From d0daf73db55d8d67220e327e8c0a021e71041024 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 16 Dec 2015 19:31:22 -0500 Subject: [PATCH] Fix interposed gss_accept_sec_context() If gss_accept_sec_context() is interposed, selected_mech will be an interposer OID. In this situation, pass the corresponding public OID to gss_inquire_attrs_for_mech() to determine whether the mech is allowed by default. [ghudson@mit.edu: pared down from larger commit; rewrote commit message] (cherry picked from commit 0b43d10333f4c4b29896cebc9447d8866b661217) ticket: 8338 version_fixed: 1.14.1 --- src/lib/gssapi/mechglue/g_accept_sec_context.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index 6c72d1f609..ddaf87412e 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -94,6 +94,12 @@ allow_mech_by_default(gss_OID mech) gss_OID_set attrs; int reject = 0, p; + /* Whether we accept an interposer mech depends on whether we accept the + * mech it interposes. */ + mech = gssint_get_public_oid(mech); + if (mech == GSS_C_NO_OID) + return 0; + status = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL); if (status) return 0; -- 2.47.3