Add missing patch using separate locks per connection for GSSAPI
This commit is contained in:
parent
7a8d455bed
commit
37a8888128
699
cyrus-sasl-2.1.26-gssapi-lock.patch
Normal file
699
cyrus-sasl-2.1.26-gssapi-lock.patch
Normal file
@ -0,0 +1,699 @@
|
|||||||
|
From 4a64c00dba4d35cadc71242f9f81336f46f72009 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 4 Dec 2015 17:59:26 +0100
|
||||||
|
Subject: [PATCH] GSSAPI: Use per-connection mutex where possible
|
||||||
|
|
||||||
|
Original patch from Alexander Bokovoy <abokovoy@redhat.com>
|
||||||
|
---
|
||||||
|
plugins/gssapi.c | 225 +++++++++++++++++++++++++++++++------------------------
|
||||||
|
1 file changed, 126 insertions(+), 99 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/plugins/gssapi.c b/plugins/gssapi.c
|
||||||
|
index 60cc38c..50e1217 100644
|
||||||
|
--- a/plugins/gssapi.c
|
||||||
|
+++ b/plugins/gssapi.c
|
||||||
|
@@ -126,20 +126,29 @@ extern gss_OID gss_nt_service_name;
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef GSS_USE_MUTEXES
|
||||||
|
-#define GSS_LOCK_MUTEX(utils) \
|
||||||
|
- if(((sasl_utils_t *)(utils))->mutex_lock(gss_mutex) != 0) { \
|
||||||
|
+#define GSS_LOCK_MUTEX_EXT(utils, mutex) \
|
||||||
|
+ if(((sasl_utils_t *)(utils))->mutex_lock(mutex) != 0) { \
|
||||||
|
return SASL_FAIL; \
|
||||||
|
}
|
||||||
|
|
||||||
|
-#define GSS_UNLOCK_MUTEX(utils) \
|
||||||
|
- if(((sasl_utils_t *)(utils))->mutex_unlock(gss_mutex) != 0) { \
|
||||||
|
+#define GSS_UNLOCK_MUTEX_EXT(utils, mutex) \
|
||||||
|
+ if(((sasl_utils_t *)(utils))->mutex_unlock(mutex) != 0) { \
|
||||||
|
return SASL_FAIL; \
|
||||||
|
}
|
||||||
|
|
||||||
|
+#define GSS_LOCK_MUTEX(utils) GSS_LOCK_MUTEX_EXT(utils, gss_mutex)
|
||||||
|
+#define GSS_UNLOCK_MUTEX(utils) GSS_UNLOCK_MUTEX_EXT(utils, gss_mutex)
|
||||||
|
+
|
||||||
|
+#define GSS_LOCK_MUTEX_CTX(utils, ctx) GSS_LOCK_MUTEX_EXT(utils, (ctx)->ctx_mutex)
|
||||||
|
+#define GSS_UNLOCK_MUTEX_CTX(utils, ctx) GSS_UNLOCK_MUTEX_EXT(utils, (ctx)->ctx_mutex)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static void *gss_mutex = NULL;
|
||||||
|
#else
|
||||||
|
#define GSS_LOCK_MUTEX(utils)
|
||||||
|
#define GSS_UNLOCK_MUTEX(utils)
|
||||||
|
+#define GSS_LOCK_MUTEX_CTX(utils, ctx)
|
||||||
|
+#define GSS_UNLOCK_MUTEX_CTX(utils, ctx)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
typedef struct context {
|
||||||
|
@@ -176,6 +185,7 @@ typedef struct context {
|
||||||
|
|
||||||
|
char *authid; /* hold the authid between steps - server */
|
||||||
|
const char *user; /* hold the userid between steps - client */
|
||||||
|
+ void *ctx_mutex; /* A per-context mutex */
|
||||||
|
} context_t;
|
||||||
|
|
||||||
|
enum {
|
||||||
|
@@ -355,7 +365,7 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov,
|
||||||
|
output_token->value = NULL;
|
||||||
|
output_token->length = 0;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
maj_stat = gss_wrap (&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
privacy,
|
||||||
|
@@ -363,14 +373,14 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov,
|
||||||
|
input_token,
|
||||||
|
NULL,
|
||||||
|
output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
}
|
||||||
|
return SASL_FAIL;
|
||||||
|
}
|
||||||
|
@@ -384,9 +394,9 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov,
|
||||||
|
output_token->length + 4);
|
||||||
|
|
||||||
|
if (ret != SASL_OK) {
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -407,9 +417,9 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov,
|
||||||
|
*output = text->encode_buf;
|
||||||
|
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
}
|
||||||
|
|
||||||
|
return SASL_OK;
|
||||||
|
@@ -455,21 +465,21 @@ gssapi_decode_packet(void *context,
|
||||||
|
output_token->value = NULL;
|
||||||
|
output_token->length = 0;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
maj_stat = gss_unwrap (&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
input_token,
|
||||||
|
output_token,
|
||||||
|
NULL,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils,maj_stat,min_stat);
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
}
|
||||||
|
return SASL_FAIL;
|
||||||
|
}
|
||||||
|
@@ -484,17 +494,17 @@ gssapi_decode_packet(void *context,
|
||||||
|
&text->decode_once_buf_len,
