Revert "Fix usage of GSS_KRB5_CRED_NO_CI_FLAGS_X (#70447)" (#70747)

This reverts commit 84f7cad.
dotnet · Jun 15, 2022 · eeb0c15 · eeb0c15
1 parent 344c792
commit eeb0c15
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 68 deletions.
diff --git a/src/native/libs/System.Net.Security.Native/pal_gssapi.c b/src/native/libs/System.Net.Security.Native/pal_gssapi.c
@@ -58,21 +58,7 @@ static gss_OID_desc gss_mech_ntlm_OID_desc = {.length = STRING_LENGTH(gss_ntlm_o
 
 #if defined(GSS_SHIM)
 
-#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
-
-#define FOR_ALL_OPTIONAL_GSS_FUNCTIONS \
- PER_FUNCTION_BLOCK(gss_set_cred_option) \
- PER_FUNCTION_BLOCK(GSS_KRB5_CRED_NO_CI_FLAGS_X)
-
-#define GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE (gss_set_cred_option_ptr != NULL && GSS_KRB5_CRED_NO_CI_FLAGS_X_ptr != NULL)
-
-#else
-
-#define FOR_ALL_OPTIONAL_GSS_FUNCTIONS
-
-#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
-
-#define FOR_ALL_REQUIRED_GSS_FUNCTIONS \
+#define FOR_ALL_GSS_FUNCTIONS \
  PER_FUNCTION_BLOCK(gss_accept_sec_context) \
  PER_FUNCTION_BLOCK(gss_acquire_cred) \
  PER_FUNCTION_BLOCK(gss_acquire_cred_with_password) \
@@ -92,11 +78,14 @@ static gss_OID_desc gss_mech_ntlm_OID_desc = {.length = STRING_LENGTH(gss_ntlm_o
  PER_FUNCTION_BLOCK(gss_unwrap) \
  PER_FUNCTION_BLOCK(gss_wrap) \
  PER_FUNCTION_BLOCK(GSS_C_NT_USER_NAME) \
- PER_FUNCTION_BLOCK(GSS_C_NT_HOSTBASED_SERVICE) \
+ PER_FUNCTION_BLOCK(GSS_C_NT_HOSTBASED_SERVICE)
 
-#define FOR_ALL_GSS_FUNCTIONS \
- FOR_ALL_REQUIRED_GSS_FUNCTIONS \
- FOR_ALL_OPTIONAL_GSS_FUNCTIONS
+#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
+
+#define FOR_ALL_GSS_FUNCTIONS FOR_ALL_GSS_FUNCTIONS \
+ PER_FUNCTION_BLOCK(gss_set_cred_option)
+
+#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
 
 // define indirection pointers for all functions, like
 // static TYPEOF(gss_accept_sec_context)* gss_accept_sec_context_ptr;
@@ -129,7 +118,6 @@ static void* volatile s_gssLib = NULL;
 
 #if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
 #define gss_set_cred_option(...) gss_set_cred_option_ptr(__VA_ARGS__)
-#define GSS_KRB5_CRED_NO_CI_FLAGS_X (*GSS_KRB5_CRED_NO_CI_FLAGS_X_ptr)
 #endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
 
 
@@ -150,27 +138,19 @@ static int32_t ensure_gss_shim_initialized()
  dlclose(lib);
  }
 
- // initialize indirection pointers for all required functions, like:
+ // initialize indirection pointers for all functions, like:
  // gss_accept_sec_context_ptr = (TYPEOF(gss_accept_sec_context)*)dlsym(s_gssLib, "gss_accept_sec_context");
  // if (gss_accept_sec_context_ptr == NULL) { fprintf(stderr, "Cannot get symbol %s from %s \nError: %s\n", "gss_accept_sec_context", gss_lib_name, dlerror()); return -1; }
 #define PER_FUNCTION_BLOCK(fn) \
  fn##_ptr = (TYPEOF(fn)*)dlsym(s_gssLib, #fn); \
  if (fn##_ptr == NULL) { fprintf(stderr, "Cannot get symbol " #fn " from %s \nError: %s\n", gss_lib_name, dlerror()); return -1; }
-FOR_ALL_REQUIRED_GSS_FUNCTIONS
-#undef PER_FUNCTION_BLOCK
- // for optional functions skip the error check
-#define PER_FUNCTION_BLOCK(fn) \
- fn##_ptr = (TYPEOF(fn)*)dlsym(s_gssLib, #fn);
-FOR_ALL_OPTIONAL_GSS_FUNCTIONS
+
+ FOR_ALL_GSS_FUNCTIONS
 #undef PER_FUNCTION_BLOCK
 
  return 0;
 }
 
-#else // GSS_SHIM
-
-#define GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE 1
-
 #endif // GSS_SHIM
 
