aboutsummaryrefslogtreecommitdiff
path: root/crypto/krb5/src/lib/gssapi/generic
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/krb5/src/lib/gssapi/generic')
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/Makefile.in5
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/deps93
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/gssapiP_generic.h49
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/maptest.c2
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/oid_ops.c9
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/t_seqstate.c2
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/util_errmap.c6
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/util_set.c91
-rw-r--r--crypto/krb5/src/lib/gssapi/generic/util_token.c83
9 files changed, 106 insertions, 234 deletions
diff --git a/crypto/krb5/src/lib/gssapi/generic/Makefile.in b/crypto/krb5/src/lib/gssapi/generic/Makefile.in
index 1a95a7d3bbe5..10cc3bb77ab3 100644
--- a/crypto/krb5/src/lib/gssapi/generic/Makefile.in
+++ b/crypto/krb5/src/lib/gssapi/generic/Makefile.in
@@ -1,6 +1,6 @@
mydir=lib$(S)gssapi$(S)generic
BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/..
+LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/../mechglue
##DOS##BUILDTOP = ..\..\..
##DOS##PREFIXDIR=generic
@@ -66,7 +66,6 @@ SRCS = \
$(srcdir)/util_buffer.c \
$(srcdir)/util_buffer_set.c \
$(srcdir)/util_errmap.c \
- $(srcdir)/util_set.c \
$(srcdir)/util_seqstate.c \
$(srcdir)/util_token.c \
gssapi_err_generic.c
@@ -83,7 +82,6 @@ OBJS = \
$(OUTPRE)util_buffer.$(OBJEXT) \
$(OUTPRE)util_buffer_set.$(OBJEXT) \
$(OUTPRE)util_errmap.$(OBJEXT) \
- $(OUTPRE)util_set.$(OBJEXT) \
$(OUTPRE)util_seqstate.$(OBJEXT) \
$(OUTPRE)util_token.$(OBJEXT) \
$(OUTPRE)gssapi_err_generic.$(OBJEXT)
@@ -98,7 +96,6 @@ STLIBOBJS = \
util_buffer.o \
util_buffer_set.o \
util_errmap.o \
- util_set.o \
util_seqstate.o \
util_token.o \
gssapi_err_generic.o
diff --git a/crypto/krb5/src/lib/gssapi/generic/deps b/crypto/krb5/src/lib/gssapi/generic/deps
index 0f0909256471..f1acbbacc934 100644
--- a/crypto/krb5/src/lib/gssapi/generic/deps
+++ b/crypto/krb5/src/lib/gssapi/generic/deps
@@ -4,80 +4,75 @@
disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h disp_com_err_status.c \
- gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
- gssapi_generic.h
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ disp_com_err_status.c gssapiP_generic.h gssapi_err_generic.h \
+ gssapi_ext.h gssapi_generic.h
disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h disp_major_status.c \
- gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
- gssapi_generic.h
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ disp_major_status.c gssapiP_generic.h gssapi_err_generic.h \
+ gssapi_ext.h gssapi_generic.h
gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.c \
- gssapi_generic.h
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.c gssapi_generic.h
oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
$(BUILDTOP)/include/gssapi/gssapi_generic.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- oid_ops.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h oid_ops.c
rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- rel_buffer.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h rel_buffer.c
rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- rel_oid_set.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h rel_oid_set.c
util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- util_buffer.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h util_buffer.c
util_buffer_set.so util_buffer_set.po $(OUTPRE)util_buffer_set.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- util_buffer_set.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h util_buffer_set.c
util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/krb5/krb5.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+ $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(srcdir)/../mechglue/mechglue.h \
+ $(srcdir)/../mechglue/mglueP.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-platform.h \
$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
errmap.h gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
gssapi_generic.h util_errmap.c
-util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- util_set.c
util_seqstate.so util_seqstate.po $(OUTPRE)util_seqstate.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- util_seqstate.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h util_seqstate.c
