New interface

cred.go

@@ -3,24 +3,6 @@ package gssapi
 /*
 #include <gssapi.h>
 
-gss_OID_desc GoStringToGssOID(_GoString_ s);
-
-OM_uint32 inquire_cred_by_mech (OM_uint32 *minor, const gss_cred_id_t cred_handle,  _GoString_ mechOid,
-            gss_name_t *output_name, OM_uint32 *init_life, OM_uint32 *accept_life, gss_cred_usage_t *usage) {
-	gss_OID_desc oid = GoStringToGssOID(mechOid);
-
-	return gss_inquire_cred_by_mech(minor, cred_handle, &oid, output_name, init_life, accept_life, usage);
-}
-
-OM_uint32 add_cred(OM_uint32 *minor, const gss_cred_id_t cred_handle, const gss_name_t name, _GoString_ mechOid,
-			gss_cred_usage_t usage, OM_uint32 initiator_lifetime, OM_uint32 acceptor_lifetime,
-			gss_OID_set *actual_mechs, OM_uint32 *initiator_rec, OM_uint32 *acceptor_rec) {
-	gss_OID_desc oid = GoStringToGssOID(mechOid);
-
-	return gss_add_cred(minor, cred_handle, name, &oid, usage, initiator_lifetime, acceptor_lifetime, NULL,
-		    actual_mechs, initiator_rec, acceptor_rec );
-}
-
 */
 import "C"
 
@@ -36,7 +18,7 @@ type Credential struct {
 	id C.gss_cred_id_t
 }
 
-func (library) AcquireCredential(name g.GssName, mechs []g.GssMech, usage g.CredUsage, lifetime time.Duration) (g.Credential, error) {
+func (provider) AcquireCredential(name g.GssName, mechs []g.GssMech, usage g.CredUsage, lifetime time.Duration) (g.Credential, error) {
 	// turn the mechs into an array of OIDs
 	gssOidSet := gssOidSetFromOids(mechsToOids(mechs))
 	gssOidSet.Pin()
@@ -142,13 +124,13 @@ func (c *Credential) Inquire() (*g.CredInfo, error) {
 }
 
 func (c *Credential) InquireByMech(mech g.GssMech) (*g.CredInfo, error) {
-	mechOid := mech.Oid()
+	cMechOid := oid2Coid(mech.Oid())
 
 	var minor C.OM_uint32
 	var cGssName C.gss_name_t // cGssName allocated by GSSAPI; releaseed by *1
 	var cTimeRecInit, cTimeRecAcc C.OM_uint32
 	var cCredUsage C.gss_cred_usage_t
-	major := C.inquire_cred_by_mech(&minor, c.id, string(mechOid), &cGssName, &cTimeRecInit, &cTimeRecAcc, &cCredUsage)
+	major := C.gss_inquire_cred_by_mech(&minor, c.id, cMechOid, &cGssName, &cTimeRecInit, &cTimeRecAcc, &cCredUsage)
 
 	if major != 0 {
 		return nil, makeMechStatus(major, minor, mech)
@@ -190,7 +172,7 @@ func (c *Credential) InquireByMech(mech g.GssMech) (*g.CredInfo, error) {
 }
 
 func (c *Credential) Add(name g.GssName, mech g.GssMech, usage g.CredUsage, initiatorLifetime time.Duration, acceptorLifetime time.Duration) error {
-	mechOid := mech.Oid()
+	cMechOid := oid2Coid(mech.Oid())
 
