From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 12 Jan 2016 20:59:49 +0000 (-0500)
Subject: Use public OID for interposing several functions
X-Git-Tag: krb5-1.15-beta1~271
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe73f1130695880bd83cf811c37131b12711be23;p=thirdparty%2Fkrb5.git

Use public OID for interposing several functions

This resolves an issue where an interposer would receive the private
OID, and be unable to call back into krb5 in the expected manner in
gss_inquire_names_for_mech(), gss_inquire_cred_by_mech(),
gss_localname(), gss_store_cred(), and gss_store_cred_into().

Also change the return code of gss_localname() to GSS_S_BAD_MECH
instead of GSS_S_UNAVAILABLE on mech lookup failure, for consistency
with other functions.

ticket: 8360 (new)
---

diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index c8e45fe0bb..c5577d434c 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -169,7 +169,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
     gss_mechanism	mech;
     OM_uint32		status, temp_minor_status;
     gss_name_t		internal_name;
-    gss_OID		selected_mech;
+    gss_OID		selected_mech, public_mech;
 
     if (minor_status != NULL)
 	*minor_status = 0;
@@ -198,8 +198,9 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
 	return (GSS_S_DEFECTIVE_CREDENTIAL);
 #endif
 
+    public_mech = gssint_get_public_oid(selected_mech);
     status = mech->gss_inquire_cred_by_mech(minor_status,
-					    mech_cred, selected_mech,
+					    mech_cred, public_mech,
 					    name ? &internal_name : NULL,
 					    initiator_lifetime,
 					    acceptor_lifetime, cred_usage);
diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c
index b44fd6cd14..d22af8bcf9 100644
--- a/src/lib/gssapi/mechglue/g_inq_names.c
+++ b/src/lib/gssapi/mechglue/g_inq_names.c
@@ -40,7 +40,7 @@ gss_OID_set *	name_types;
 
 {
     OM_uint32		status;
-    gss_OID		selected_mech = GSS_C_NO_OID;
+    gss_OID		selected_mech = GSS_C_NO_OID, public_mech;
     gss_mechanism	mech;
 
     /* Initialize outputs. */
@@ -70,23 +70,17 @@ gss_OID_set *	name_types;
 	return (status);
 
     mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    else if (mech->gss_inquire_names_for_mech == NULL)
+	return GSS_S_UNAVAILABLE;
+    public_mech = gssint_get_public_oid(selected_mech);
+    status = mech->gss_inquire_names_for_mech(minor_status, public_mech,
+					      name_types);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
 
-    if (mech) {
-
-	if (mech->gss_inquire_names_for_mech) {
-	    status = mech->gss_inquire_names_for_mech(
-				minor_status,
-				selected_mech,
-				name_types);
-	    if (status != GSS_S_COMPLETE)
-		map_error(minor_status, mech);
-	} else
-	    status = GSS_S_UNAVAILABLE;
-
-	return(status);
-    }
-
-    return (GSS_S_BAD_MECH);
+    return status;
 }
 
 static OM_uint32
diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c
index 030c73fb68..c2b6ddf3c0 100644
--- a/src/lib/gssapi/mechglue/g_store_cred.c
+++ b/src/lib/gssapi/mechglue/g_store_cred.c
@@ -24,15 +24,17 @@ store_cred_fallback(
 	gss_OID_set *elements_stored,
 	gss_cred_usage_t *cred_usage_stored)
 {
+	gss_OID public_mech = gssint_get_public_oid(desired_mech);
+
 	if (mech->gss_store_cred_into != NULL) {
 		return mech->gss_store_cred_into(minor_status, mech_cred,
-						 cred_usage, desired_mech,
+						 cred_usage, public_mech,
 						 overwrite_cred, default_cred,
 						 cred_store, elements_stored,
 						 cred_usage_stored);
 	} else if (cred_store == GSS_C_NO_CRED_STORE) {
 		return mech->gss_store_cred(minor_status, mech_cred,
-					    cred_usage, desired_mech,
+					    cred_usage, public_mech,
 					    overwrite_cred, default_cred,
 					    elements_stored,
 					    cred_usage_stored);
diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
index 4e7b64476c..4caa751657 100644
--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -123,7 +123,7 @@ gss_localname(OM_uint32 *minor,
     gss_mechanism mech;
     gss_union_name_t unionName;
     gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
-    gss_OID selected_mech = GSS_C_NO_OID;
+    gss_OID selected_mech = GSS_C_NO_OID, public_mech;
 
     if (localname != GSS_C_NO_BUFFER) {
 	localname->length = 0;
@@ -152,7 +152,7 @@ gss_localname(OM_uint32 *minor,
         mech = gssint_get_mechanism(unionName->mech_type);
 
     if (mech == NULL)
-	return GSS_S_UNAVAILABLE;
+	return GSS_S_BAD_MECH;
 
     /* may need to create a mechanism specific name */
     if (unionName->mech_type == GSS_C_NO_OID ||
@@ -170,7 +170,8 @@ gss_localname(OM_uint32 *minor,
     major = GSS_S_UNAVAILABLE;
 
     if (mech->gss_localname != NULL) {
-        major = mech->gss_localname(minor, mechNameP, mech_type, localname);
+        public_mech = gssint_get_public_oid(selected_mech);
+        major = mech->gss_localname(minor, mechNameP, public_mech, localname);
         if (GSS_ERROR(major))
             map_error(minor, mech);
     }