|
||||||
|
*outputlen);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
*output = text->decode_once_buf;
|
||||||
|
memcpy(*output, output_token->value, *outputlen);
|
||||||
|
}
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
}
|
||||||
|
|
||||||
|
return SASL_OK;
|
||||||
|
@@ -525,7 +535,14 @@ static context_t *sasl_gss_new_context(const sasl_utils_t *utils)
|
||||||
|
|
||||||
|
memset(ret,0,sizeof(context_t));
|
||||||
|
ret->utils = utils;
|
||||||
|
-
|
||||||
|
+#ifdef GSS_USE_MUTEXES
|
||||||
|
+ ret->ctx_mutex = utils->mutex_alloc();
|
||||||
|
+ if (!ret->ctx_mutex) {
|
||||||
|
+ utils->free(ret);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -535,7 +552,11 @@ static int sasl_gss_free_context_contents(context_t *text)
|
||||||
|
|
||||||
|
if (!text) return SASL_OK;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(text->utils);
|
||||||
|
+#ifdef GSS_USE_MUTEXES
|
||||||
|
+ if (text->ctx_mutex) {
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (text->gss_ctx != GSS_C_NO_CONTEXT) {
|
||||||
|
maj_stat = gss_delete_sec_context(&min_stat,&text->gss_ctx,
|
||||||
|
@@ -563,8 +584,6 @@ static int sasl_gss_free_context_contents(context_t *text)
|
||||||
|
text->client_creds = GSS_C_NO_CREDENTIAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_UNLOCK_MUTEX(text->utils);
|
||||||
|
-
|
||||||
|
if (text->out_buf) {
|
||||||
|
text->utils->free(text->out_buf);
|
||||||
|
text->out_buf = NULL;
|
||||||
|
@@ -598,6 +617,14 @@ static int sasl_gss_free_context_contents(context_t *text)
|
||||||
|
text->authid = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef GSS_USE_MUTEXES
|
||||||
|
+ if (text->ctx_mutex) {
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(text->utils, text);
|
||||||
|
+ text->utils->mutex_free(text->ctx_mutex);
|
||||||
|
+ text->ctx_mutex = NULL;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return SASL_OK;
|
||||||
|
|
||||||
|
}
|
||||||
|
@@ -692,12 +719,12 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
}
|
||||||
|
sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN);
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_import_name (&min_stat,
|
||||||
|
&name_token,
|
||||||
|
GSS_C_NT_HOSTBASED_SERVICE,
|
||||||
|
&text->server_name);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
params->utils->free(name_token.value);
|
||||||
|
name_token.value = NULL;
|
||||||
|
@@ -709,15 +736,15 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_release_cred(&min_stat, &text->server_creds);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
text->server_creds = GSS_C_NO_CREDENTIAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If caller didn't provide creds already */
|
||||||
|
if ( server_creds == GSS_C_NO_CREDENTIAL) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_acquire_cred(&min_stat,
|
||||||
|
text->server_name,
|
||||||
|
GSS_C_INDEFINITE,
|
||||||
|
@@ -726,7 +753,7 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
&text->server_creds,
|
||||||
|
NULL,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
@@ -743,7 +770,7 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat =
|
||||||
|
gss_accept_sec_context(&min_stat,
|
||||||
|
&(text->gss_ctx),
|
||||||
|
@@ -756,15 +783,15 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
&out_flags,
|
||||||
|
NULL, /* context validity period */
|
||||||
|
&(text->client_creds));
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_log(text->utils, maj_stat, min_stat);
|
||||||
|
text->utils->seterror(text->utils->conn, SASL_NOLOG, "GSSAPI Failure: gss_accept_sec_context");
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_BADAUTH;
|
||||||
|
@@ -778,18 +805,18 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
ret = _plug_buf_alloc(text->utils, &(text->out_buf),
|
||||||
|
&(text->out_buf_len), *serveroutlen);
|
||||||
|
if(ret != SASL_OK) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
memcpy(text->out_buf, output_token->value, *serveroutlen);
|
||||||
|
*serverout = text->out_buf;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
} else {
|
||||||
|
/* No output token, send an empty string */
|
||||||
|
*serverout = GSSAPI_BLANK_STRING;
|
||||||
|
@@ -832,12 +859,12 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
