krb5/krb5-1.14.1-interpose-public_oid_fixups.patch

From fe73f1130695880bd83cf811c37131b12711be23 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 12 Jan 2016 15:59:49 -0500
Subject: [PATCH] Use public OID for interposing several functions

This resolves an issue where an interposer would receive the private
OID, and be unable to call back into krb5 in the expected manner in
gss_inquire_names_for_mech(), gss_inquire_cred_by_mech(),
gss_localname(), gss_store_cred(), and gss_store_cred_into().

Also change the return code of gss_localname() to GSS_S_BAD_MECH
instead of GSS_S_UNAVAILABLE on mech lookup failure, for consistency
with other functions.

ticket: 8360 (new)
---
 src/lib/gssapi/mechglue/g_inq_cred.c        |  5 +++--
 src/lib/gssapi/mechglue/g_inq_names.c       | 28 +++++++++++-----------------
 src/lib/gssapi/mechglue/g_store_cred.c      |  6 ++++--
 src/lib/gssapi/mechglue/gssd_pname_to_uid.c |  7 ++++---
 4 files changed, 22 insertions(+), 24 deletions(-)

diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index c8e45fe..c5577d4 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -169,7 +169,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
     gss_mechanism	mech;
     OM_uint32		status, temp_minor_status;
     gss_name_t		internal_name;
-    gss_OID		selected_mech;
+    gss_OID		selected_mech, public_mech;
 
     if (minor_status != NULL)
 	*minor_status = 0;
@@ -198,8 +198,9 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
 	return (GSS_S_DEFECTIVE_CREDENTIAL);
 #endif
 
+    public_mech = gssint_get_public_oid(selected_mech);
     status = mech->gss_inquire_cred_by_mech(minor_status,
-					    mech_cred, selected_mech,
+					    mech_cred, public_mech,
 					    name ? &internal_name : NULL,
 					    initiator_lifetime,
 					    acceptor_lifetime, cred_usage);
diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c
index b44fd6c..d22af8b 100644
--- a/src/lib/gssapi/mechglue/g_inq_names.c
+++ b/src/lib/gssapi/mechglue/g_inq_names.c
@@ -40,7 +40,7 @@ gss_OID_set *	name_types;
 
 {
     OM_uint32		status;
-    gss_OID		selected_mech = GSS_C_NO_OID;
+    gss_OID		selected_mech = GSS_C_NO_OID, public_mech;
     gss_mechanism	mech;
 
     /* Initialize outputs. */
@@ -70,23 +70,17 @@ gss_OID_set *	name_types;
 	return (status);
 
     mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    else if (mech->gss_inquire_names_for_mech == NULL)
+	return GSS_S_UNAVAILABLE;
+    public_mech = gssint_get_public_oid(selected_mech);
+    status = mech->gss_inquire_names_for_mech(minor_status, public_mech,
+					      name_types);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
 
-    if (mech) {
-
-	if (mech->gss_inquire_names_for_mech) {
-	    status = mech->gss_inquire_names_for_mech(
-				minor_status,
-				selected_mech,
-				name_types);
-	    if (status != GSS_S_COMPLETE)
-		map_error(minor_status, mech);
-	} else
-	    status = GSS_S_UNAVAILABLE;
-
-	return(status);
-    }
-
-    return (GSS_S_BAD_MECH);
+    return status;
 }
 
 static OM_uint32
diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c
index 030c73f..c2b6ddf 100644
--- a/src/lib/gssapi/mechglue/g_store_cred.c
+++ b/src/lib/gssapi/mechglue/g_store_cred.c
@@ -24,15 +24,17 @@ store_cred_fallback(
 	gss_OID_set *elements_stored,
 	gss_cred_usage_t *cred_usage_stored)
 {
+	gss_OID public_mech = gssint_get_public_oid(desired_mech);
+
 	if (mech->gss_store_cred_into != NULL) {
 		return mech->gss_store_cred_into(minor_status, mech_cred,
-						 cred_usage, desired_mech,
+						 cred_usage, public_mech,
 						 overwrite_cred, default_cred,
 						 cred_store, elements_stored,
 						 cred_usage_stored);
 	} else if (cred_store == GSS_C_NO_CRED_STORE) {
 		return mech->gss_store_cred(minor_status, mech_cred,
-					    cred_usage, desired_mech,
+					    cred_usage, public_mech,
 					    overwrite_cred, default_cred,
 					    elements_stored,
 					    cred_usage_stored);
diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
index 4e7b644..4caa751 100644
--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -123,7 +123,7 @@ gss_localname(OM_uint32 *minor,
     gss_mechanism mech;
     gss_union_name_t unionName;
     gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
-    gss_OID selected_mech = GSS_C_NO_OID;
+    gss_OID selected_mech = GSS_C_NO_OID, public_mech;
 
