec is the lesser of the + * init/accept times + */ + if (initTimeOut > acceptTimeOut) + outTime = (outTime > acceptTimeOut) ? + acceptTimeOut : outTime; + else + outTime = (outTime > initTimeOut) ? + initTimeOut : outTime; } - } else - internal_name = union_name->mech_name; - - status = mech->gss_acquire_cred(minor_status, - internal_name, time_req, - desired_mechs, cred_usage, - &creds_returned[j].cred, - NULL, &temp_time_rec); - - /* Release the internal name, if allocated above */ - if (union_name && !union_name->mech_type) { - (void) __gss_release_internal_name(&temp_minor_status, - &mech->mech_type, - &internal_name); - } - - if (status != GSS_S_COMPLETE) - continue; - - /* - * Add this into the creds_returned structure, if we got - * a good credential for this mechanism. - */ - if (time_rec) { - *time_rec = *time_rec > temp_time_rec ? temp_time_rec : *time_rec; - temp_time_rec = *time_rec; - } - - creds_returned[j].available = 1; - creds_acquired++; - - /* - * If union_name is set, then we're done. Continue, and - * declare success. Otherwise, if do an inquire credentials - * from the first mechanism that succeeds and use that as the - * union name. - */ - if (union_name) - continue; - - status = mech->gss_inquire_cred(&temp_minor_status, - creds_returned[j].cred, - &internal_name, 0, 0, 0); - if (status) { - /* Should never happen */ - creds_returned[j].available = 0; - creds_acquired--; - if (mech->gss_release_cred) - mech->gss_release_cred(minor_status, - &creds_returned[j].cred); - continue; } + } /* for */ - status = __gss_convert_name_to_union_name(&temp_minor_status, mech, - internal_name, - (gss_name_t *) &union_name); + /* ensure that we have at least one credential element */ + if (creds->count < 1) { + free(creds); + return (major); } /* - * Now allocate the creds struct, which will be cast as a gss_cred_id_t - * and returned in the output_cred_handle argument. If there were - * no credentials found, return an error. Also, allocate the - * actual_mechs data. + * fill in output parameters + * setup the actual mechs output parameter */ - if (creds_acquired == 0) { - free (creds_returned); - return (status); - } - - creds = (gss_union_cred_t) malloc(sizeof(gss_union_cred_desc)); + if (actual_mechs != NULL) { + gss_OID_set_desc oids; - creds->count = creds_acquired; + oids.count = creds->count; + oids.elements = creds->mechs_array; - creds->mechs_array = (gss_OID) - malloc(sizeof(gss_OID_desc) * creds_acquired); + major = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs); + if (GSS_ERROR(major)) { + (void) gss_release_cred(minor_status, + (gss_cred_id_t *)&creds); + return (major); + } + } - creds->cred_array = (gss_cred_id_t *) - malloc(sizeof(gss_cred_id_t) * creds_acquired); + if (time_rec) + *time_rec = outTime; - if(actual_mechs != NULL) { - *actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); - (*actual_mechs)->count = creds_acquired; + *output_cred_handle = (gss_cred_id_t)creds; + return (GSS_S_COMPLETE); +} - (*actual_mechs)->elements = (gss_OID) - malloc(sizeof(gss_OID_desc) * creds_acquired); - } +static OM_uint32 +val_add_cred_args( + OM_uint32 *minor_status, + gss_cred_id_t input_cred_handle, + gss_name_t desired_name, + gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ - /* - * copy the mechanisms found and their allocated credentials into the - * creds structure. At the same time, build up the actual_mechs - * data. - */ + /* Initialize outputs. */ - j = 0; + if (minor_status != NULL) + *minor_status = 0; - for (i=0; i<desired_mechs->count; i++) { - if(creds_returned[i].available) { + if (output_cred_handle != NULL) + *output_cred_handle = GSS_C_NO_CREDENTIAL; - creds->mechs_array[j].length = - desired_mechs->elements[i].length; - creds->mechs_array[j].elements = (void *) - malloc(desired_mechs->elements[i].length); - memcpy(creds->mechs_array[j].elements, - desired_mechs->elements[i].elements, - desired_mechs->elements[i].length); - creds->cred_array[j] = creds_returned[i].cred; - if (actual_mechs) { - (*actual_mechs)->elements[j].length = - desired_mechs->elements[i].length; - (*actual_mechs)->elements[j].elements = (void *) - malloc(desired_mechs->elements[i].length); - memcpy((*actual_mechs)->elements[j].elements, - desired_mechs->elements[i].elements, - desired_mechs->elements[i].length); - } - j++; - } - } + if (actual_mechs != NULL) + *actual_mechs = GSS_C_NO_OID_SET; - /* free the creds_returned struct, since we are done with it. */ + if (acceptor_time_rec != NULL) + *acceptor_time_rec = 0; - free(creds_returned); + if (initiator_time_rec != NULL) + *initiator_time_rec = 0; - /* record the information needed for gss_inquire_cred() */ + /* Validate arguments. */ - creds->auxinfo.creation_time = time(0); - creds->auxinfo.time_rec = temp_time_rec; - creds->auxinfo.cred_usage = cred_usage; + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); - /* - * we can't just record the internal name, desired_name, since - * it may be destroyed between now and the time gss_inquire_cred() - * is called. So we must record the printable name in a - * gss_buffer_t, calling gss_display_name() to fill it in. When - * gss_inquire_name() is called, we must then call gss_import_name() - * to get the internal name that is required at that point. - */ - if (desired_name) { - status = gss_display_name(&temp_minor_status, desired_name, - &creds->auxinfo.name, - &creds->auxinfo.name_type); - if (status) { - status = GSS_S_BAD_NAME; - goto error_out; - } - } else { - status = gss_display_name(&temp_minor_status, union_name, - &creds->auxinfo.name, - &creds->auxinfo.name_type); - if (status) { - status = GSS_S_BAD_NAME; - goto error_out; - } - } + if (input_cred_handle == GSS_C_NO_CREDENTIAL && + output_cred_handle == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED); - /* Release the union name if we obtained it above */ - if (!desired_name && union_name) { - status = gss_release_name(&temp_minor_status, - (gss_name_t *) &union_name); - if (status) { - status = GSS_S_BAD_NAME; - goto error_out; + if (cred_usage != GSS_C_ACCEPT + && cred_usage != GSS_C_INITIATE + && cred_usage != GSS_C_BOTH) { + if (minor_status) { + *minor_status = EINVAL; + map_errcode(minor_status); } + return GSS_S_FAILURE; } - *output_cred_handle = (gss_cred_id_t) creds; - return(GSS_S_COMPLETE); - -error_out: - for (k=0; k < creds->count; k++) { - free(creds->mechs_array[k].elements); - if (actual_mechs) - free((*actual_mechs)->elements[k].elements); - } - - if (actual_mechs) { - free((*actual_mechs)->elements); - free(*actual_mechs); - *actual_mechs = GSS_C_NULL_OID_SET; - } - free(creds->cred_array); - free(creds->mechs_array); - free(creds); - - return(status); + return (GSS_S_COMPLETE); } + /* V2 KRB5_CALLCONV */ OM_uint32 KRB5_CALLCONV gss_add_cred(minor_status, input_cred_handle, @@ -404,39 +296,69 @@ OM_uint32 *acceptor_time_rec; { OM_uint32 status, temp_minor_status; - OM_uint32 time_req = 0, time_rec; + OM_uint32 time_req, time_rec; gss_union_name_t union_name; gss_union_cred_t new_union_cred, union_cred; - gss_name_t internal_name; + gss_name_t internal_name = GSS_C_NO_NAME; + gss_name_t