Mercurial > illumos > illumos-gate
changeset 13628:03b37ed99c1b
2179 gss should be more careful with pointer casts
Reviewed by: Albert Lee <trisk@nexenta.com>
Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
Reviewed by: Jason King <jason.brian.king@gmail.com>
Reviewed by: Milan Jurik <milan.jurik@xylab.cz>
Approved by: Gordon Ross <gwr@nexenta.com>
author | Richard Lowe <richlowe@richlowe.net> |
---|---|
date | Mon, 16 May 2011 02:18:09 +0100 |
parents | 81f67a2ecd98 |
children | 741592a55c4c |
files | usr/src/cmd/gss/gssd/gssd_clnt_stubs.c usr/src/uts/common/gssapi/gssd_clnt_stubs.c usr/src/uts/common/gssapi/include/mechglueP.h |
diffstat | 3 files changed, 86 insertions(+), 97 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/gss/gssd/gssd_clnt_stubs.c Wed Jun 22 12:54:00 2011 -0700 +++ b/usr/src/cmd/gss/gssd/gssd_clnt_stubs.c Mon May 16 02:18:09 2011 +0100 @@ -326,8 +326,7 @@ arg.uid = (OM_uint32) uid; arg.input_cred_handle.GSS_CRED_ID_T_len = - input_cred_handle == - (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + input_cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.input_cred_handle.GSS_CRED_ID_T_val = (char *)&input_cred_handle; @@ -454,7 +453,7 @@ gssd_cred_verifier = KCRED_TO_CREDV(input_cred_handle); gssd_input_cred_handle = KCRED_TO_CRED(input_cred_handle); } else - gssd_input_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL; + gssd_input_cred_handle = GSSD_NO_CREDENTIAL; err = kgss_add_cred_wrapped(minor_status, gssd_input_cred_handle, gssd_cred_verifier, desired_name, desired_mech_type, @@ -620,7 +619,7 @@ arg.gssd_context_verifier = *gssd_context_verifier; arg.claimant_cred_handle.GSS_CRED_ID_T_len = - claimant_cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + claimant_cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.claimant_cred_handle.GSS_CRED_ID_T_val = (char *)&claimant_cred_handle; @@ -803,20 +802,20 @@ if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) { gssd_cred_verifier = - KCRED_TO_CREDV(claimant_cred_handle); + KCRED_TO_CREDV(claimant_cred_handle); gssd_cl_cred_handle = - KCRED_TO_CRED(claimant_cred_handle); - } else - gssd_cl_cred_handle = - (gssd_cred_id_t)GSS_C_NO_CREDENTIAL; + KCRED_TO_CRED(claimant_cred_handle); + } else { + gssd_cl_cred_handle = GSSD_NO_CREDENTIAL; + } err = kgss_init_sec_context_wrapped(minor_status, - gssd_cl_cred_handle, - gssd_cred_verifier, &kctx->gssd_ctx, - &kctx->gssd_ctx_verifier, - target_name, mech_type, req_flags, time_req, - input_chan_bindings, input_token, actual_mech_type, - output_token, ret_flags, time_rec, uid); + gssd_cl_cred_handle, + gssd_cred_verifier, &kctx->gssd_ctx, + &kctx->gssd_ctx_verifier, + target_name, mech_type, req_flags, time_req, + input_chan_bindings, input_token, actual_mech_type, + output_token, ret_flags, time_rec, uid); if (GSS_ERROR(err)) { KGSS_FREE(kctx); @@ -868,7 +867,7 @@ arg.uid = (OM_uint32) uid; arg.context_handle.GSS_CTX_ID_T_len = - *context_handle == (gssd_ctx_id_t)GSS_C_NO_CONTEXT ? + *context_handle == GSSD_NO_CONTEXT ? 