     if (localname != GSS_C_NO_BUFFER) {
 	localname->length = 0;
@@ -152,7 +152,7 @@ gss_localname(OM_uint32 *minor,
         mech = gssint_get_mechanism(unionName->mech_type);
 
     if (mech == NULL)
-	return GSS_S_UNAVAILABLE;
+	return GSS_S_BAD_MECH;
 
     /* may need to create a mechanism specific name */
     if (unionName->mech_type == GSS_C_NO_OID ||
@@ -170,7 +170,8 @@ gss_localname(OM_uint32 *minor,
     major = GSS_S_UNAVAILABLE;
 
     if (mech->gss_localname != NULL) {
-        major = mech->gss_localname(minor, mechNameP, mech_type, localname);
+        public_mech = gssint_get_public_oid(selected_mech);
+        major = mech->gss_localname(minor, mechNameP, public_mech, localname);
         if (GSS_ERROR(major))
             map_error(minor, mech);
     }
-- 
2.7.0
Backport my interposer fixes from upstream Supersedes krb5-mechglue_inqure_attrs.patch 2016-02-19 20:11:23 +00:00			`From fe73f1130695880bd83cf811c37131b12711be23 Mon Sep 17 00:00:00 2001`
			`From: Robbie Harwood <rharwood@redhat.com>`
			`Date: Tue, 12 Jan 2016 15:59:49 -0500`
			`Subject: [PATCH] Use public OID for interposing several functions`

			`This resolves an issue where an interposer would receive the private`
			`OID, and be unable to call back into krb5 in the expected manner in`
			`gss_inquire_names_for_mech(), gss_inquire_cred_by_mech(),`
			`gss_localname(), gss_store_cred(), and gss_store_cred_into().`

			`Also change the return code of gss_localname() to GSS_S_BAD_MECH`
			`instead of GSS_S_UNAVAILABLE on mech lookup failure, for consistency`
			`with other functions.`

			`ticket: 8360 (new)`
			`---`
			`src/lib/gssapi/mechglue/g_inq_cred.c \| 5 +++--`
			`src/lib/gssapi/mechglue/g_inq_names.c \| 28 +++++++++++-----------------`
			`src/lib/gssapi/mechglue/g_store_cred.c \| 6 ++++--`
			`src/lib/gssapi/mechglue/gssd_pname_to_uid.c \| 7 ++++---`
			`4 files changed, 22 insertions(+), 24 deletions(-)`

			`diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c`
			`index c8e45fe..c5577d4 100644`
			`--- a/src/lib/gssapi/mechglue/g_inq_cred.c`
			`+++ b/src/lib/gssapi/mechglue/g_inq_cred.c`
			`@@ -169,7 +169,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,`
			`gss_mechanism mech;`
			`OM_uint32 status, temp_minor_status;`
			`gss_name_t internal_name;`
			`- gss_OID selected_mech;`
			`+ gss_OID selected_mech, public_mech;`

			`if (minor_status != NULL)`
			`*minor_status = 0;`
			`@@ -198,8 +198,9 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,`
			`return (GSS_S_DEFECTIVE_CREDENTIAL);`
			`#endif`

			`+ public_mech = gssint_get_public_oid(selected_mech);`
			`status = mech->gss_inquire_cred_by_mech(minor_status,`
			`- mech_cred, selected_mech,`
			`+ mech_cred, public_mech,`
			`name ? &internal_name : NULL,`
			`initiator_lifetime,`
			`acceptor_lifetime, cred_usage);`
			`diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c`
			`index b44fd6c..d22af8b 100644`
			`--- a/src/lib/gssapi/mechglue/g_inq_names.c`
			`+++ b/src/lib/gssapi/mechglue/g_inq_names.c`
			`@@ -40,7 +40,7 @@ gss_OID_set * name_types;`