 	var cGssName C.gss_name_t
 	if name != nil {
@@ -205,7 +187,7 @@ func (c *Credential) Add(name g.GssName, mech g.GssMech, usage g.CredUsage, init
 	var minor C.OM_uint32
 	var cTimeRecInit, cTimeRecAcc C.OM_uint32
 	var cActualMechs C.gss_OID_set // cActualMechs.elements allocated by GSSAPI; released by *1
-	major := C.add_cred(&minor, c.id, cGssName, string(mechOid), C.int(usage), C.OM_uint32(initiatorLifetime.Seconds()), C.OM_uint32(acceptorLifetime.Seconds()), &cActualMechs, &cTimeRecInit, &cTimeRecAcc)
+	major := C.gss_add_cred(&minor, c.id, cGssName, cMechOid, C.int(usage), C.OM_uint32(initiatorLifetime.Seconds()), C.OM_uint32(acceptorLifetime.Seconds()), nil, &cActualMechs, &cTimeRecInit, &cTimeRecAcc)
 	if major != 0 {
 		return makeMechStatus(major, minor, mech)
 	}

go.mod

@@ -2,15 +2,13 @@ module github.com/golang-auth/go-gssapi-c
 
 go 1.18
 
-replace github.com/golang-auth/go-gssapi/v3 => ../go-gssapi/v3
-
-require (
-	github.com/golang-auth/go-gssapi/v3 v3.0.0-00010101000000-000000000000
-	github.com/stretchr/testify v1.9.0
-)
+require github.com/stretchr/testify v1.9.0
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/golang-auth/go-gssapi/v3 v3.0.0-alpha // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+replace github.com/golang-auth/go-gssapi/v3 => ../go-gssapi/v3

go.sum

@@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/golang-auth/go-gssapi/v3 v3.0.0-alpha h1:vzRDfKlo9OFYaxUOYSrdZ1JiC0TSTWbLtO1y2mNq7Vg=
+github.com/golang-auth/go-gssapi/v3 v3.0.0-alpha/go.mod h1:xNotWZQDADAqcBR4A7AKn+p4tSxQE4m6KA06J41U0cY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=

helpers.go

@@ -2,21 +2,6 @@ package gssapi
 
 /*
 #include <gssapi.h>
-
-gss_OID_desc GoStringToGssOID(_GoString_ s) {
-	size_t l = _GoStringLen(s);
-	void *elms = (void*)_GoStringPtr(s);
-	gss_OID_desc oid = {l, elms};
-	return oid;
-}
-
-gss_buffer_desc GoStringToGssBuffer(_GoString_ s) {
-	size_t l = _GoStringLen(s);
-	void *value = (void*)_GoStringPtr(s);
-	gss_buffer_desc buf = {l, value};
-	return buf;
-}
-
 */
 import "C"
 
@@ -100,3 +85,14 @@ func bytesToCBuffer(b []byte) (C.gss_buffer_desc, runtime.Pinner) {
 
 	return ret, pinner
 }
+
+func oid2Coid(oid g.Oid) C.gss_OID {
+	if len(oid) > 0 {
+		return &C.gss_OID_desc{
+			length:   C.OM_uint32(len(oid)),
+			elements: unsafe.Pointer(&oid[0]),
+		}
+	} else {
+		return C.GSS_C_NO_OID
+	}
+}

names.go

@@ -2,26 +2,6 @@ package gssapi
 
 /*
 #include <gssapi.h>
-
-gss_OID_desc GoStringToGssOID(_GoString_ s);
-gss_buffer_desc GoStringToGssBuffer(_GoString_ s);
-
-// _GoString_ is really a convenient []byte here..
-OM_uint32 import_name(_GoString_ name, _GoString_ nameOid, OM_uint32 *minor, gss_name_t *output_name) {
-	gss_buffer_desc nameBuf = GoStringToGssBuffer(name);
-	gss_OID_desc oid = GoStringToGssOID(nameOid);
-	gss_OID pOid = oid.length > 0 ? &oid : GSS_C_NO_OID;
-
-	return gss_import_name(minor, &nameBuf, pOid, output_name);
-}
-
-OM_uint32 canonicalize_name(const gss_name_t name, _GoString_ mechOid, OM_uint32 *minor, gss_name_t *output_name) {
-	gss_OID_desc oid = GoStringToGssOID(mechOid);
-
-	return gss_canonicalize_name(minor, name, &oid, output_name);
-}
-
-
 */
 import "C"
 