util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
@@ -91,7 +86,7 @@ gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT
t_seqstate.so t_seqstate.po $(OUTPRE)t_seqstate.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
$(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
- gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
- t_seqstate.c
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-input.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+ gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+ gssapi_generic.h t_seqstate.c
diff --git a/crypto/krb5/src/lib/gssapi/generic/gssapiP_generic.h b/crypto/krb5/src/lib/gssapi/generic/gssapiP_generic.h
index 3c6bfa53d074..96dd605460d9 100644
--- a/crypto/krb5/src/lib/gssapi/generic/gssapiP_generic.h
+++ b/crypto/krb5/src/lib/gssapi/generic/gssapiP_generic.h
@@ -47,6 +47,7 @@
#include "k5-platform.h"
#include "k5-buf.h"
+#include "k5-input.h"
/** helper macros **/
@@ -66,14 +67,10 @@
/** helper functions **/
/* hide names from applications, especially glib applications */
-#define g_set_init gssint_g_set_init
-#define g_set_destroy gssint_g_set_destroy
-#define g_set_entry_add gssint_g_set_entry_add
-#define g_set_entry_delete gssint_g_set_entry_delete
-#define g_set_entry_get gssint_g_set_entry_get
#define g_make_string_buffer gssint_g_make_string_buffer
#define g_token_size gssint_g_token_size
#define g_make_token_header gssint_g_make_token_header
+#define g_get_token_header gssint_g_get_token_header
#define g_verify_token_header gssint_g_verify_token_header
#define g_display_major_status gssint_g_display_major_status
#define g_display_com_err_status gssint_g_display_com_err_status
@@ -84,39 +81,9 @@
#define g_seqstate_externalize gssint_g_seqstate_externalize
#define g_seqstate_internalize gssint_g_seqstate_internalize
#define g_canonicalize_host gssint_g_canonicalize_host
-#define g_local_host_name gssint_g_local_host_name
-#define g_strdup gssint_g_strdup
-
-typedef struct _g_set_elt *g_set_elt;
-typedef struct {
- k5_mutex_t mutex;
- void *data;
-} g_set;
-#define G_SET_INIT { K5_MUTEX_PARTIAL_INITIALIZER, 0 }
typedef struct g_seqnum_state_st *g_seqnum_state;
-int g_set_init (g_set_elt *s);
-int g_set_destroy (g_set_elt *s);
-int g_set_entry_add (g_set_elt *s, void *key, void *value);
-int g_set_entry_delete (g_set_elt *s, void *key);
-int g_set_entry_get (g_set_elt *s, void *key, void **value);
-
-int g_save_name (g_set *vdb, gss_name_t name);
-int g_save_cred_id (g_set *vdb, gss_cred_id_t cred);
-int g_save_ctx_id (g_set *vdb, gss_ctx_id_t ctx);
-int g_save_lucidctx_id (g_set *vdb, void *lctx);
-
-int g_validate_name (g_set *vdb, gss_name_t name);
-int g_validate_cred_id (g_set *vdb, gss_cred_id_t cred);
-int g_validate_ctx_id (g_set *vdb, gss_ctx_id_t ctx);
-int g_validate_lucidctx_id (g_set *vdb, void *lctx);
-
-int g_delete_name (g_set *vdb, gss_name_t name);
-int g_delete_cred_id (g_set *vdb, gss_cred_id_t cred);
-int g_delete_ctx_id (g_set *vdb, gss_ctx_id_t ctx);
-int g_delete_lucidctx_id (g_set *vdb, void *lctx);
-
int g_make_string_buffer (const char *str, gss_buffer_t buffer);
unsigned int g_token_size (const gss_OID_desc * mech, unsigned int body_size);
@@ -124,14 +91,10 @@ unsigned int g_token_size (const gss_OID_desc * mech, unsigned int body_size);
void g_make_token_header (struct k5buf *buf, const gss_OID_desc *mech,
size_t body_size, int tok_type);
-/* flags for g_verify_token_header() */
-#define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED 0x01
+int g_get_token_header (struct k5input *in, gss_OID oid_out,
+ size_t *token_len_out);
-gss_int32 g_verify_token_header (const gss_OID_desc * mech,
- unsigned int *body_size,
- unsigned char **buf, int tok_type,
- unsigned int toksize_in,
- int flags);
+int g_verify_token_header(struct k5input *in, gss_const_OID expected_mech);
OM_uint32 g_display_major_status (OM_uint32 *minor_status,
OM_uint32 status_value,
@@ -152,8 +115,6 @@ long g_seqstate_externalize(g_seqnum_state state, unsigned char **buf,
long g_seqstate_internalize(g_seqnum_state *state_out, unsigned char **buf,
size_t *lenremain);
-char *g_strdup (char *str);
-
/** declarations of internal name mechanism functions **/
OM_uint32
diff --git a/crypto/krb5/src/lib/gssapi/generic/maptest.c b/crypto/krb5/src/lib/gssapi/generic/maptest.c
