From f3484d5e2eacacdbdf2c04d94da07e751ca549a5 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sun, 2 Jan 2022 10:44:45 +1100 Subject: [PATCH] gss: pass GSS_C_NO_OID name type through to mechanism Allow the mechanism, rather than the mechanism glue, to determine the default name type if GSS_C_NO_OID was passed in when importing a name. --- lib/gssapi/mech/gss_compare_name.c | 10 ++++++++- lib/gssapi/mech/gss_import_name.c | 33 +++++++++++++++--------------- lib/gssapi/sanon/import_name.c | 6 ++---- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/lib/gssapi/mech/gss_compare_name.c b/lib/gssapi/mech/gss_compare_name.c index fd2523fd8..97ef57898 100644 --- a/lib/gssapi/mech/gss_compare_name.c +++ b/lib/gssapi/mech/gss_compare_name.c @@ -44,7 +44,15 @@ gss_compare_name(OM_uint32 *minor_status, * names have one. Otherwise, try to find common mechanism * names and compare them. */ - if (name1->gn_value.value && name2->gn_value.value) { + if (name1->gn_value.value && name2->gn_value.value && + name1->gn_type == GSS_C_NO_OID && name2->gn_type == GSS_C_NO_OID) { + *name_equal = + name1->gn_value.length == name2->gn_value.length && + memcmp(name1->gn_value.value, name2->gn_value.value, + name1->gn_value.length) == 0; + } else if (name1->gn_value.value && name2->gn_value.value && + name1->gn_type != GSS_C_NO_OID && + name2->gn_type != GSS_C_NO_OID) { *name_equal = 1; /* RFC 2743: anonymous names always compare false */ if (gss_oid_equal(name1->gn_type, GSS_C_NT_ANONYMOUS) || diff --git a/lib/gssapi/mech/gss_import_name.c b/lib/gssapi/mech/gss_import_name.c index d7559981d..f01899db6 100644 --- a/lib/gssapi/mech/gss_import_name.c +++ b/lib/gssapi/mech/gss_import_name.c @@ -197,12 +197,6 @@ gss_import_name(OM_uint32 *minor_status, _gss_load_mech(); - /* - * Use GSS_NT_USER_NAME as default name type. - */ - if (name_type == GSS_C_NO_OID) - name_type = GSS_C_NT_USER_NAME; - /* * If this is an exported name, we need to parse it to find * the mechanism and then import it as an MN. See RFC 2743 @@ -221,13 +215,16 @@ gss_import_name(OM_uint32 *minor_status, return (GSS_S_FAILURE); } - major_status = _gss_intern_oid(minor_status, - name_type, &name->gn_type); - if (major_status) { - rname = (gss_name_t)name; - gss_release_name(&ms, (gss_name_t *)&rname); - return (GSS_S_FAILURE); - } + if (name_type != GSS_C_NO_OID) { + major_status = _gss_intern_oid(minor_status, + name_type, &name->gn_type); + if (major_status) { + rname = (gss_name_t)name; + gss_release_name(&ms, (gss_name_t *)&rname); + return (GSS_S_FAILURE); + } + } else + name->gn_type = GSS_C_NO_OID; major_status = _gss_copy_buffer(minor_status, input_name_buffer, &name->gn_value); @@ -245,11 +242,13 @@ gss_import_name(OM_uint32 *minor_status, if ((m->gm_mech.gm_flags & GM_USE_MG_NAME)) continue; - major_status = gss_test_oid_set_member(minor_status, - name_type, m->gm_name_types, &present); + if (name_type != GSS_C_NO_OID) { + major_status = gss_test_oid_set_member(minor_status, + name_type, m->gm_name_types, &present); - if (major_status || present == 0) - continue; + if (GSS_ERROR(major_status) || present == 0) + continue; + } mn = malloc(sizeof(struct _gss_mechanism_name)); if (!mn) { diff --git a/lib/gssapi/sanon/import_name.c b/lib/gssapi/sanon/import_name.c index 189308d96..f23fce2ec 100644 --- a/lib/gssapi/sanon/import_name.c +++ b/lib/gssapi/sanon/import_name.c @@ -36,7 +36,8 @@ is_anonymous_identity_p(gss_buffer_t name_string, gss_OID name_type) { if (gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS)) return TRUE; - else if ((gss_oid_equal(name_type, GSS_C_NT_USER_NAME) || + else if ((name_type == GSS_C_NO_OID || + gss_oid_equal(name_type, GSS_C_NT_USER_NAME) || gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) && buffer_equal_p(name_string, _gss_sanon_wellknown_user_name)) return TRUE; @@ -151,9 +152,6 @@ _gss_sanon_import_name(OM_uint32 *minor, const gss_OID input_name_type, gss_name_t *output_name) { - heim_assert(input_name_type != GSS_C_NO_OID, - "Mechglue passed null OID to _gss_sanon_import_name"); - if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) return import_export_name(minor, input_name_buffer, output_name);