Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
dotNET Platform
runtime
提交
eeb0c155
R
runtime
项目概览
dotNET Platform
/
runtime
大约 1 年 前同步成功
通知
1
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
runtime
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
eeb0c155
编写于
6月 15, 2022
作者:
T
Tomas Weinfurt
提交者:
GitHub
6月 14, 2022
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Revert "Fix usage of GSS_KRB5_CRED_NO_CI_FLAGS_X (#70447)" (#70747)
This reverts commit
84f7cad0
.
上级
344c7922
变更
2
显示空白变更内容
内联
并排
Showing
2 changed file
with
15 addition
and
68 deletion
+15
-68
src/native/libs/System.Net.Security.Native/pal_gssapi.c
src/native/libs/System.Net.Security.Native/pal_gssapi.c
+15
-55
src/native/libs/configure.cmake
src/native/libs/configure.cmake
+0
-13
未找到文件。
src/native/libs/System.Net.Security.Native/pal_gssapi.c
浏览文件 @
eeb0c155
...
...
@@ -58,21 +58,7 @@ static gss_OID_desc gss_mech_ntlm_OID_desc = {.length = STRING_LENGTH(gss_ntlm_o
#if defined(GSS_SHIM)
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
#define FOR_ALL_OPTIONAL_GSS_FUNCTIONS \
PER_FUNCTION_BLOCK(gss_set_cred_option) \
PER_FUNCTION_BLOCK(GSS_KRB5_CRED_NO_CI_FLAGS_X)
#define GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE (gss_set_cred_option_ptr != NULL && GSS_KRB5_CRED_NO_CI_FLAGS_X_ptr != NULL)
#else
#define FOR_ALL_OPTIONAL_GSS_FUNCTIONS
#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
#define FOR_ALL_REQUIRED_GSS_FUNCTIONS \
#define FOR_ALL_GSS_FUNCTIONS \
PER_FUNCTION_BLOCK(gss_accept_sec_context) \
PER_FUNCTION_BLOCK(gss_acquire_cred) \
PER_FUNCTION_BLOCK(gss_acquire_cred_with_password) \
...
...
@@ -92,11 +78,14 @@ static gss_OID_desc gss_mech_ntlm_OID_desc = {.length = STRING_LENGTH(gss_ntlm_o
PER_FUNCTION_BLOCK(gss_unwrap) \
PER_FUNCTION_BLOCK(gss_wrap) \
PER_FUNCTION_BLOCK(GSS_C_NT_USER_NAME) \
PER_FUNCTION_BLOCK(GSS_C_NT_HOSTBASED_SERVICE)
\
PER_FUNCTION_BLOCK(GSS_C_NT_HOSTBASED_SERVICE)
#define FOR_ALL_GSS_FUNCTIONS \
FOR_ALL_REQUIRED_GSS_FUNCTIONS \
FOR_ALL_OPTIONAL_GSS_FUNCTIONS
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
#define FOR_ALL_GSS_FUNCTIONS FOR_ALL_GSS_FUNCTIONS \
PER_FUNCTION_BLOCK(gss_set_cred_option)
#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
// define indirection pointers for all functions, like
// static TYPEOF(gss_accept_sec_context)* gss_accept_sec_context_ptr;
...
...
@@ -129,7 +118,6 @@ static void* volatile s_gssLib = NULL;
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
#define gss_set_cred_option(...) gss_set_cred_option_ptr(__VA_ARGS__)
#define GSS_KRB5_CRED_NO_CI_FLAGS_X (*GSS_KRB5_CRED_NO_CI_FLAGS_X_ptr)
#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
...
...
@@ -150,27 +138,19 @@ static int32_t ensure_gss_shim_initialized()
dlclose
(
lib
);
}
// initialize indirection pointers for all
required
functions, like:
// initialize indirection pointers for all functions, like:
// gss_accept_sec_context_ptr = (TYPEOF(gss_accept_sec_context)*)dlsym(s_gssLib, "gss_accept_sec_context");
// if (gss_accept_sec_context_ptr == NULL) { fprintf(stderr, "Cannot get symbol %s from %s \nError: %s\n", "gss_accept_sec_context", gss_lib_name, dlerror()); return -1; }
#define PER_FUNCTION_BLOCK(fn) \
fn##_ptr = (TYPEOF(fn)*)dlsym(s_gssLib, #fn); \
if (fn##_ptr == NULL) { fprintf(stderr, "Cannot get symbol " #fn " from %s \nError: %s\n", gss_lib_name, dlerror()); return -1; }
FOR_ALL_REQUIRED_GSS_FUNCTIONS
#undef PER_FUNCTION_BLOCK
// for optional functions skip the error check
#define PER_FUNCTION_BLOCK(fn) \
fn##_ptr = (TYPEOF(fn)*)dlsym(s_gssLib, #fn);
FOR_ALL_OPTIONAL_GSS_FUNCTIONS
FOR_ALL_GSS_FUNCTIONS
#undef PER_FUNCTION_BLOCK
return
0
;
}
#else // GSS_SHIM
#define GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE 1
#endif // GSS_SHIM
// transfers ownership of the underlying data from gssBuffer to PAL_GssBuffer
...