/* continue with authentication */
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_canonicalize_name(&min_stat,
|
||||||
|
text->client_name,
|
||||||
|
mech_type,
|
||||||
|
&client_name_MN);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
SETERROR(text->utils, "GSSAPI Failure: gss_canonicalize_name");
|
||||||
|
@@ -848,12 +875,12 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
name_token.value = NULL;
|
||||||
|
name_without_realm.value = NULL;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_display_name (&min_stat,
|
||||||
|
client_name_MN,
|
||||||
|
&name_token,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
SETERROR(text->utils, "GSSAPI Failure: gss_display_name");
|
||||||
|
@@ -883,7 +910,7 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
|
||||||
|
name_without_realm.length = strlen( (char *) name_without_realm.value );
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_import_name (&min_stat,
|
||||||
|
&name_without_realm,
|
||||||
|
/* Solaris 8/9 gss_import_name doesn't accept GSS_C_NULL_OID here,
|
||||||
|
@@ -894,7 +921,7 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
GSS_C_NULL_OID,
|
||||||
|
#endif
|
||||||
|
&without);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
SETERROR(text->utils, "GSSAPI Failure: gss_import_name");
|
||||||
|
@@ -903,12 +930,12 @@ gssapi_server_mech_authneg(context_t *text,
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_compare_name(&min_stat,
|
||||||
|
client_name_MN,
|
||||||
|
without,
|
||||||
|
&equal);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
SETERROR(text->utils, "GSSAPI Failure: gss_compare_name");
|
||||||
|
@@ -1059,7 +1086,7 @@ gssapi_server_mech_ssfcap(context_t *text,
|
||||||
|
real_input_token.value = (void *)sasldata;
|
||||||
|
real_input_token.length = 4;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_wrap(&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
0, /* Just integrity checking here */
|
||||||
|
@@ -1067,14 +1094,14 @@ gssapi_server_mech_ssfcap(context_t *text,
|
||||||
|
input_token,
|
||||||
|
NULL,
|
||||||
|
output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
@@ -1088,18 +1115,18 @@ gssapi_server_mech_ssfcap(context_t *text,
|
||||||
|
ret = _plug_buf_alloc(text->utils, &(text->out_buf),
|
||||||
|
&(text->out_buf_len), *serveroutlen);
|
||||||
|
if(ret != SASL_OK) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
memcpy(text->out_buf, output_token->value, *serveroutlen);
|
||||||
|
*serverout = text->out_buf;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Wait for ssf request and authid */
|
||||||
|
@@ -1130,14 +1157,14 @@ gssapi_server_mech_ssfreq(context_t *text,
|
||||||
|
real_input_token.value = (void *)clientin;
|
||||||
|
real_input_token.length = clientinlen;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_unwrap(&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
input_token,
|
||||||
|
output_token,
|
||||||
|
NULL,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
@@ -1148,9 +1175,9 @@ gssapi_server_mech_ssfreq(context_t *text,
|
||||||
|
if (output_token->length < 4) {
|
||||||
|
SETERROR(text->utils,
|
||||||
|
"token too short");
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
}
|
||||||
|
@@ -1181,9 +1208,9 @@ gssapi_server_mech_ssfreq(context_t *text,
|
||||||
|
/* Mark that we attempted negotiation */
|
||||||
|
oparams->mech_ssf = 2;
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
@@ -1227,9 +1254,9 @@ gssapi_server_mech_ssfreq(context_t *text,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
text->state = SASL_GSSAPI_STATE_AUTHENTICATED;
|
||||||
|
|
||||||
|
@@ -1553,12 +1580,12 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
|
||||||
|
sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN);
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_import_name (&min_stat,
|
||||||
|
&name_token,
|
||||||
|
GSS_C_NT_HOSTBASED_SERVICE,
|
||||||
|
&text->server_name);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
params->utils->free(name_token.value);
|
||||||
|
name_token.value = NULL;
|
||||||
|
@@ -1582,9 +1609,9 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
* and no input from the server. However, thanks to Imap,
|
||||||
|
* which discards our first output, this happens all the time.