index 566d88c316f1..ab3ed90fca76 100644
--- a/crypto/krb5/src/lib/gssapi/generic/maptest.c
+++ b/crypto/krb5/src/lib/gssapi/generic/maptest.c
@@ -42,7 +42,7 @@ static void intprt(int v, FILE *f)
foo foo1;
-int main ()
+int main (void)
{
elt v1 = { 1, 2 }, v2 = { 3, 4 };
const elt *vp;
diff --git a/crypto/krb5/src/lib/gssapi/generic/oid_ops.c b/crypto/krb5/src/lib/gssapi/generic/oid_ops.c
index 253d64694dd4..0d65a95fcf0b 100644
--- a/crypto/krb5/src/lib/gssapi/generic/oid_ops.c
+++ b/crypto/krb5/src/lib/gssapi/generic/oid_ops.c
@@ -68,8 +68,7 @@
OM_uint32
generic_gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
{
- if (minor_status)
- *minor_status = 0;
+ *minor_status = 0;
if (oid == NULL || *oid == GSS_C_NO_OID)
return(GSS_S_COMPLETE);
@@ -245,8 +244,7 @@ generic_gss_oid_to_str(OM_uint32 *minor_status,
unsigned char *cp;
struct k5buf buf;
- if (minor_status != NULL)
- *minor_status = 0;
+ *minor_status = 0;
if (oid_str != GSS_C_NO_BUFFER) {
oid_str->length = 0;
@@ -353,8 +351,7 @@ generic_gss_str_to_oid(OM_uint32 *minor_status,
int brace = 0;
gss_OID oid;
- if (minor_status != NULL)
- *minor_status = 0;
+ *minor_status = 0;
if (oid_out != NULL)
*oid_out = GSS_C_NO_OID;
diff --git a/crypto/krb5/src/lib/gssapi/generic/t_seqstate.c b/crypto/krb5/src/lib/gssapi/generic/t_seqstate.c
index 8f44fcf3edb2..4df1ed6b9c6c 100644
--- a/crypto/krb5/src/lib/gssapi/generic/t_seqstate.c
+++ b/crypto/krb5/src/lib/gssapi/generic/t_seqstate.c
@@ -164,7 +164,7 @@ struct test {
};
int
-main()
+main(void)
{
size_t i, j;
enum width w;
diff --git a/crypto/krb5/src/lib/gssapi/generic/util_errmap.c b/crypto/krb5/src/lib/gssapi/generic/util_errmap.c
index 628a455d2ad4..138310ce63c0 100644
--- a/crypto/krb5/src/lib/gssapi/generic/util_errmap.c
+++ b/crypto/krb5/src/lib/gssapi/generic/util_errmap.c
@@ -25,6 +25,7 @@
*/
#include "gssapiP_generic.h"
+#include <mglueP.h>
#include <string.h>
#ifndef _WIN32
#include <unistd.h>
@@ -181,6 +182,9 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
f = stderr;
#endif
+ if (gssint_mechglue_initialize_library() != 0)
+ return 0;
+
me.code = minor;
me.mech = *oid;
k5_mutex_lock(&mutex);
@@ -249,7 +253,7 @@ int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
{
const struct mecherror *p;
- if (minor == 0) {
+ if (minor == 0 || gssint_mechglue_initialize_library() != 0) {
return EINVAL;
}
k5_mutex_lock(&mutex);
diff --git a/crypto/krb5/src/lib/gssapi/generic/util_set.c b/crypto/krb5/src/lib/gssapi/generic/util_set.c
deleted file mode 100644
index 432a9ee0de99..000000000000
--- a/crypto/krb5/src/lib/gssapi/generic/util_set.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright 1995 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose. It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * $Id$
- */
-
-#include "gssapiP_generic.h"
-
-struct _g_set_elt {
- void *key;
- void *value;
- struct _g_set_elt *next;
-};
-
-int g_set_init(g_set_elt *s)
-{
- *s = NULL;
-
- return(0);
-}
-
-int g_set_entry_add(g_set_elt *s, void *key, void *value)
-{
- g_set_elt first;
-
- if ((first = (struct _g_set_elt *) malloc(sizeof(struct _g_set_elt))) == NULL)
- return(ENOMEM);
-
- first->key = key;
- first->value = value;
- first->next = *s;
-
- *s = first;
-
- return(0);
-}
-
-int g_set_entry_delete(g_set_elt *s, void *key)
-{
- g_set_elt *p;
-
- for (p=s; *p; p = &((*p)->next)) {
- if ((*p)->key == key) {
- g_set_elt next = (*p)->next;
- free(*p);
- *p = next;
-
- return(0);
- }
- }
-
- return(-1);
-}
-
-int g_set_entry_get(g_set_elt *s, void *key, void **value)
-{
- g_set_elt p;
-
- for (p = *s; p; p = p->next) {
- if (p->key == key) {
- *value = p->value;
-
- return(0);
- }
- }
-
- *value = NULL;
-
- return(-1);
-}
diff --git a/crypto/krb5/src/lib/gssapi/generic/util_token.c b/crypto/krb5/src/lib/gssapi/generic/util_token.c
index 2369cae22e68..1ee948fcc19d 100644
--- a/crypto/krb5/src/lib/gssapi/generic/util_token.c
+++ b/crypto/krb5/src/lib/gssapi/generic/util_token.c
@@ -62,47 +62,56 @@ g_make_token_header(struct k5buf *buf, const gss_OID_desc *mech,
}
/*
- * Given a buffer containing a token, reads and verifies the token,
- * leaving buf advanced past the token header, and setting body_size
- * to the number of remaining bytes. Returns 0 on success,
- * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
- * mechanism in the token does not match the mech argument. buf and
- * *body_size are left unmodified on error.
