diff options
author | Luke Howard <lukeh@padl.com> | 2009-08-31 16:27:30 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-08-31 16:27:30 +0000 |
commit | 8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c (patch) | |
tree | c1bbb0d746d2469a2c7d8d5d649e9bf61521204a | |
parent | d3a4cdc8445e6d40018b32dce537e47e985f0ae3 (diff) | |
download | krb5-8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c.zip krb5-8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c.tar.gz krb5-8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c.tar.bz2 |
avoid infinite recursion in spnego_gss_inquire_cred
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22682 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 54 |
1 files changed, 51 insertions, 3 deletions
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 44a1f85..860e04f 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1794,12 +1794,60 @@ spnego_gss_inquire_cred( gss_OID_set *mechanisms) { OM_uint32 status; + gss_cred_id_t creds = GSS_C_NO_CREDENTIAL; + OM_uint32 tmp_minor_status; + OM_uint32 initiator_lifetime, acceptor_lifetime; dsyslog("Entering inquire_cred\n"); - status = gss_inquire_cred(minor_status, cred_handle, - name, lifetime, - cred_usage, mechanisms); + /* + * To avoid infinite recursion, if GSS_C_NO_CREDENTIAL is + * supplied we call gss_inquire_cred_by_mech() on the + * first non-SPNEGO mechanism. + */ + if (cred_handle == GSS_C_NO_CREDENTIAL) { + status = get_available_mechs(minor_status, + GSS_C_NO_NAME, + GSS_C_BOTH, + &creds, + mechanisms); + if (status != GSS_S_COMPLETE) { + dsyslog("Leaving inquire_cred\n"); + return (status); + } + + if ((*mechanisms)->count == 0) { + gss_release_cred(&tmp_minor_status, &creds); + gss_release_oid_set(&tmp_minor_status, mechanisms); + dsyslog("Leaving inquire_cred\n"); + return (GSS_S_DEFECTIVE_CREDENTIAL); + } + + assert((*mechanisms)->elements != NULL); + + status = gss_inquire_cred_by_mech(minor_status, + creds, + &(*mechanisms)->elements[0], + name, + &initiator_lifetime, + &acceptor_lifetime, + cred_usage); + if (status != GSS_S_COMPLETE) { + gss_release_cred(&tmp_minor_status, &creds); + dsyslog("Leaving inquire_cred\n"); + return (status); + } + + if (lifetime != NULL) + *lifetime = (*cred_usage == GSS_C_ACCEPT) ? + acceptor_lifetime : initiator_lifetime; + + gss_release_cred(&tmp_minor_status, &creds); + } else { + status = gss_inquire_cred(minor_status, cred_handle, + name, lifetime, + cred_usage, mechanisms); + } dsyslog("Leaving inquire_cred\n"); |