aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Howard <lukeh@padl.com>2009-08-31 16:27:30 +0000
committerLuke Howard <lukeh@padl.com>2009-08-31 16:27:30 +0000
commit8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c (patch)
treec1bbb0d746d2469a2c7d8d5d649e9bf61521204a
parentd3a4cdc8445e6d40018b32dce537e47e985f0ae3 (diff)
downloadkrb5-8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c.zip
krb5-8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c.tar.gz
krb5-8e6a4554ec8094e8d5c481be68e96a0dfcd9b07c.tar.bz2
avoid infinite recursion in spnego_gss_inquire_cred
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22682 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat
-rw-r--r--src/lib/gssapi/spnego/spnego_mech.c54
1 files changed, 51 insertions, 3 deletions
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 44a1f85..860e04f 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1794,12 +1794,60 @@ spnego_gss_inquire_cred(
gss_OID_set *mechanisms)
{
OM_uint32 status;
+ gss_cred_id_t creds = GSS_C_NO_CREDENTIAL;
+ OM_uint32 tmp_minor_status;
+ OM_uint32 initiator_lifetime, acceptor_lifetime;
dsyslog("Entering inquire_cred\n");
- status = gss_inquire_cred(minor_status, cred_handle,
- name, lifetime,
- cred_usage, mechanisms);
+ /*
+ * To avoid infinite recursion, if GSS_C_NO_CREDENTIAL is
+ * supplied we call gss_inquire_cred_by_mech() on the
+ * first non-SPNEGO mechanism.
+ */
+ if (cred_handle == GSS_C_NO_CREDENTIAL) {
+ status = get_available_mechs(minor_status,
+ GSS_C_NO_NAME,
+ GSS_C_BOTH,
+ &creds,
+ mechanisms);
+ if (status != GSS_S_COMPLETE) {
+ dsyslog("Leaving inquire_cred\n");
+ return (status);
+ }
+
+ if ((*mechanisms)->count == 0) {
+ gss_release_cred(&tmp_minor_status, &creds);
+ gss_release_oid_set(&tmp_minor_status, mechanisms);
+ dsyslog("Leaving inquire_cred\n");
+ return (GSS_S_DEFECTIVE_CREDENTIAL);
+ }
+
+ assert((*mechanisms)->elements != NULL);
+
+ status = gss_inquire_cred_by_mech(minor_status,
+ creds,
+ &(*mechanisms)->elements[0],
+ name,
+ &initiator_lifetime,
+ &acceptor_lifetime,
+ cred_usage);
+ if (status != GSS_S_COMPLETE) {
+ gss_release_cred(&tmp_minor_status, &creds);
+ dsyslog("Leaving inquire_cred\n");
+ return (status);
+ }
+
+ if (lifetime != NULL)
+ *lifetime = (*cred_usage == GSS_C_ACCEPT) ?
+ acceptor_lifetime : initiator_lifetime;
+
+ gss_release_cred(&tmp_minor_status, &creds);
+ } else {
+ status = gss_inquire_cred(minor_status, cred_handle,
+ name, lifetime,
+ cred_usage, mechanisms);
+ }
dsyslog("Leaving inquire_cred\n");
generated by cgit v1.1 at 2024-07-16 13:17:11 +0000