]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3beb564)
Fix interposed gss_accept_sec_context()
authorRobbie Harwood <rharwood@redhat.com>
Thu, 17 Dec 2015 00:31:22 +0000 (19:31 -0500)
committerGreg Hudson <ghudson@mit.edu>
Thu, 7 Jan 2016 18:08:18 +0000 (13:08 -0500)
If gss_accept_sec_context() is interposed, selected_mech will be an
interposer OID.  In this situation, pass the corresponding public OID
to gss_inquire_attrs_for_mech() to determine whether the mech is
allowed by default.

[ghudson@mit.edu: pared down from larger commit; rewrote commit message]

ticket: 8338 (new)
target_version: 1.14-next
tags: pullup

src/lib/gssapi/mechglue/g_accept_sec_context.c patch | blob | blame | history

diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
index 6c72d1f6097ce1e4acf3f10dd043d2a96ffb88b4..ddaf87412e9e3efdbb76377940e8dd8a40a1ca51 100644 (file)
--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -94,6 +94,12 @@ allow_mech_by_default(gss_OID mech)
     gss_OID_set attrs;
     int reject = 0, p;
 
+    /* Whether we accept an interposer mech depends on whether we accept the
+     * mech it interposes. */
+    mech = gssint_get_public_oid(mech);
+    if (mech == GSS_C_NO_OID)
+       return 0;
+
     status = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
     if (status)
        return 0;
Mirror of https://github.com/krb5/krb5.git