@@ -40,11 +20,15 @@ func nameFromGssInternal(name C.gss_name_t) GssName {
 	return GssName{name}
 }
 
-func (library) ImportName(name string, nameType g.GssNameType) (g.GssName, error) {
-	nameOid := nameType.Oid()
+func (provider) ImportName(name string, nameType g.GssNameType) (g.GssName, error) {
+	cNameOid := oid2Coid(nameType.Oid())
+
+	cNameBuf, pinner := bytesToCBuffer([]byte(name))
+	defer pinner.Unpin()
+
 	var minor C.OM_uint32
 	var cGssName C.gss_name_t
-	major := C.import_name(name, string(nameOid), &minor, &cGssName)
+	major := C.gss_import_name(&minor, &cNameBuf, cNameOid, &cGssName)
 
 	if major != 0 {
 		return nil, makeStatus(major, minor)
@@ -55,6 +39,44 @@ func (library) ImportName(name string, nameType g.GssNameType) (g.GssName, error
 	}, nil
 }
 
+func (provider) InquireNamesForMech(mech g.GssMech) ([]g.GssNameType, error) {
+	cMechOid := oid2Coid(mech.Oid())
+
+	var minor C.OM_uint32
+	var cNameTypes C.gss_OID_set // cNameTypes.elements allocated by GSSAPI; released by *1
+	major := C.gss_inquire_names_for_mech(&minor, cMechOid, &cNameTypes)
+
+	if major != 0 {
+		return nil, makeStatus(major, minor)
+	}
+
+	defer C.gss_release_oid_set(&minor, &cNameTypes)
+
+	nameTypeOids := oidsFromGssOidSet(cNameTypes)
+	ret := make([]g.GssNameType, 0, len(nameTypeOids))
+
+	seen := make(map[string]bool)
+
+	for _, oid := range nameTypeOids {
+		nt, err := g.NameFromOid(oid)
+		switch {
+		default:
+			ntStr := nt.String()
+			if _, ok := seen[ntStr]; !ok {
+				ret = append(ret, nt)
+				seen[nt.String()] = true
+			}
+		case errors.Is(err, g.ErrBadNameType):
+			// warn
+			continue
+		case err != nil:
+			return nil, err
+		}
+	}
+
+	return ret, nil
+}
+
 func (n *GssName) Compare(other g.GssName) (bool, error) {
 	// other must be our type, not one from a different GSSAPI impl
 	// .. but this method needs to implement gsscommon.GssName.Compare()
@@ -141,10 +163,11 @@ func (n *GssName) InquireMechs() ([]g.GssMech, error) {
 }
 
 func (n *GssName) Canonicalize(mech g.GssMech) (g.GssName, error) {
-	mechOid := mech.Oid()
+	cMechOid := oid2Coid(mech.Oid())
+
 	var minor C.OM_uint32
 	var cOutName C.gss_name_t
-	major := C.canonicalize_name(n.name, string(mechOid), &minor, &cOutName)
+	major := C.gss_canonicalize_name(&minor, n.name, cMechOid, &cOutName)
 	if major != 0 {
 		return nil, makeMechStatus(major, minor, mech)
 	}

provider.go

@@ -9,19 +9,18 @@ import (
 // #cgo LDFLAGS: -lgssapi_krb5
 import "C"
 
-
 const LIBID = "GSSAPI-C"
 
 func init() {
 	g.RegisterProvider(LIBID, New)
 }
 
-type library struct {
+type provider struct {
 	name string
 }
 
 func New() g.Provider {
-	return &library{
+	return &provider{
 		name: LIBID,
 	}
 }

provider_test.go

@@ -0,0 +1,13 @@
+package gssapi
+
+import (
+	"testing"
+
+	g "github.com/golang-auth/go-gssapi/v3"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestProvider(t *testing.T) {
+	p := g.NewProvider("GSSAPI-C")
+	assert.IsType(t, &provider{}, p)
+}