0 : (uint_t)sizeof (gssd_ctx_id_t); arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle; arg.gssd_context_verifier = @@ -876,8 +875,7 @@ 0 : *gssd_context_verifier; arg.verifier_cred_handle.GSS_CRED_ID_T_len = - verifier_cred_handle == - (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + verifier_cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.verifier_cred_handle.GSS_CRED_ID_T_val = (char *)&verifier_cred_handle; @@ -1054,24 +1052,24 @@ if (*context_handle == GSS_C_NO_CONTEXT) { kctx = KGSS_ALLOC(); *context_handle = (gss_ctx_id_t)kctx; - kctx->gssd_ctx = (gssd_ctx_id_t)GSS_C_NO_CONTEXT; + kctx->gssd_ctx = GSSD_NO_CONTEXT; } else kctx = (struct kgss_ctx *)*context_handle; if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) { gssd_cred_verifier = - KCRED_TO_CREDV(verifier_cred_handle); + KCRED_TO_CREDV(verifier_cred_handle); gssd_ver_cred_handle = - KCRED_TO_CRED(verifier_cred_handle); + KCRED_TO_CRED(verifier_cred_handle); } else - gssd_ver_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL; + gssd_ver_cred_handle = GSSD_NO_CREDENTIAL; err = kgss_accept_sec_context_wrapped(minor_status, - &kctx->gssd_ctx, - &kctx->gssd_ctx_verifier, gssd_ver_cred_handle, - gssd_cred_verifier, input_token, input_chan_bindings, - src_name, mech_type, output_token, ret_flags, - time_rec, delegated_cred_handle, uid); + &kctx->gssd_ctx, + &kctx->gssd_ctx_verifier, gssd_ver_cred_handle, + gssd_cred_verifier, input_token, input_chan_bindings, + src_name, mech_type, output_token, ret_flags, + time_rec, delegated_cred_handle, uid); if (GSS_ERROR(err)) { KGSS_FREE(kctx); @@ -1234,10 +1232,10 @@ kctx = KCTX_TO_KGSS_CTX(*context_handle); err = kgss_delete_sec_context_wrapped(minor_status, - &kctx->gssd_ctx, kctx->gssd_ctx_verifier, - output_token); - - if (kctx->gssd_ctx != (gssd_ctx_id_t)GSS_C_NO_CONTEXT) + &kctx->gssd_ctx, kctx->gssd_ctx_verifier, + output_token); + + if (kctx->gssd_ctx != GSSD_NO_CONTEXT) err = GSS_S_FAILURE; else err = GSS_S_COMPLETE; @@ -1348,8 +1346,8 @@ return (GSS_S_FAILURE); return (KGSS_SIGN(minor_status, - context_handle, qop_req, message_buffer, - msg_token)); + context_handle, qop_req, message_buffer, + msg_token)); } OM_uint32 @@ -1432,8 +1430,7 @@ return (GSS_S_FAILURE); return (KGSS_VERIFY(minor_status, context_handle, - message_buffer, - token_buffer, qop_state)); + message_buffer, token_buffer, qop_state)); } @@ -1657,9 +1654,8 @@ return (GSS_S_FAILURE); return (KGSS_UNSEAL(minor_status, context_handle, - input_message_buffer, - output_message_buffer, - conf_state, qop_state)); + input_message_buffer, output_message_buffer, + conf_state, qop_state)); } /* EXPORT DELETE END */ @@ -1856,7 +1852,7 @@ arg.uid = (OM_uint32) uid; arg.cred_handle.GSS_CRED_ID_T_len = - cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle; arg.gssd_cred_verifier = gssd_cred_verifier; @@ -2019,7 +2015,7 @@ arg.uid = (OM_uint32) uid; arg.cred_handle.GSS_CRED_ID_T_len = - cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle; arg.gssd_cred_verifier = gssd_cred_verifier; @@ -2505,7 +2501,7 @@ switch (cmd) { case DDI_ATTACH: if (ddi_create_minor_node(dip, "gssd", S_IFCHR, 0, "gssd", 0) - == DDI_FAILURE) { + == DDI_FAILURE) { ddi_remove_minor_node(dip, NULL); return (DDI_FAILURE); } @@ -2651,7 +2647,7 @@ int status; if ((status = ddi_soft_state_init(&gssd_state, - sizeof (gssd_devstate_t), 1)) != 0) + sizeof (gssd_devstate_t), 1)) != 0) return (status); if ((status = mod_install((struct modlinkage *)&modlinkage)) != 0)