|
||||||
|
* Throw away the context and try again. */
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_delete_sec_context (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
text->gss_ctx = GSS_C_NO_CONTEXT;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1606,7 +1633,7 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
req_flags = req_flags | GSS_C_DELEG_FLAG;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_init_sec_context(&min_stat,
|
||||||
|
client_creds, /* GSS_C_NO_CREDENTIAL */
|
||||||
|
&text->gss_ctx,
|
||||||
|
@@ -1620,14 +1647,14 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
output_token,
|
||||||
|
&out_req_flags,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
@@ -1658,22 +1685,22 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
ret = _plug_buf_alloc(text->utils, &(text->out_buf),
|
||||||
|
&(text->out_buf_len), *clientoutlen);
|
||||||
|
if(ret != SASL_OK) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
memcpy(text->out_buf, output_token->value, *clientoutlen);
|
||||||
|
*clientout = text->out_buf;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (maj_stat == GSS_S_COMPLETE) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_inquire_context(&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
&text->client_name,
|
||||||
|
@@ -1684,7 +1711,7 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
NULL, /* flags */
|
||||||
|
NULL, /* local init */
|
||||||
|
NULL); /* open */
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
@@ -1693,18 +1720,18 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
}
|
||||||
|
|
||||||
|
name_token.length = 0;
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_display_name(&min_stat,
|
||||||
|
text->client_name,
|
||||||
|
&name_token,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
if (name_token.value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, &name_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
SETERROR(text->utils, "GSSAPI Failure");
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
@@ -1725,9 +1752,9 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
SASL_CU_AUTHID | SASL_CU_AUTHZID,
|
||||||
|
oparams);
|
||||||
|
}
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, &name_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (ret != SASL_OK) return ret;
|
||||||
|
|
||||||
|
@@ -1753,32 +1780,32 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
real_input_token.value = (void *) serverin;
|
||||||
|
real_input_token.length = serverinlen;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_unwrap(&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
input_token,
|
||||||
|
output_token,
|
||||||
|
NULL,
|
||||||
|
NULL);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
- sasl_gss_free_context_contents(text);
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
+ sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (output_token->length != 4) {
|
||||||
|
SETERROR(text->utils,
|
||||||
|
(output_token->length < 4) ? "token too short" : "token too long");
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
}
|
||||||
|
@@ -1879,9 +1906,9 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
/* oparams->user is always set, due to canon_user requirements.