+ * If a valid GSSAPI generic token header is present at the beginning of *in,
+ * advance past it, set *oid_out to the mechanism OID in the header, set
+ * *token_len_out to the total token length (including the header) as indicated
+ * by length of the outermost DER value, and return true. Otherwise return
+ * false, leaving *in unchanged if it did not begin with a 0x60 byte.
+ *
+ * Do not verify that the outermost length matches or fits within in->len, as
+ * we need to be able to handle a detached header for krb5 IOV unwrap. It is
+ * the caller's responsibility to validate *token_len_out if necessary.
*/
-
-gss_int32
-g_verify_token_header(
- const gss_OID_desc * mech,
- unsigned int *body_size,
- unsigned char **buf_in,
- int tok_type,
- unsigned int toksize_in,
- int flags)
+int
+g_get_token_header(struct k5input *in, gss_OID oid_out, size_t *token_len_out)
{
- struct k5input in, mech_der;
- gss_OID_desc toid;
+ size_t len, tlen;
+ const uint8_t *orig_ptr = in->ptr;
+ struct k5input oidbytes;
- k5_input_init(&in, *buf_in, toksize_in);
+ /* Read the outermost tag and length, and compute the full token length. */
+ if (!k5_der_get_taglen(in, 0x60, &len))
+ return 0;
+ tlen = len + (in->ptr - orig_ptr);
- if (k5_der_get_value(&in, 0x60, &in)) {
- if (in.ptr + in.len != *buf_in + toksize_in)
- return G_BAD_TOK_HEADER;
- if (!k5_der_get_value(&in, 0x06, &mech_der))
- return G_BAD_TOK_HEADER;
- toid.elements = (uint8_t *)mech_der.ptr;
- toid.length = mech_der.len;
- if (!g_OID_equal(&toid, mech))
- return G_WRONG_MECH;
- } else if (flags & G_VFY_TOKEN_HDR_WRAPPER_REQUIRED) {
- return G_BAD_TOK_HEADER;
- }
+ /* Read the mechanism OID. */
+ if (!k5_der_get_value(in, 0x06, &oidbytes))
+ return 0;
+ oid_out->length = oidbytes.len;
+ oid_out->elements = (uint8_t *)oidbytes.ptr;
- if (tok_type != -1) {
- if (k5_input_get_uint16_be(&in) != tok_type)
- return in.status ? G_BAD_TOK_HEADER : G_WRONG_TOKID;
- }
+ *token_len_out = tlen;
+ return 1;
+}
- *buf_in = (uint8_t *)in.ptr;
- *body_size = in.len;
- return 0;
+/*
+ * If a token header for expected_mech is present in *in and the token length
+ * indicated by the header is equal to in->len, advance past the header and
+ * return true. Otherwise return false. Leave *in unmodified if no token
+ * header is present or it is for a different mechanism.
+ */
+int
+g_verify_token_header(struct k5input *in, gss_const_OID expected_mech)
+{
+ struct k5input orig = *in;
+ gss_OID_desc mech;
+ size_t tlen, orig_len = in->len;
+
+ if (!g_get_token_header(in, &mech, &tlen) || tlen != orig_len)
+ return 0;
+ if (!g_OID_equal(&mech, expected_mech)) {
+ *in = orig;
+ return 0;
+ }
+ return 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 19:17:46 +0000