--- a/usr/src/uts/common/gssapi/gssd_clnt_stubs.c Wed Jun 22 12:54:00 2011 -0700 +++ b/usr/src/uts/common/gssapi/gssd_clnt_stubs.c Mon May 16 02:18:09 2011 +0100 @@ -376,8 +376,7 @@ arg.uid = (OM_uint32)uid; arg.input_cred_handle.GSS_CRED_ID_T_len = - input_cred_handle == - (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + input_cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.input_cred_handle.GSS_CRED_ID_T_val = (char *)&input_cred_handle; arg.gssd_cred_verifier = gssd_cred_verifier; @@ -496,8 +495,9 @@ if (input_cred_handle != GSS_C_NO_CREDENTIAL) { gssd_cred_verifier = KCRED_TO_CREDV(input_cred_handle); gssd_input_cred_handle = KCRED_TO_CRED(input_cred_handle); - } else - gssd_input_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL; + } else { + gssd_input_cred_handle = GSSD_NO_CREDENTIAL; + } err = kgss_add_cred_wrapped(minor_status, gssd_input_cred_handle, gssd_cred_verifier, desired_name, desired_mech_type, @@ -661,14 +661,14 @@ arg.uid = (OM_uint32)uid; arg.context_handle.GSS_CTX_ID_T_len = - *context_handle == (gssd_ctx_id_t)GSS_C_NO_CONTEXT ? + *context_handle == GSSD_NO_CONTEXT ? 0 : (uint_t)sizeof (gssd_ctx_id_t); arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle; arg.gssd_context_verifier = *gssd_context_verifier; arg.claimant_cred_handle.GSS_CRED_ID_T_len = - claimant_cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + claimant_cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.claimant_cred_handle.GSS_CRED_ID_T_val = (char *)&claimant_cred_handle; @@ -678,8 +678,7 @@ arg.target_name.GSS_BUFFER_T_val = (char *)external_name.value; arg.name_type.GSS_OID_len = - name_type == GSS_C_NULL_OID ? - 0 : (uint_t)name_type->length; + name_type == GSS_C_NULL_OID ? 0 : (uint_t)name_type->length; arg.name_type.GSS_OID_val = name_type == GSS_C_NULL_OID ? @@ -769,8 +768,7 @@ output_token->value = (void *)MALLOC(output_token->length); (void) memcpy(output_token->value, - res.output_token.GSS_BUFFER_T_val, - output_token->length); + res.output_token.GSS_BUFFER_T_val, output_token->length); } /* if the call was successful, copy out the results */ @@ -782,8 +780,7 @@ * status codes, output token and context handle. */ *context_handle = - *((gssd_ctx_id_t *) - res.context_handle.GSS_CTX_ID_T_val); + *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val); *gssd_context_verifier = res.gssd_context_verifier; if (res.status == GSS_S_COMPLETE) { @@ -791,13 +788,11 @@ *actual_mech_type = (gss_OID) MALLOC(sizeof (gss_OID_desc)); (*actual_mech_type)->length = - (OM_UINT32) - res.actual_mech_type.GSS_OID_len; + (OM_UINT32)res.actual_mech_type.GSS_OID_len; (*actual_mech_type)->elements = - (void *) - MALLOC((*actual_mech_type)->length); + (void *)MALLOC((*actual_mech_type)->length); (void) memcpy((*actual_mech_type)->elements, - (void *) res.actual_mech_type.GSS_OID_val, + (void *)res.actual_mech_type.GSS_OID_val, (*actual_mech_type)->length); } @@ -891,7 +886,7 @@ * upcalls to gssd. */ kctx->mech = &default_gc; - kctx->gssd_ctx = (gssd_ctx_id_t)GSS_C_NO_CONTEXT; + kctx->gssd_ctx = GSSD_NO_CONTEXT; *context_handle = (gss_ctx_id_t)kctx; } else kctx = (struct kgss_ctx *)*context_handle; @@ -899,8 +894,9 @@ if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) { gssd_cred_verifier = KCRED_TO_CREDV(claimant_cred_handle); gssd_cl_cred_handle = KCRED_TO_CRED(claimant_cred_handle); - } else - gssd_cl_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL; + } else { + gssd_cl_cred_handle = GSSD_NO_CREDENTIAL; + } /* * We need to know the resulting mechanism oid, so allocate @@ -973,25 +969,22 @@ arg.uid = (OM_uint32)uid; arg.context_handle.GSS_CTX_ID_T_len = - *context_handle == (gssd_ctx_id_t)GSS_C_NO_CONTEXT ? + *context_handle == GSSD_NO_CONTEXT ? 0 : (uint_t)sizeof (gssd_ctx_id_t); arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle; arg.gssd_context_verifier = *gssd_context_verifier; arg.verifier_cred_handle.GSS_CRED_ID_T_len = - verifier_cred_handle == - (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? + verifier_cred_handle == GSSD_NO_CREDENTIAL ? 0 : (uint_t)sizeof (gssd_cred_id_t); arg.verifier_cred_handle.GSS_CRED_ID_T_val = (char *)&verifier_cred_handle; arg.gssd_cred_verifier = gssd_cred_verifier; arg.input_token_buffer.GSS_BUFFER_T_len = - (uint_t)(input_token != GSS_C_NO_BUFFER ? - input_token->length : 0); + (uint_t)(input_token != GSS_C_NO_BUFFER ? input_token->length : 0); arg.input_token_buffer.GSS_BUFFER_T_val = - (char *)(input_token != GSS_C_NO_BUFFER ? - input_token->value : 0); + (char *)(input_token != GSS_C_NO_BUFFER ? input_token->value : 0); if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) { arg.input_chan_bindings.present = YES; @@ -1055,19 +1048,16 @@ *minor_status = res.minor_status; if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) { - output_token->length = - res.output_token.GSS_BUFFER_T_len; - output_token->value = - (void *) MALLOC(output_token->length); + output_token->length = res.output_token.GSS_BUFFER_T_len; + output_token->value = (void *)MALLOC(output_token->length); (void) memcpy(output_token->value, - res.output_token.GSS_BUFFER_T_val, - output_token->length); + res.output_token.GSS_BUFFER_T_val, output_token->length); } /* if the call was successful, copy out the results */ - if (res.status == (OM_uint32) GSS_S_COMPLETE || - res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) { + if (res.status == (OM_uint32)GSS_S_COMPLETE || + res.status == (OM_uint32)GSS_S_CONTINUE_NEEDED) { /* * the only parameters that are ready when we @@ -1080,7 +1070,7 @@ *gssd_context_verifier = res.gssd_context_verifier; /* these other parameters are only ready upon GSS_S_COMPLETE */ - if (res.status == (OM_uint32) GSS_S_COMPLETE) { + if (res.status == (OM_uint32)GSS_S_COMPLETE) { if (src_name != NULL) { src_name->length = @@ -1095,12 +1085,12 @@ * for gss_import_name_for_mech() */ if (mech_type != NULL) { - *mech_type = (gss_OID) - MALLOC(sizeof (gss_OID_desc)); + *mech_type = + (gss_OID)MALLOC(sizeof (gss_OID_desc)); (*mech_type)->length = - (OM_UINT32) res.mech_type.GSS_OID_len; + (OM_UINT32)res.mech_type.GSS_OID_len; (*mech_type)->elements = - (void *) MALLOC((*mech_type)->length); + (void *)MALLOC((*mech_type)->length); (void) memcpy((*mech_type)->elements, res.mech_type.GSS_OID_val, (*mech_type)->length); @@ -1116,8 +1106,9 @@ (res.delegated_cred_handle.GSS_CRED_ID_T_len != 0)) { kcred = KGSS_CRED_ALLOC(); - kcred->gssd_cred = *((gssd_cred_id_t *) - res.delegated_cred_handle.GSS_CRED_ID_T_val); + kcred->gssd_cred = + *((gssd_cred_id_t *) + res.delegated_cred_handle.GSS_CRED_ID_T_val); kcred->gssd_cred_verifier = res.gssd_context_verifier; *delegated_cred_handle = (gss_cred_id_t)kcred; @@ -1170,7 +1161,7 @@ if (*context_handle == GSS_C_NO_CONTEXT) { kctx = KGSS_ALLOC(); kctx->mech = &default_gc; - kctx->gssd_ctx = (gssd_ctx_id_t)GSS_C_NO_CONTEXT; + kctx->gssd_ctx = GSSD_NO_CONTEXT; *context_handle = (gss_ctx_id_t)kctx; } else kctx = (struct kgss_ctx *)*context_handle; @@ -1178,8 +1169,9 @@ if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) { gssd_cred_verifier = KCRED_TO_CREDV(verifier_cred_handle); gssd_ver_cred_handle = KCRED_TO_CRED(verifier_cred_handle); - } else - gssd_ver_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL; + } else { + gssd_ver_cred_handle = GSSD_NO_CREDENTIAL; + } err = kgss_accept_sec_context_wrapped(minor_status, &kctx->gssd_ctx, &kctx->gssd_ctx_verifier, @@ -1302,7 +1294,7 @@ /* copy the procedure arguments into the rpc arg parameter */ arg.context_handle.GSS_CTX_ID_T_len = - *context_handle == (gssd_ctx_id_t)GSS_C_NO_CONTEXT ? + *context_handle == GSSD_NO_CONTEXT ? 0 : (uint_t)sizeof (gssd_ctx_id_t); arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle; @@ -1375,7 +1367,7 @@ kctx = (struct kgss_ctx *)*context_handle; if (kctx->ctx_imported == FALSE) { - if (kctx->gssd_ctx == (gssd_ctx_id_t)GSS_C_NO_CONTEXT) { + if (kctx->gssd_ctx == GSSD_NO_CONTEXT) { KGSS_FREE(kctx); *context_handle = GSS_C_NO_CONTEXT; return (GSS_S_COMPLETE); @@ -1551,7 +1543,7 @@ gss_ctx_id_t internal_ctx_id; kctx = (struct kgss_ctx *)context_handle; - if (kctx->gssd_ctx != (gssd_ctx_id_t)GSS_C_NO_CONTEXT) { + if (kctx->gssd_ctx != GSSD_NO_CONTEXT) { return (GSS_S_FAILURE); } @@ -1794,9 +1786,7 @@ if (context_handle == GSS_C_NO_CONTEXT) return (GSS_S_FAILURE); return (KGSS_VERIFY(minor_status, context_handle, - message_buffer, - token_buffer, - qop_state)); + message_buffer, token_buffer, qop_state)); } /* EXPORT DELETE START */ @@ -2256,8 +2246,8 @@ arg.uid = (OM_uint32) uid; arg.cred_handle.GSS_CRED_ID_T_len = - cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? - 0 : (uint_t)sizeof (gssd_cred_id_t); + cred_handle == GSSD_NO_CREDENTIAL ? + 0 : (uint_t)sizeof (gssd_cred_id_t); arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle; arg.gssd_cred_verifier = gssd_cred_verifier; @@ -2408,8 +2398,8 @@ arg.uid = (OM_uint32) uid; arg.cred_handle.GSS_CRED_ID_T_len = - cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ? - 0 : (uint_t)sizeof (gssd_cred_id_t); + cred_handle == GSSD_NO_CREDENTIAL ? + 0 : (uint_t)sizeof (gssd_cred_id_t); arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle; arg.gssd_cred_verifier = gssd_cred_verifier;
--- a/usr/src/uts/common/gssapi/include/mechglueP.h Wed Jun 22 12:54:00 2011 -0700 +++ b/usr/src/uts/common/gssapi/include/mechglueP.h Mon May 16 02:18:09 2011 +0100 @@ -727,6 +727,9 @@ typedef unsigned int gssd_ctx_id_t; typedef unsigned int gssd_cred_id_t; +#define GSSD_NO_CONTEXT ((gssd_ctx_id_t)0) +#define GSSD_NO_CREDENTIAL ((gssd_cred_id_t)0) + #ifdef _KERNEL #ifndef _KRB5_H