krb5/krb5-1.14.1-interpose-public_oid_fixups.patch

153 lines
5.3 KiB
Diff
Raw Normal View History

From fe73f1130695880bd83cf811c37131b12711be23 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 12 Jan 2016 15:59:49 -0500
Subject: [PATCH] Use public OID for interposing several functions
This resolves an issue where an interposer would receive the private
OID, and be unable to call back into krb5 in the expected manner in
gss_inquire_names_for_mech(), gss_inquire_cred_by_mech(),
gss_localname(), gss_store_cred(), and gss_store_cred_into().
Also change the return code of gss_localname() to GSS_S_BAD_MECH
instead of GSS_S_UNAVAILABLE on mech lookup failure, for consistency
with other functions.
ticket: 8360 (new)
---
src/lib/gssapi/mechglue/g_inq_cred.c | 5 +++--
src/lib/gssapi/mechglue/g_inq_names.c | 28 +++++++++++-----------------
src/lib/gssapi/mechglue/g_store_cred.c | 6 ++++--
src/lib/gssapi/mechglue/gssd_pname_to_uid.c | 7 ++++---
4 files changed, 22 insertions(+), 24 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index c8e45fe..c5577d4 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -169,7 +169,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
gss_mechanism mech;
OM_uint32 status, temp_minor_status;
gss_name_t internal_name;
- gss_OID selected_mech;
+ gss_OID selected_mech, public_mech;
if (minor_status != NULL)
*minor_status = 0;
@@ -198,8 +198,9 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
return (GSS_S_DEFECTIVE_CREDENTIAL);
#endif
+ public_mech = gssint_get_public_oid(selected_mech);
status = mech->gss_inquire_cred_by_mech(minor_status,
- mech_cred, selected_mech,
+ mech_cred, public_mech,
name ? &internal_name : NULL,
initiator_lifetime,
acceptor_lifetime, cred_usage);
diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c
index b44fd6c..d22af8b 100644
--- a/src/lib/gssapi/mechglue/g_inq_names.c
+++ b/src/lib/gssapi/mechglue/g_inq_names.c
@@ -40,7 +40,7 @@ gss_OID_set * name_types;
{
OM_uint32 status;
- gss_OID selected_mech = GSS_C_NO_OID;
+ gss_OID selected_mech = GSS_C_NO_OID, public_mech;
gss_mechanism mech;
/* Initialize outputs. */
@@ -70,23 +70,17 @@ gss_OID_set * name_types;
return (status);
mech = gssint_get_mechanism(selected_mech);
+ if (mech == NULL)
+ return GSS_S_BAD_MECH;
+ else if (mech->gss_inquire_names_for_mech == NULL)
+ return GSS_S_UNAVAILABLE;
+ public_mech = gssint_get_public_oid(selected_mech);
+ status = mech->gss_inquire_names_for_mech(minor_status, public_mech,
+ name_types);
+ if (status != GSS_S_COMPLETE)
+ map_error(minor_status, mech);
- if (mech) {
-
- if (mech->gss_inquire_names_for_mech) {
- status = mech->gss_inquire_names_for_mech(
- minor_status,
- selected_mech,
- name_types);
- if (status != GSS_S_COMPLETE)
- map_error(minor_status, mech);
- } else
- status = GSS_S_UNAVAILABLE;
-
- return(status);
- }
-
- return (GSS_S_BAD_MECH);
+ return status;
}
static OM_uint32
diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c
index 030c73f..c2b6ddf 100644
--- a/src/lib/gssapi/mechglue/g_store_cred.c
+++ b/src/lib/gssapi/mechglue/g_store_cred.c
@@ -24,15 +24,17 @@ store_cred_fallback(
gss_OID_set *elements_stored,
gss_cred_usage_t *cred_usage_stored)
{
+ gss_OID public_mech = gssint_get_public_oid(desired_mech);
+
if (mech->gss_store_cred_into != NULL) {
return mech->gss_store_cred_into(minor_status, mech_cred,
- cred_usage, desired_mech,
+ cred_usage, public_mech,
overwrite_cred, default_cred,
cred_store, elements_stored,
cred_usage_stored);
} else if (cred_store == GSS_C_NO_CRED_STORE) {
return mech->gss_store_cred(minor_status, mech_cred,
- cred_usage, desired_mech,
+ cred_usage, public_mech,
overwrite_cred, default_cred,
elements_stored,
cred_usage_stored);
diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
index 4e7b644..4caa751 100644
--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -123,7 +123,7 @@ gss_localname(OM_uint32 *minor,
gss_mechanism mech;
gss_union_name_t unionName;
gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
- gss_OID selected_mech = GSS_C_NO_OID;
+ gss_OID selected_mech = GSS_C_NO_OID, public_mech;
if (localname != GSS_C_NO_BUFFER) {
localname->length = 0;
@@ -152,7 +152,7 @@ gss_localname(OM_uint32 *minor,
mech = gssint_get_mechanism(unionName->mech_type);
if (mech == NULL)
- return GSS_S_UNAVAILABLE;
+ return GSS_S_BAD_MECH;
/* may need to create a mechanism specific name */
if (unionName->mech_type == GSS_C_NO_OID ||
@@ -170,7 +170,8 @@ gss_localname(OM_uint32 *minor,
major = GSS_S_UNAVAILABLE;
if (mech->gss_localname != NULL) {
- major = mech->gss_localname(minor, mechNameP, mech_type, localname);
+ public_mech = gssint_get_public_oid(selected_mech);
+ major = mech->gss_localname(minor, mechNameP, public_mech, localname);
if (GSS_ERROR(major))
map_error(minor, mech);
}
--
2.7.0