 // transfers ownership of the underlying data from gssBuffer to PAL_GssBuffer
@@ -203,20 +183,10 @@ static uint32_t AcquireCredSpNego(uint32_t* minorStatus,
 
  // call gss_set_cred_option with GSS_KRB5_CRED_NO_CI_FLAGS_X to support Kerberos Sign Only option from *nix client against a windows server
 #if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
- if (majorStatus == GSS_S_COMPLETE && GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE)
+ if (majorStatus == GSS_S_COMPLETE)
  {
  GssBuffer emptyBuffer = GSS_C_EMPTY_BUFFER;
- uint32_t tempMinorStatus;
- majorStatus = gss_set_cred_option(&tempMinorStatus, outputCredHandle, GSS_KRB5_CRED_NO_CI_FLAGS_X, &emptyBuffer);
- if (majorStatus == GSS_S_UNAVAILABLE || majorStatus == GSS_S_COMPLETE)
- {
- // preserve the original majorStatus/minorStatus from gss_acquire_cred
- majorStatus = GSS_S_COMPLETE;
- }
- else
- {
- *minorStatus = tempMinorStatus;
- }
+ majorStatus = gss_set_cred_option(minorStatus, outputCredHandle, GSS_KRB5_CRED_NO_CI_FLAGS_X, &emptyBuffer);
  }
 #endif
 
@@ -636,20 +606,10 @@ static uint32_t AcquireCredWithPassword(uint32_t* minorStatus,
 
  // call gss_set_cred_option with GSS_KRB5_CRED_NO_CI_FLAGS_X to support Kerberos Sign Only option from *nix client against a windows server
 #if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
- if (!isNtlm && majorStatus == GSS_S_COMPLETE && GSS_KRB5_CRED_NO_CI_FLAGS_X_AVAILABLE)
+ if (majorStatus == GSS_S_COMPLETE)
  {
  GssBuffer emptyBuffer = GSS_C_EMPTY_BUFFER;
- uint32_t tempMinorStatus;
- majorStatus = gss_set_cred_option(&tempMinorStatus, outputCredHandle, GSS_KRB5_CRED_NO_CI_FLAGS_X, &emptyBuffer);
- if (majorStatus == GSS_S_UNAVAILABLE || majorStatus == GSS_S_COMPLETE)
- {
- // preserve the original majorStatus/minorStatus from gss_acquire_cred_with_password
- majorStatus = GSS_S_COMPLETE;
- }
- else
- {
- *minorStatus = tempMinorStatus;
- }
+ majorStatus = gss_set_cred_option(minorStatus, outputCredHandle, GSS_KRB5_CRED_NO_CI_FLAGS_X, &emptyBuffer);
  }
 #endif
 

diff --git a/src/native/libs/configure.cmake b/src/native/libs/configure.cmake
@@ -1030,17 +1030,6 @@ check_include_files(
  GSS/GSS.h
  HAVE_GSSFW_HEADERS)
 
-if (HAVE_GSSFW_HEADERS)
- find_library(LIBGSS NAMES GSS)
-elseif (HAVE_HEIMDAL_HEADERS)
- find_library(LIBGSS NAMES gssapi)
-else ()
- find_library(LIBGSS NAMES gssapi_krb5)
-endif ()
-
-set (PREVIOUS_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
-set (CMAKE_REQUIRED_LIBRARIES ${LIBGSS})
-
 if (HAVE_GSSFW_HEADERS)
  check_symbol_exists(
  GSS_SPNEGO_MECHANISM
@@ -1065,8 +1054,6 @@ else ()
  HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X)
 endif ()
 
-set (CMAKE_REQUIRED_LIBRARIES ${PREVIOUS_CMAKE_REQUIRED_LIBRARIES})
-
 check_symbol_exists(getauxval sys/auxv.h HAVE_GETAUXVAL)
 check_include_files(crt_externs.h HAVE_CRT_EXTERNS_H)