...
@@ -203,20 +183,10 @@ static uint32_t AcquireCredSpNego(uint32_t* minorStatus,
// call gss_set_cred_option with GSS_KRB5_CRED_NO_CI_FLAGS_X to support Kerberos Sign Only option from *nix client against a windows server
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
if
(
majorStatus
==
GSS_S_COMPLETE
&&
GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE
)
if
(
majorStatus
==
GSS_S_COMPLETE
)
{
GssBuffer
emptyBuffer
=
GSS_C_EMPTY_BUFFER
;
uint32_t
tempMinorStatus
;
majorStatus
=
gss_set_cred_option
(
&
tempMinorStatus
,
outputCredHandle
,
GSS_KRB5_CRED_NO_CI_FLAGS_X
,
&
emptyBuffer
);
if
(
majorStatus
==
GSS_S_UNAVAILABLE
||
majorStatus
==
GSS_S_COMPLETE
)
{
// preserve the original majorStatus/minorStatus from gss_acquire_cred
majorStatus
=
GSS_S_COMPLETE
;
}
else
{
*
minorStatus
=
tempMinorStatus
;
}
majorStatus
=
gss_set_cred_option
(
minorStatus
,
outputCredHandle
,
GSS_KRB5_CRED_NO_CI_FLAGS_X
,
&
emptyBuffer
);
}
#endif
...
...
@@ -636,20 +606,10 @@ static uint32_t AcquireCredWithPassword(uint32_t* minorStatus,
// call gss_set_cred_option with GSS_KRB5_CRED_NO_CI_FLAGS_X to support Kerberos Sign Only option from *nix client against a windows server
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
if
(
!
isNtlm
&&
majorStatus
==
GSS_S_COMPLETE
&&
GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABL
E
)
if
(
majorStatus
==
GSS_S_COMPLET
E
)
{
GssBuffer
emptyBuffer
=
GSS_C_EMPTY_BUFFER
;
uint32_t
tempMinorStatus
;
majorStatus
=
gss_set_cred_option
(
&
tempMinorStatus
,
outputCredHandle
,
GSS_KRB5_CRED_NO_CI_FLAGS_X
,
&
emptyBuffer
);
if
(
majorStatus
==
GSS_S_UNAVAILABLE
||
majorStatus
==
GSS_S_COMPLETE
)
{
// preserve the original majorStatus/minorStatus from gss_acquire_cred_with_password
majorStatus
=
GSS_S_COMPLETE
;
}
else
{
*
minorStatus
=
tempMinorStatus
;
}
majorStatus
=
gss_set_cred_option
(
minorStatus
,
outputCredHandle
,
GSS_KRB5_CRED_NO_CI_FLAGS_X
,
&
emptyBuffer
);
}
#endif
...
...
src/native/libs/configure.cmake
浏览文件 @
eeb0c155
...
...
@@ -1030,17 +1030,6 @@ check_include_files(
GSS/GSS.h
HAVE_GSSFW_HEADERS
)
if
(
HAVE_GSSFW_HEADERS
)
find_library
(
LIBGSS NAMES GSS
)
elseif
(
HAVE_HEIMDAL_HEADERS
)
find_library
(
LIBGSS NAMES gssapi
)
else
()
find_library
(
LIBGSS NAMES gssapi_krb5
)
endif
()
set
(
PREVIOUS_CMAKE_REQUIRED_LIBRARIES
${
CMAKE_REQUIRED_LIBRARIES
}
)
set
(
CMAKE_REQUIRED_LIBRARIES
${
LIBGSS
}
)
if
(
HAVE_GSSFW_HEADERS
)
check_symbol_exists
(
GSS_SPNEGO_MECHANISM
...
...
@@ -1065,8 +1054,6 @@ else ()
HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
)
endif
()
set
(
CMAKE_REQUIRED_LIBRARIES
${
PREVIOUS_CMAKE_REQUIRED_LIBRARIES
}
)
check_symbol_exists
(
getauxval sys/auxv.h HAVE_GETAUXVAL
)
check_include_files
(
crt_externs.h HAVE_CRT_EXTERNS_H
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录