			`{`
			`OM_uint32 status;`
			`- gss_OID selected_mech = GSS_C_NO_OID;`
			`+ gss_OID selected_mech = GSS_C_NO_OID, public_mech;`
			`gss_mechanism mech;`

			`/* Initialize outputs. */`
			`@@ -70,23 +70,17 @@ gss_OID_set * name_types;`
			`return (status);`

			`mech = gssint_get_mechanism(selected_mech);`
			`+ if (mech == NULL)`
			`+ return GSS_S_BAD_MECH;`
			`+ else if (mech->gss_inquire_names_for_mech == NULL)`
			`+ return GSS_S_UNAVAILABLE;`
			`+ public_mech = gssint_get_public_oid(selected_mech);`
			`+ status = mech->gss_inquire_names_for_mech(minor_status, public_mech,`
			`+ name_types);`
			`+ if (status != GSS_S_COMPLETE)`
			`+ map_error(minor_status, mech);`

			`- if (mech) {`
			`-`
			`- if (mech->gss_inquire_names_for_mech) {`
			`- status = mech->gss_inquire_names_for_mech(`
			`- minor_status,`
			`- selected_mech,`
			`- name_types);`
			`- if (status != GSS_S_COMPLETE)`
			`- map_error(minor_status, mech);`
			`- } else`
			`- status = GSS_S_UNAVAILABLE;`
			`-`
			`- return(status);`
			`- }`
			`-`
			`- return (GSS_S_BAD_MECH);`
			`+ return status;`
			`}`

			`static OM_uint32`
			`diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c`
			`index 030c73f..c2b6ddf 100644`
			`--- a/src/lib/gssapi/mechglue/g_store_cred.c`
			`+++ b/src/lib/gssapi/mechglue/g_store_cred.c`
			`@@ -24,15 +24,17 @@ store_cred_fallback(`
			`gss_OID_set *elements_stored,`
			`gss_cred_usage_t *cred_usage_stored)`
			`{`
			`+ gss_OID public_mech = gssint_get_public_oid(desired_mech);`
			`+`
			`if (mech->gss_store_cred_into != NULL) {`
			`return mech->gss_store_cred_into(minor_status, mech_cred,`
			`- cred_usage, desired_mech,`
			`+ cred_usage, public_mech,`
			`overwrite_cred, default_cred,`
			`cred_store, elements_stored,`
			`cred_usage_stored);`
			`} else if (cred_store == GSS_C_NO_CRED_STORE) {`
			`return mech->gss_store_cred(minor_status, mech_cred,`
			`- cred_usage, desired_mech,`
			`+ cred_usage, public_mech,`
			`overwrite_cred, default_cred,`
			`elements_stored,`
			`cred_usage_stored);`
			`diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c`
			`index 4e7b644..4caa751 100644`
			`--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c`
			`+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c`
			`@@ -123,7 +123,7 @@ gss_localname(OM_uint32 *minor,`
			`gss_mechanism mech;`
			`gss_union_name_t unionName;`
			`gss_name_t mechName = GSS_C_NO_NAME, mechNameP;`
			`- gss_OID selected_mech = GSS_C_NO_OID;`
			`+ gss_OID selected_mech = GSS_C_NO_OID, public_mech;`

			`if (localname != GSS_C_NO_BUFFER) {`
			`localname->length = 0;`
			`@@ -152,7 +152,7 @@ gss_localname(OM_uint32 *minor,`
			`mech = gssint_get_mechanism(unionName->mech_type);`

			`if (mech == NULL)`
			`- return GSS_S_UNAVAILABLE;`
			`+ return GSS_S_BAD_MECH;`

			`/* may need to create a mechanism specific name */`
			`if (unionName->mech_type == GSS_C_NO_OID \|\|`
			`@@ -170,7 +170,8 @@ gss_localname(OM_uint32 *minor,`
			`major = GSS_S_UNAVAILABLE;`

			`if (mech->gss_localname != NULL) {`
			`- major = mech->gss_localname(minor, mechNameP, mech_type, localname);`
			`+ public_mech = gssint_get_public_oid(selected_mech);`
			`+ major = mech->gss_localname(minor, mechNameP, public_mech, localname);`
			`if (GSS_ERROR(major))`
			`map_error(minor, mech);`
			`}`
			`--`
			`2.7.0`