gss: add some missing GM_USE_MG_CRED checks
GM_USE_MG_CRED allows a mechanism glue credential to be used by a mechanism without additional wrapping. Although no extant mechanisms use this flag, the flag had sporadic support in the mechanism glue already. In the interest of consistency, add missing GM_USE_MG_CRED checks. If this functionality is not desired, then all checks should be removed.
This commit is contained in:
		| @@ -210,7 +210,9 @@ gss_accept_sec_context(OM_uint32 *minor_status, | ||||
| 		m = ctx->gc_mech; | ||||
| 	} | ||||
|  | ||||
| 	if (cred) { | ||||
| 	if (m->gm_flags & GM_USE_MG_CRED) { | ||||
| 		acceptor_mc = acceptor_cred_handle; | ||||
| 	} else if (cred) { | ||||
| 		HEIM_TAILQ_FOREACH(mc, &cred->gc_mc, gmc_link) | ||||
| 			if (mc->gmc_mech == m) | ||||
| 				break; | ||||
| @@ -270,9 +272,18 @@ gss_accept_sec_context(OM_uint32 *minor_status, | ||||
|  | ||||
| 	if (mech_ret_flags & GSS_C_DELEG_FLAG) { | ||||
| 		if (!delegated_cred_handle) { | ||||
| 			m->gm_release_cred(minor_status, &delegated_mc); | ||||
| 			if (m->gm_flags	 & GM_USE_MG_CRED) | ||||
| 				gss_release_cred(minor_status, &delegated_mc); | ||||
| 			else | ||||
| 				m->gm_release_cred(minor_status, &delegated_mc); | ||||
| 			mech_ret_flags &= | ||||
| 			    ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG); | ||||
| 		} else if ((m->gm_flags & GM_USE_MG_CRED) != 0) { | ||||
| 			/*  | ||||
| 			 * If credential is uses mechglue cred, assume it | ||||
| 			 * returns one too. | ||||
| 			 */ | ||||
| 			*delegated_cred_handle = delegated_mc; | ||||
| 		} else if (gss_oid_equal(mech_ret_type, &m->gm_mech_oid) == 0) { | ||||
| 			/* | ||||
| 			 * If the returned mech_type is not the same | ||||
|   | ||||
| @@ -200,7 +200,7 @@ gss_acquire_cred_from(OM_uint32 *minor_status, | ||||
| 	OM_uint32 cred_time; | ||||
|  | ||||
| 	m = __gss_get_mechanism(&mechs->elements[i]); | ||||
| 	if (m == NULL) | ||||
| 	if (m == NULL || (m->gm_flags & GM_USE_MG_CRED) != 0) | ||||
| 	    continue; | ||||
|  | ||||
| 	if (desired_name != GSS_C_NO_NAME) { | ||||
|   | ||||
| @@ -130,7 +130,8 @@ gss_add_cred_from(OM_uint32 *minor_status, | ||||
|         *acceptor_time_rec = 0; | ||||
|     if (actual_mechs) | ||||
|         *actual_mechs = GSS_C_NO_OID_SET; | ||||
|     if ((m = __gss_get_mechanism(desired_mech)) == NULL) | ||||
|     if ((m = __gss_get_mechanism(desired_mech)) == NULL || | ||||
| 	(m->gm_flags & GM_USE_MG_CRED)) | ||||
|         return GSS_S_BAD_MECH; | ||||
|     if (input_cred_handle == GSS_C_NO_CREDENTIAL && | ||||
|         output_cred_handle == NULL) { | ||||
|   | ||||
| @@ -110,7 +110,7 @@ gss_store_cred_into(OM_uint32 *minor_status, | ||||
|     HEIM_TAILQ_FOREACH(mc, &cred->gc_mc, gmc_link) { | ||||
| 	gssapi_mech_interface m = mc->gmc_mech; | ||||
|  | ||||
| 	if (m == NULL) | ||||
| 	if (m == NULL || (m->gm_flags & GM_USE_MG_CRED) != 0) | ||||
| 	    continue; | ||||
|  | ||||
|         if (desired_mech != GSS_C_NO_OID && | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Luke Howard
					Luke Howard