|
||||||
|
* Make sure the client actually requested it though, by checking
|
||||||
|
@@ -1927,7 +1954,7 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
}
|
||||||
|
((unsigned char *)input_token->value)[0] = mychoice;
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
maj_stat = gss_wrap (&min_stat,
|
||||||
|
text->gss_ctx,
|
||||||
|
0, /* Just integrity checking here */
|
||||||
|
@@ -1935,7 +1962,7 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
input_token,
|
||||||
|
NULL,
|
||||||
|
output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
params->utils->free(input_token->value);
|
||||||
|
input_token->value = NULL;
|
||||||
|
@@ -1943,9 +1970,9 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
if (GSS_ERROR(maj_stat)) {
|
||||||
|
sasl_gss_seterror(text->utils, maj_stat, min_stat);
|
||||||
|
if (output_token->value) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
}
|
||||||
|
sasl_gss_free_context_contents(text);
|
||||||
|
return SASL_FAIL;
|
||||||
|
@@ -1961,18 +1988,18 @@ static int gssapi_client_mech_step(void *conn_context,
|
||||||
|
&(text->out_buf_len),
|
||||||
|
*clientoutlen);
|
||||||
|
if (ret != SASL_OK) {
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
memcpy(text->out_buf, output_token->value, *clientoutlen);
|
||||||
|
*clientout = text->out_buf;
|
||||||
|
}
|
||||||
|
|
||||||
|
- GSS_LOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
gss_release_buffer(&min_stat, output_token);
|
||||||
|
- GSS_UNLOCK_MUTEX(params->utils);
|
||||||
|
+ GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -158,9 +158,9 @@ index 3050962..348debe 100644
|
|||||||
- }
|
- }
|
||||||
- }
|
- }
|
||||||
-
|
-
|
||||||
GSS_LOCK_MUTEX(params->utils);
|
GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
gss_release_buffer(&min_stat, output_token);
|
gss_release_buffer(&min_stat, output_token);
|
||||||
GSS_UNLOCK_MUTEX(params->utils);
|
GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
|
|
||||||
+ if (oparams->mech_ssf) {
|
+ if (oparams->mech_ssf) {
|
||||||
+ int ret;
|
+ int ret;
|
||||||
@ -204,9 +204,9 @@ index 3050962..348debe 100644
|
|||||||
- }
|
- }
|
||||||
- }
|
- }
|
||||||
-
|
-
|
||||||
GSS_LOCK_MUTEX(params->utils);
|
GSS_LOCK_MUTEX_CTX(params->utils, text);
|
||||||
gss_release_buffer(&min_stat, output_token);
|
gss_release_buffer(&min_stat, output_token);
|
||||||
GSS_UNLOCK_MUTEX(params->utils);
|
GSS_UNLOCK_MUTEX_CTX(params->utils, text);
|
||||||
-
|
-
|
||||||
+
|
+
|
||||||
+ if (oparams->mech_ssf) {
|
+ if (oparams->mech_ssf) {
|
||||||
|
@ -63,8 +63,10 @@ Patch56: cyrus-sasl-2.1.26-user-specified-logging.patch
|
|||||||
Patch57: cyrus-sasl-2.1.27-openssl-1.1.0.patch
|
Patch57: cyrus-sasl-2.1.27-openssl-1.1.0.patch
|
||||||
# Fix support for GSS SPNEGO to be compatible with windows (#1421663)
|
# Fix support for GSS SPNEGO to be compatible with windows (#1421663)
|
||||||
Patch58: cyrus-sasl-2.1.26-gss-spnego.patch
|
Patch58: cyrus-sasl-2.1.26-gss-spnego.patch
|
||||||
|
# Use per-connection mutex where possible
|
||||||
|
Patch59: cyrus-sasl-2.1.26-gssapi-lock.patch
|
||||||
# Allow cyrus sasl to get the ssf from gssapi #429
|
# Allow cyrus sasl to get the ssf from gssapi #429
|
||||||
Patch59: cyrus-sasl-2.1.26-ssf-from-gssapi.patch
|
Patch60: cyrus-sasl-2.1.26-ssf-from-gssapi.patch
|
||||||
|
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||||
@ -215,7 +217,8 @@ chmod -x include/*.h
|
|||||||
%patch56 -p1 -b .too-much-logging
|
%patch56 -p1 -b .too-much-logging
|
||||||
%patch57 -p1 -b .openssl110
|
%patch57 -p1 -b .openssl110
|
||||||
%patch58 -p1 -b .spnego
|
%patch58 -p1 -b .spnego
|
||||||
%patch59 -p1 -b .ssf-gssapi
|
%patch59 -p1 -b .mutex
|
||||||
|
%patch60 -p1 -b .ssf-gssapi
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
Loading…
Reference in New Issue
Block a user