spnego: Also use mechglue names
This commit is contained in:
Nicolas Williams
@@ -182,12 +182,11 @@ gss_accept_sec_context(OM_uint32 *minor_status,
|
||||
* and we have to try all mechs (that we have a cred element
|
||||
* for, if we have a cred).
|
||||
*/
|
||||
ctx = malloc(sizeof(struct _gss_context));
|
||||
ctx = calloc(1, sizeof(struct _gss_context));
|
||||
if (!ctx) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
}
|
||||
memset(ctx, 0, sizeof(struct _gss_context));
|
||||
if (mech_oid != GSS_C_NO_OID) {
|
||||
m = ctx->gc_mech = __gss_get_mechanism(mech_oid);
|
||||
if (!m) {
|
||||
@@ -334,11 +333,18 @@ got_one:
|
||||
}
|
||||
|
||||
if (mech_type)
|
||||
*mech_type = mech_ret_type;
|
||||
*mech_type = mech_ret_type;
|
||||
|
||||
if (src_name && src_mn) {
|
||||
if (src_name && src_mn && (ctx->gc_mech->gm_flags & GM_USE_MG_NAME)) {
|
||||
/* Negotiation mechanisms use mechglue names as names */
|
||||
*src_name = src_mn;
|
||||
src_mn = GSS_C_NO_NAME;
|
||||
} else if (src_name && src_mn) {
|
||||
/*
|
||||
* Make a new name and mark it as an MN.
|
||||
*
|
||||
* Note that _gss_create_name() consumes `src_mn' but doesn't
|
||||
* take a pointer, so it can't set it to GSS_C_NO_NAME.
|
||||
*/
|
||||
struct _gss_name *name = _gss_create_name(src_mn, m);
|
||||
|
||||
@@ -348,6 +354,7 @@ got_one:
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
*src_name = (gss_name_t) name;
|
||||
src_mn = GSS_C_NO_NAME;
|
||||
} else if (src_mn) {
|
||||
m->gm_release_name(minor_status, &src_mn);
|
||||
}
|
||||
|
||||
@@ -67,7 +67,11 @@ gss_canonicalize_name(OM_uint32 *minor_status,
|
||||
gss_name_t new_canonical_name;
|
||||
|
||||
*minor_status = 0;
|
||||
*output_name = 0;
|
||||
*output_name = GSS_C_NO_NAME;
|
||||
|
||||
if ((m = __gss_get_mechanism(mech_type)) == NULL ||
|
||||
(m->gm_flags & GM_USE_MG_NAME))
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
|
||||
if (major_status)
|
||||
|
||||
@@ -120,7 +120,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
|
||||
return (GSS_S_BAD_NAME);
|
||||
|
||||
m = __gss_get_mechanism(&mech_oid);
|
||||
if (!m)
|
||||
if (!m || !m->gm_import_name)
|
||||
return (GSS_S_BAD_MECH);
|
||||
|
||||
/*
|
||||
@@ -242,6 +242,9 @@ gss_import_name(OM_uint32 *minor_status,
|
||||
HEIM_TAILQ_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
int present = 0;
|
||||
|
||||
if ((m->gm_mech.gm_flags & GM_USE_MG_NAME))
|
||||
continue;
|
||||
|
||||
major_status = gss_test_oid_set_member(minor_status,
|
||||
name_type, m->gm_name_types, &present);
|
||||
|
||||
|
||||
@@ -158,6 +158,7 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
gssapi_mech_interface m;
|
||||
gss_const_name_t mn_inner = GSS_C_NO_NAME;
|
||||
struct _gss_name *name = (struct _gss_name *) target_name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
|
||||
@@ -216,12 +217,18 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
/*
|
||||
* Find the MN for this mechanism.
|
||||
*/
|
||||
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
|
||||
if (major_status != GSS_S_COMPLETE) {
|
||||
if (allocated_ctx)
|
||||
free(ctx);
|
||||
return major_status;
|
||||
}
|
||||
if ((m->gm_flags & GM_USE_MG_NAME)) {
|
||||
mn_inner = target_name;
|
||||
} else {
|
||||
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
|
||||
if (major_status != GSS_S_COMPLETE) {
|
||||
if (allocated_ctx)
|
||||
free(ctx);
|
||||
return major_status;
|
||||
}
|
||||
if (mn)
|
||||
mn_inner = mn->gmn_name;
|
||||
}
|
||||
|
||||
/*
|
||||
* If we have a cred, find the cred for this mechanism.
|
||||
@@ -246,7 +253,7 @@ gss_init_sec_context(OM_uint32 * minor_status,
|
||||
major_status = m->gm_init_sec_context(minor_status,
|
||||
cred_handle,
|
||||
&ctx->gc_ctx,
|
||||
mn ? mn->gmn_name : GSS_C_NO_NAME,
|
||||
mn_inner,
|
||||
mech_type,
|
||||
req_flags,
|
||||
time_req,
|
||||
|
||||
@@ -82,7 +82,11 @@ gss_inquire_context(OM_uint32 *minor_status,
|
||||
return (major_status);
|
||||
}
|
||||
|
||||
if (src_name) {
|
||||
if (src_name && (m->gm_flags & GM_USE_MG_NAME)) {
|
||||
*src_name = src_mn;
|
||||
src_mn = GSS_C_NO_NAME;
|
||||
} else if (src_name && src_mn) {
|
||||
/* _gss_create_name() consumes `src_mn' on success */
|
||||
name = _gss_create_name(src_mn, m);
|
||||
if (!name) {
|
||||
if (mech_type)
|
||||
@@ -92,9 +96,12 @@ gss_inquire_context(OM_uint32 *minor_status,
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
*src_name = (gss_name_t) name;
|
||||
src_mn = GSS_C_NO_NAME;
|
||||
}
|
||||
|
||||
if (targ_name) {
|
||||
if (targ_name && (m->gm_flags & GM_USE_MG_NAME)) {
|
||||
*targ_name = targ_mn;
|
||||
} else if (targ_name && targ_mn) {
|
||||
name = _gss_create_name(targ_mn, m);
|
||||
if (!name) {
|
||||
if (mech_type)
|
||||
@@ -106,6 +113,7 @@ gss_inquire_context(OM_uint32 *minor_status,
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
*targ_name = (gss_name_t) name;
|
||||
targ_mn = GSS_C_NO_NAME;
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
|
||||
@@ -74,7 +74,7 @@ _gss_find_mn(OM_uint32 *minor_status,
|
||||
return GSS_S_BAD_NAME;
|
||||
|
||||
m = __gss_get_mechanism(mech);
|
||||
if (!m)
|
||||
if (!m || !m->gm_import_name)
|
||||
return (GSS_S_BAD_MECH);
|
||||
|
||||
mn = malloc(sizeof(struct _gss_mechanism_name));
|
||||
|
||||
Reference in New Issue
Block a user