allocated_name = GSS_C_NO_NAME; gss_mechanism mech; - gss_cred_id_t cred; + gss_cred_id_t cred = NULL; gss_OID new_mechs_array = NULL; gss_cred_id_t * new_cred_array = NULL; - if (input_cred_handle == GSS_C_NO_CREDENTIAL) - return GSS_S_NO_CRED; - - union_cred = (gss_union_cred_t) input_cred_handle; + status = val_add_cred_args(minor_status, + input_cred_handle, + desired_name, + desired_mech, + cred_usage, + initiator_time_req, + acceptor_time_req, + output_cred_handle, + actual_mechs, + initiator_time_rec, + acceptor_time_rec); + if (status != GSS_S_COMPLETE) + return (status); mech = __gss_get_mechanism(desired_mech); if (!mech) return GSS_S_BAD_MECH; + else if (!mech->gss_acquire_cred) + return (GSS_S_UNAVAILABLE); + + if (input_cred_handle == GSS_C_NO_CREDENTIAL) { + union_cred = malloc(sizeof (gss_union_cred_desc)); + if (union_cred == NULL) + return (GSS_S_FAILURE); - if (__gss_get_mechanism_cred(union_cred, desired_mech) != - GSS_C_NO_CREDENTIAL) - return GSS_S_DUPLICATE_ELEMENT; - - union_name = (gss_union_name_t) desired_name; - if (union_name->mech_type) { - if (!g_OID_equal(desired_mech, union_name->mech_type)) - return GSS_S_BAD_NAMETYPE; - internal_name = union_name->mech_name; + (void) memset(union_cred, 0, sizeof (gss_union_cred_desc)); + + /* for default credentials we will use GSS_C_NO_NAME */ + internal_name = GSS_C_NO_NAME; } else { - if (__gss_import_internal_name(minor_status, desired_mech, - union_name, &internal_name)) - return (GSS_S_BAD_NAME); + union_cred = (gss_union_cred_t)input_cred_handle; + if (__gss_get_mechanism_cred(union_cred, desired_mech) != + GSS_C_NO_CREDENTIAL) + return (GSS_S_DUPLICATE_ELEMENT); + + /* may need to create a mechanism specific name */ + if (desired_name) { + union_name = (gss_union_name_t)desired_name; + if (union_name->mech_type && + g_OID_equal(union_name->mech_type, + &mech->mech_type)) + internal_name = union_name->mech_name; + else { + if (__gss_import_internal_name(minor_status, + &mech->mech_type, union_name, + &allocated_name) != GSS_S_COMPLETE) + return (GSS_S_BAD_NAME); + internal_name = allocated_name; + } + } } + if (cred_usage == GSS_C_ACCEPT) time_req = acceptor_time_req; else if (cred_usage == GSS_C_INITIATE) @@ -444,27 +366,61 @@ else if (cred_usage == GSS_C_BOTH) time_req = (acceptor_time_req > initiator_time_req) ? acceptor_time_req : initiator_time_req; + else + time_req = 0; status = mech->gss_acquire_cred(minor_status, internal_name, time_req, GSS_C_NULL_OID_SET, cred_usage, &cred, NULL, &time_rec); - if (status != GSS_S_COMPLETE) + + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); goto errout; + } + + /* may need to set credential auxinfo strucutre */ + if (union_cred->auxinfo.creation_time == 0) { + union_cred->auxinfo.creation_time = time(NULL); + union_cred->auxinfo.time_rec = time_rec; + union_cred->auxinfo.cred_usage = cred_usage; + + /* + * we must set the name; if name is not supplied + * we must do inquire cred to get it + */ + if (internal_name == NULL) { + if (mech->gss_inquire_cred == NULL || + ((status = mech->gss_inquire_cred( + &temp_minor_status, cred, + &allocated_name, NULL, NULL, + NULL)) != GSS_S_COMPLETE)) + goto errout; + internal_name = allocated_name; + } + if (internal_name != GSS_C_NO_NAME) { + status = mech->gss_display_name(&temp_minor_status, internal_name, + &union_cred->auxinfo.name, + &union_cred->auxinfo.name_type); + + if (status != GSS_S_COMPLETE) + goto errout; + } + } + + /* now add the new credential elements */ new_mechs_array = (gss_OID) - malloc(sizeof(gss_OID_desc) * (union_cred->count+1)); + malloc(sizeof (gss_OID_desc) * (union_cred->count+1)); new_cred_array = (gss_cred_id_t *) - malloc(sizeof(gss_cred_id_t) * (union_cred->count+1)); + malloc(sizeof (gss_cred_id_t) * (union_cred->count+1)); if (!new_mechs_array || !new_cred_array) { - *minor_status = ENOMEM; status = GSS_S_FAILURE; goto errout; } - if (acceptor_time_rec) if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) *acceptor_time_rec = time_rec; @@ -473,57 +429,80 @@ *initiator_time_rec = time_rec; /* - * OK, expand the mechanism array in the union credentials - * (Look for the union label...) + * OK, expand the mechanism array and the credential array */ - memcpy(new_mechs_array, union_cred->mechs_array, - sizeof(gss_OID_desc) * union_cred->count); - memcpy(new_cred_array, union_cred->cred_array, - sizeof(gss_cred_id_t) * union_cred->count); + (void) memcpy(new_mechs_array, union_cred->mechs_array, + sizeof (gss_OID_desc) * union_cred->count); + (void) memcpy(new_cred_array, union_cred->cred_array, + sizeof (gss_cred_id_t) * union_cred->count); new_cred_array[union_cred->count] = cred; - new_mechs_array[union_cred->count].length = desired_mech->length; - new_mechs_array[union_cred->count].elements = malloc(desired_mech->length); - if (!new_mechs_array[union_cred->count].elements) { - *minor_status = ENOMEM; + if ((new_mechs_array[union_cred->count].elements = + malloc(mech->mech_type.length)) == NULL) goto errout; + + g_OID_copy(&new_mechs_array[union_cred->count], + &mech->mech_type); + + if (actual_mechs != NULL) { + gss_OID_set_desc oids; + + oids.count = union_cred->count + 1; + oids.elements = new_mechs_array; + + status = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs); + if (GSS_ERROR(status)) { + free(new_mechs_array[union_cred->count].elements); + goto errout; + } } - memcpy(new_mechs_array[union_cred->count].elements, desired_mech->elements, - desired_mech->length); if (output_cred_handle == NULL) { free(union_cred->mechs_array); free(union_cred->cred_array); new_union_cred = union_cred; } else { - new_union_cred = malloc(sizeof(gss_union_cred_desc)); + new_union_cred = malloc(sizeof (gss_union_cred_desc)); if (new_union_cred == NULL) { - *minor_status = ENOMEM; + free(new_mechs_array[union_cred->count].elements); goto errout; } *new_union_cred = *union_cred; - *output_cred_handle = new_union_cred; + *output_cred_handle = (gss_cred_id_t)new_union_cred; } + new_union_cred->mechs_array = new_mechs_array; new_union_cred->cred_array = new_cred_array; new_union_cred->count++; - new_mechs_array = 0; - new_cred_array = 0; - if (actual_mechs) - *actual_mechs = create_actual_mechs(new_union_cred); + /* We're done with the internal name. Free it if we allocated it. */ - status = GSS_S_COMPLETE; + if (allocated_name) + (void) __gss_release_internal_name(&temp_minor_status, + &mech->mech_type, + &allocated_name); + + return (GSS_S_COMPLETE); errout: if (new_mechs_array) free(new_mechs_array); if (new_cred_array) free(new_cred_array); - if (!union_name->mech_type) { + + if (cred != NULL && mech->gss_release_cred) + mech->gss_release_cred(&temp_minor_status, &cred); + + if (allocated_name) (void) __gss_release_internal_name(&temp_minor_status, - desired_mech, &internal_name); + &mech->mech_type, + &allocated_name); + + if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred) { + if (union_cred->auxinfo.name.value) + free(union_cred->auxinfo.name.value); + free(union_cred); } - return(status); + return (status); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/src/g_dsp_name.c new/libgssglue-0.2/src/g_dsp_name.c --- old/libgssglue-0.1/src/g_dsp_name.c 2006-04-01 23:51:06.000000000 +0200 +++ new/libgssglue-0.2/src/g_dsp_name.c 2011-03-17 00:31:46.000000000 +0100 @@ -49,7 +49,7 @@ OM_uint32 major_status; gss_union_name_t union_name; - if (input_name == 0) + if (input_name == GSS_C_NO_NAME) return GSS_S_BAD_NAME; union_name = (gss_union_name_t) input_name; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/src/g_initialize.c new/libgssglue-0.2/src/g_initialize.c --- old/libgssglue-0.1/src/g_initialize.c 2007-09-04 16:10:37.000000000 +0200 +++ new/libgssglue-0.2/src/g_initialize.c 2009-08-12 16:52:36.000000000 +0200 @@ -250,6 +250,7 @@ dlclose(dl); } /* while */ + fclose(conffile); return; } @@ -342,6 +343,7 @@ } } /* while */ + fclose(conffile); return; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/src/gssglue/config.h.in new/libgssglue-0.2/src/gssglue/config.h.in --- old/libgssglue-0.1/src/gssglue/config.h.in 2007-09-04 15:39:42.000000000 +0200 +++ new/libgssglue-0.2/src/gssglue/config.h.in 2011-03-17 00:39:27.000000000 +0100 @@ -47,6 +47,10 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + /* Name of package */ #undef PACKAGE @@ -62,6 +66,9 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/src/mglueP.h new/libgssglue-0.2/src/mglueP.h --- old/libgssglue-0.1/src/mglueP.h 2007-04-18 21:30:33.000000000 +0200 +++ new/libgssglue-0.2/src/mglueP.h 2011-03-17 00:31:46.000000000 +0100 @@ -17,6 +17,12 @@ (((o1)->length == (o2)->length) && \ (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)) +#define g_OID_copy(o1, o2) \ +do { \ + memcpy((o1)->elements, (o2)->elements, (o2)->length); \ + (o1)->length = (o2)->length; \ + } while (0) + /* * Array of context IDs typed by mechanism OID */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libgssglue-0.1/src/oid_ops.c new/libgssglue-0.2/src/oid_ops.c --- old/libgssglue-0.1/src/oid_ops.c 2006-04-01 21:39:59.000000000 +0200 +++ new/libgssglue-0.2/src/oid_ops.c 2011-03-17 00:31:46.000000000 +0100 @@ -375,3 +375,78 @@ return(GSS_S_FAILURE); } +/* + * Copyright 1993 by OpenVision Technologies, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of OpenVision not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. OpenVision makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ +OM_uint32 +generic_gss_copy_oid_set(OM_uint32 *minor_status, + const gss_OID_set_desc * const oidset, + gss_OID_set *new_oidset) +{ + gss_OID_set_desc *copy; + OM_uint32 minor = 0; + OM_uint32 major = GSS_S_COMPLETE; + OM_uint32 i; + + if (minor_status != NULL) + *minor_status = 0; + + if (new_oidset != NULL) + *new_oidset = GSS_C_NO_OID_SET; + + if (oidset == GSS_C_NO_OID_SET) + return (GSS_S_CALL_INACCESSIBLE_READ); + + if (new_oidset == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if ((copy = (gss_OID_set_desc *) calloc(1, sizeof (*copy))) == NULL) { + major = GSS_S_FAILURE; + goto done; + } + + if ((copy->elements = (gss_OID_desc *) + calloc(oidset->count, sizeof (*copy->elements))) == NULL) { + major = GSS_S_FAILURE; + goto done; + } + copy->count = oidset->count; + + for (i = 0; i < copy->count; i++) { + gss_OID_desc *out = ©->elements[i]; + gss_OID_desc *in = &oidset->elements[i]; + + if ((out->elements = (void *) malloc(in->length)) == NULL) { + major = GSS_S_FAILURE; + goto done; + } + (void) memcpy(out->elements, in->elements, in->length); + out->length = in->length; + } + + *new_oidset = copy; +done: + if (major != GSS_S_COMPLETE) { + (void) gss_release_oid_set(&minor, ©); + } + + return (major); +} ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
