oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: improve krb5 to GSS name conversion

Browse Source 
First attempt to import krb5 names as GSS_KRB5_NT_PRINCIPAL_NAME; if that
fails, choose the most appropriate name form based on Kerberos name type.
This commit is contained in:
Luke Howard
2021-08-15 14:47:11 +10:00
parent 939cdbe4ad
commit 95d553e009
1 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/gssapi/preauth/pa_common.c
View File

@@ -120,7 +120,6 @@ _krb5_gss_pa_unparse_name(krb5_context context,
OM_uint32 major, minor; OM_uint32 major, minor;
gss_buffer_desc name_buf; gss_buffer_desc name_buf;
gss_OID name_type;
*namep = GSS_C_NO_NAME; *namep = GSS_C_NO_NAME;
@@ -138,16 +137,42 @@ _krb5_gss_pa_unparse_name(krb5_context context,
name_buf.length = strlen(name); name_buf.length = strlen(name);
name_buf.value = name; name_buf.value = name;
if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL)
name_type = GSS_C_NT_USER_NAME;
else
name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
major = gss_import_name(&minor, &name_buf, name_type, namep);
if (major == GSS_S_BAD_NAMETYPE &&
gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) {
major = gss_import_name(&minor, &name_buf, major = gss_import_name(&minor, &name_buf,
GSS_C_NT_USER_NAME, namep); GSS_KRB5_NT_PRINCIPAL_NAME, namep);
if (major == GSS_S_BAD_NAMETYPE) {
gss_OID name_type = GSS_C_NO_OID;
int flags = 0;
if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
name_type = GSS_C_NT_USER_NAME;
} else if (principal->name.name_type == KRB5_NT_PRINCIPAL) {
flags = KRB5_PRINCIPAL_UNPARSE_SHORT;
name_type = GSS_C_NT_USER_NAME;
} else if (principal->name.name_type == KRB5_NT_SRV_INST &&
principal->name.name_string.len == 2) {
flags = KRB5_PRINCIPAL_UNPARSE_NO_REALM;
name_type = GSS_C_NT_HOSTBASED_SERVICE;
}
if (flags) {
krb5_xfree(name);
ret = krb5_unparse_name_flags(context, principal, flags, &name);
if (ret)
return ret;
if (gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE)) {
char *inst = strchr(name, '/');
if (inst)
*inst = '@';
}
name_buf.length = strlen(name);
name_buf.value = name;
}
if (name_type)
major = gss_import_name(&minor, &name_buf, name_type, namep);
} }
if (name != principal->name.name_string.val[0]) if (name != principal->name.name_string.val[0])