From 8e705a3f75f2559ddd1ce3bc249011139bf49f6f Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 17 May 2010 20:38:24 +0000 Subject: [PATCH] If gss_inquire_cred is called with a null credential, acquire a default initiator credential and process it normally, instead of using a completely different code path (the default mechanism's inquire_cred handler). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24052 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/mechglue/g_inq_cred.c | 57 +++++++--------------------- 1 file changed, 13 insertions(+), 44 deletions(-) diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index bce6e5b79..bba0ecb14 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -51,9 +51,8 @@ gss_OID_set * mechanisms; { OM_uint32 status, elapsed_time, temp_minor_status; + gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; gss_union_cred_t union_cred; - gss_mechanism mech; - gss_name_t internal_name; int i; /* Initialize outputs. */ @@ -72,49 +71,14 @@ gss_OID_set * mechanisms; return (GSS_S_CALL_INACCESSIBLE_WRITE); if (cred_handle == GSS_C_NO_CREDENTIAL) { - /* - * No credential was supplied. This means we can't get a mechanism - * pointer to call the mechanism specific gss_inquire_cred. - * So, call get_mechanism with an arguement of GSS_C_NULL_OID. - * get_mechanism will return the first mechanism in the mech - * array, which becomes the default mechanism. - */ - - if ((mech = gssint_get_mechanism(GSS_C_NULL_OID)) == NULL) - return (GSS_S_DEFECTIVE_CREDENTIAL); - - if (!mech->gss_inquire_cred) - return (GSS_S_UNAVAILABLE); - - status = mech->gss_inquire_cred(minor_status, - GSS_C_NO_CREDENTIAL, - name ? &internal_name : NULL, - lifetime, cred_usage, mechanisms); - - if (status != GSS_S_COMPLETE) { - map_error(minor_status, mech); - return(status); - } + /* Acquire a default initiator credential to query. */ + status = gss_acquire_cred(minor_status, GSS_C_NO_NAME, + GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, + GSS_C_INITIATE, &defcred, NULL, NULL); + if (status != GSS_S_COMPLETE) + return (status); - if (name) { - /* - * Convert internal_name into a union_name equivalent. - */ - status = gssint_convert_name_to_union_name(&temp_minor_status, - mech, internal_name, - name); - if (status != GSS_S_COMPLETE) { - *minor_status = temp_minor_status; - map_error(minor_status, mech); - if (mechanisms && *mechanisms) { - (void) gss_release_oid_set( - &temp_minor_status, - mechanisms); - } - return (status); - } - } - return(GSS_S_COMPLETE); + cred_handle = defcred; } /* get the cred_handle cast as a union_credentials structure */ @@ -190,6 +154,8 @@ gss_OID_set * mechanisms; } } + if (defcred) + (void) gss_release_cred(&temp_minor_status, &defcred); return(GSS_S_COMPLETE); error: @@ -205,6 +171,9 @@ error: if (name && *name != NULL) (void) gss_release_name(&temp_minor_status, name); + if (defcred) + (void) gss_release_cred(&temp_minor_status, &defcred); + return (status); } -- 2.26.2