Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove GSS_KRB5_CRED_NO_CI_FLAGS_X code #70772

Merged
merged 1 commit into from
Jun 15, 2022
Merged

Remove GSS_KRB5_CRED_NO_CI_FLAGS_X code #70772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,16 +376,6 @@ internal static SecurityStatusPal InitializeSecurityContext(
ref resultBlob,
ref contextFlags);

// Confidentiality flag should not be set if not requested
if (status.ErrorCode == SecurityStatusPalErrorCode.CompleteNeeded)
{
ContextFlagsPal mask = ContextFlagsPal.Confidentiality;
if ((requestedContextFlags & mask) != (contextFlags & mask))
{
throw new PlatformNotSupportedException(SR.net_nego_protection_level_not_supported);
}
}

return status;
}

Expand Down
1 change: 0 additions & 1 deletion src/native/libs/Common/pal_config.h.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,6 @@
#cmakedefine01 HAVE_TCP_FSM_H
#cmakedefine01 HAVE_GSSFW_HEADERS
#cmakedefine01 HAVE_GSS_SPNEGO_MECHANISM
#cmakedefine01 HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
#cmakedefine01 HAVE_HEIMDAL_HEADERS
#cmakedefine01 HAVE_NSGETENVIRON
#cmakedefine01 HAVE_GETAUXVAL
Expand Down
30 changes: 0 additions & 30 deletions src/native/libs/System.Net.Security.Native/pal_gssapi.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,6 @@ static gss_OID_desc gss_mech_ntlm_OID_desc = {.length = STRING_LENGTH(gss_ntlm_o
PER_FUNCTION_BLOCK(GSS_C_NT_USER_NAME) \
PER_FUNCTION_BLOCK(GSS_C_NT_HOSTBASED_SERVICE)

#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X

#define FOR_ALL_GSS_FUNCTIONS FOR_ALL_GSS_FUNCTIONS \
PER_FUNCTION_BLOCK(gss_set_cred_option)

#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X

// define indirection pointers for all functions, like
// static TYPEOF(gss_accept_sec_context)* gss_accept_sec_context_ptr;
#define PER_FUNCTION_BLOCK(fn) \
Expand Down Expand Up @@ -116,11 +109,6 @@ static void* volatile s_gssLib = NULL;
#define gss_unwrap(...) gss_unwrap_ptr(__VA_ARGS__)
#define gss_wrap(...) gss_wrap_ptr(__VA_ARGS__)

#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
#define gss_set_cred_option(...) gss_set_cred_option_ptr(__VA_ARGS__)
#endif //HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X


#define GSS_C_NT_USER_NAME (*GSS_C_NT_USER_NAME_ptr)
#define GSS_C_NT_HOSTBASED_SERVICE (*GSS_C_NT_HOSTBASED_SERVICE_ptr)
#define gss_mech_krb5 (*gss_mech_krb5_ptr)
Expand Down Expand Up @@ -181,15 +169,6 @@ static uint32_t AcquireCredSpNego(uint32_t* minorStatus,
uint32_t majorStatus = gss_acquire_cred(
minorStatus, desiredName, 0, &gss_mech_spnego_OID_set_desc, credUsage, outputCredHandle, NULL, NULL);

// call gss_set_cred_option with GSS_KRB5_CRED_NO_CI_FLAGS_X to support Kerberos Sign Only option from *nix client against a windows server
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
if (majorStatus == GSS_S_COMPLETE)
{
GssBuffer emptyBuffer = GSS_C_EMPTY_BUFFER;
majorStatus = gss_set_cred_option(minorStatus, outputCredHandle, GSS_KRB5_CRED_NO_CI_FLAGS_X, &emptyBuffer);
}
#endif

return majorStatus;
}

Expand Down Expand Up @@ -604,15 +583,6 @@ static uint32_t AcquireCredWithPassword(uint32_t* minorStatus,
uint32_t majorStatus = gss_acquire_cred_with_password(
minorStatus, desiredName, &passwordBuffer, 0, desiredMech, credUsage, outputCredHandle, NULL, NULL);

// call gss_set_cred_option with GSS_KRB5_CRED_NO_CI_FLAGS_X to support Kerberos Sign Only option from *nix client against a windows server
#if HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
if (majorStatus == GSS_S_COMPLETE)
{
GssBuffer emptyBuffer = GSS_C_EMPTY_BUFFER;
majorStatus = gss_set_cred_option(minorStatus, outputCredHandle, GSS_KRB5_CRED_NO_CI_FLAGS_X, &emptyBuffer);
}
#endif

return majorStatus;
}

Expand Down
12 changes: 0 additions & 12 deletions src/native/libs/configure.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1042,18 +1042,6 @@ else ()
HAVE_GSS_SPNEGO_MECHANISM)
endif ()

if (HAVE_GSSFW_HEADERS)
check_symbol_exists(
GSS_KRB5_CRED_NO_CI_FLAGS_X
"GSS/GSS.h"
HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X)
else ()
check_symbol_exists(
GSS_KRB5_CRED_NO_CI_FLAGS_X
"gssapi/gssapi_krb5.h"
HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X)
endif ()

check_symbol_exists(getauxval sys/auxv.h HAVE_GETAUXVAL)
check_include_files(crt_externs.h HAVE_CRT_EXTERNS_H)

Expand Down