debug credential import/export

PADL · Jan 30, 2014 · 6231333 · 6231333
1 parent cda6339
commit 6231333
Show file tree

Hide file tree

Showing 7 changed files with 354 additions and 114 deletions.
diff --git a/acinclude.m4 b/acinclude.m4
@@ -79,9 +79,11 @@ else
 	AC_CHECK_LIB(krb5, GSS_C_NT_COMPOSITE_EXPORT, [AC_DEFINE_UNQUOTED([HAVE_GSS_C_NT_COMPOSITE_EXPORT], 1, [Define if GSS-API library supports recent naming extensions draft])], [], "$KRB5_LIBS")
 	AC_CHECK_LIB(krb5, gss_inquire_attrs_for_mech, [AC_DEFINE_UNQUOTED([HAVE_GSS_INQUIRE_ATTRS_FOR_MECH], 1, [Define if GSS-API library supports RFC 5587])], [], "$KRB5_LIBS")
 	AC_CHECK_LIB(krb5, gss_krb5_import_cred, [AC_DEFINE_UNQUOTED([HAVE_GSS_KRB5_IMPORT_CRED], 1, [Define if GSS-API library supports gss_krb5_import_cred])], [], "$KRB5_LIBS")
-	AC_CHECK_LIB(krb5, gss_acquire_cred_from, [AC_DEFINE_UNQUOTED([HAVE_GSS_ACQUIRE_CRED_FROM], 1, [Define if GSS-API library supports gss_acquire_cred_from]), gss_acquire_cred_from=yes], [gss_acquire_cred_from=no], "$KRB5_LIBS")
-	AC_CHECK_LIB(krb5, gss_aapl_initial_cred, [AC_DEFINE_UNQUOTED([HAVE_GSS_AAPL_INITIAL_CRED], 1, [Define if GSS-API library supports gss_aapl_initial_cred]), gss_aapl_initial_cred=yes], [gss_aapl_initial_cred=no], "$KRB5_LIBS")
-	AC_CHECK_LIB(krb5, heimdal_version, [AC_DEFINE_UNQUOTED([HAVE_HEIMDAL_VERSION], 1, [Define if building against Heimdal Kerberos implementation]), heimdal=yes], [heimdal=no], "$KRB5_LIBS")
+	AC_CHECK_LIB(krb5, gss_acquire_cred_from, [AC_DEFINE_UNQUOTED([HAVE_GSS_ACQUIRE_CRED_FROM], 1, [Define if GSS-API library supports gss_acquire_cred_from]) gss_acquire_cred_from=yes], [gss_acquire_cred_from=no], "$KRB5_LIBS")
+	AC_CHECK_LIB(krb5, gss_aapl_initial_cred, [AC_DEFINE_UNQUOTED([HAVE_GSS_AAPL_INITIAL_CRED], 1, [Define if GSS-API library supports gss_aapl_initial_cred]) gss_aapl_initial_cred=yes], [gss_aapl_initial_cred=no], "$KRB5_LIBS")
+	AC_CHECK_LIB(krb5, gss_oid_to_str, [AC_DEFINE_UNQUOTED([HAVE_GSS_OID_TO_STR], 1, [Define if GSS-API library supports gss_oid_to_str]) gss_oid_to_str=yes], [gss_oid_to_str=no], "$KRB5_LIBS")
+	AC_CHECK_LIB(krb5, gss_str_to_oid, [AC_DEFINE_UNQUOTED([HAVE_GSS_STR_TO_OID], 1, [Define if GSS-API library supports gss_str_to_oid]) gss_str_to_oid=yes], [gss_str_to_oid=no], "$KRB5_LIBS")
+	AC_CHECK_LIB(krb5, heimdal_version, [AC_DEFINE_UNQUOTED([HAVE_HEIMDAL_VERSION], 1, [Define if building against Heimdal Kerberos implementation]) heimdal=yes], [heimdal=no], "$KRB5_LIBS")
 fi
 ])dnl
 

diff --git a/mech_browserid/import_sec_context.c b/mech_browserid/import_sec_context.c
@@ -48,36 +48,6 @@
         }                                       \
     } while (0)
 
-static OM_uint32
-importMechanismOid(OM_uint32 *minor,
-                   unsigned char **pBuf,
-                   size_t *pRemain,
-                   gss_OID *pOid)
-{
-    OM_uint32 major;
-    unsigned char *p = *pBuf;
-    size_t remain = *pRemain;
-    gss_OID_desc oidBuf;
-
-    oidBuf.length = load_uint32_be(p);
-    if (remain < 4 + oidBuf.length || oidBuf.length == 0) {
-        *minor = GSSBID_TOK_TRUNC;
-        return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    oidBuf.elements = &p[4];
-
-    major = gssBidCanonicalizeOid(minor, &oidBuf, 0, pOid);
-    if (GSS_ERROR(major))
-        return major;
-
-    *pBuf    += 4 + oidBuf.length;
-    *pRemain -= 4 + oidBuf.length;
-
-    *minor = 0;
-    return GSS_S_COMPLETE;
-}
-
 static OM_uint32
 importKerberosKey(OM_uint32 *minor,
                   unsigned char **pBuf,
@@ -221,7 +191,7 @@ gssBidImportContext(OM_uint32 *minor,
     if (CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx))
         return GSS_S_DEFECTIVE_TOKEN;
 
-    major = importMechanismOid(minor, &p, &remain, &ctx->mechanismUsed);
+    major = gssBidImportMechanismOid(minor, &p, &remain, &ctx->mechanismUsed);
     if (GSS_ERROR(major))
         return major;
 

diff --git a/mech_browserid/util.h b/mech_browserid/util.h
@@ -593,6 +593,12 @@ gssBidInitiatorInit(OM_uint32 *minor);
 gss_OID
 gssBidSaslNameToOid(const gss_buffer_t name);
 
+OM_uint32
+gssBidImportMechanismOid(OM_uint32 *minor,
+                        unsigned char **pBuf,
+                        size_t *pRemain,
+                        gss_OID *pOid);
+
 /* util_name.c */
 #define EXPORT_NAME_FLAG_OID                    0x1
 #define EXPORT_NAME_FLAG_COMPOSITE              0x2
@@ -694,6 +700,26 @@ oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
                 memcmp(o1->elements, o2->elements, o1->length) == 0);
 }
 
+OM_uint32
+oidToJson(OM_uint32 *minor,
+          gss_OID oid,
+          json_t **pJson);
+
+OM_uint32
+jsonToOid(OM_uint32 *minor,
+          json_t *json,
+          gss_OID *pOid);
+
+OM_uint32
+oidSetToJson(OM_uint32 *minor,
+             gss_OID_set oidSet,
+             json_t **pJson);
+
+OM_uint32
+jsonToOidSet(OM_uint32 *minor,
+             json_t *json,
+             gss_OID_set *pOidSet);
+
 /* util_ordering.c */
 OM_uint32
 sequenceInternalize(OM_uint32 *minor,