From 0987e0e137854285d4022f5a910e7923d4e663fd Mon Sep 17 00:00:00 2001

From: Simo Sorce <simo@redhat.com>

Date: Thu, 27 Aug 2020 17:01:39 -0400

Subject: [PATCH] Return static oids for naming functions

gss_display_name and gss_inquire_name reteurn "static" oids, that are

generally not freed by callers, so make sure to match and return actual

static OIDs exported by GSSAPI.

Also remove gpm_equal_oids() and use the library provided gss_oid_equal

function instead.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Robbie Harwood <rharwood@redhat.com>

(cherry picked from commit 6ea8391257e687dfb3981b634c06cf7a55008eb0)

(cherry picked from commit 41cb9683627d6c3b136a4b48e1b1842619132f16)

---

 src/client/gpm_import_and_canon_name.c | 28 ++++++++++++++++++++++++--

 src/client/gpm_indicate_mechs.c        | 24 +++++-----------------

 src/client/gssapi_gpm.h                |  1 +

 3 files changed, 32 insertions(+), 21 deletions(-)

diff --git a/src/client/gpm_import_and_canon_name.c b/src/client/gpm_import_and_canon_name.c

index 70149a3..88b8d7c 100644

--- a/src/client/gpm_import_and_canon_name.c

+++ b/src/client/gpm_import_and_canon_name.c

@@ -2,6 +2,26 @@

 #include "gssapi_gpm.h"

+static int gpm_name_oid_to_static(gss_OID name_type, gss_OID *name_static)

+{

+#define ret_static(b) \

+    if (gss_oid_equal(name_type, b)) { \

+        *name_static = b; \

+        return 0; \

+    }

+    ret_static(GSS_C_NT_USER_NAME);

+    ret_static(GSS_C_NT_MACHINE_UID_NAME);

+    ret_static(GSS_C_NT_STRING_UID_NAME);

+    ret_static(GSS_C_NT_HOSTBASED_SERVICE_X);

+    ret_static(GSS_C_NT_HOSTBASED_SERVICE);

+    ret_static(GSS_C_NT_ANONYMOUS);

+    ret_static(GSS_C_NT_EXPORT_NAME);

+    ret_static(GSS_C_NT_COMPOSITE_EXPORT);

+    ret_static(GSS_KRB5_NT_PRINCIPAL_NAME);

+    ret_static(gss_nt_krb5_name);

+    return ENOENT;

+}

+

 OM_uint32 gpm_display_name(OM_uint32 *minor_status,

                            gssx_name *in_name,

                            gss_buffer_t output_name_buffer,

@@ -57,7 +77,9 @@ OM_uint32 gpm_display_name(OM_uint32 *minor_status,

     }

     if (output_name_type) {

-        ret = gp_conv_gssx_to_oid_alloc(&in_name->name_type, output_name_type);

+        gss_OID_desc oid;

+        gp_conv_gssx_to_oid(&in_name->name_type, &oid;;

+        ret = gpm_name_oid_to_static(&oid, output_name_type);

         if (ret) {

             gss_release_buffer(&discard, output_name_buffer);

             ret_min = ret;

@@ -285,7 +307,9 @@ OM_uint32 gpm_inquire_name(OM_uint32 *minor_status,

     }

     if (MN_mech != NULL) {

-        ret = gp_conv_gssx_to_oid_alloc(&name->name_type, MN_mech);

+        gss_OID_desc oid;

+        gp_conv_gssx_to_oid(&name->name_type, &oid;;

+        ret = gpm_name_oid_to_static(&oid, MN_mech);

         if (ret) {

             *minor_status = ret;

             return GSS_S_FAILURE;

diff --git a/src/client/gpm_indicate_mechs.c b/src/client/gpm_indicate_mechs.c

index 86c7de3..4041dcd 100644

--- a/src/client/gpm_indicate_mechs.c

+++ b/src/client/gpm_indicate_mechs.c

@@ -95,20 +95,6 @@ static uint32_t gpm_copy_gss_buffer(uint32_t *minor_status,

     return GSS_S_COMPLETE;

 }

-static bool gpm_equal_oids(gss_const_OID a, gss_const_OID b)

-{

-    int ret;

-

-    if (a->length == b->length) {

-        ret = memcmp(a->elements, b->elements, a->length);

-        if (ret == 0) {

-            return true;

-        }

-    }

-

-    return false;

-}

-

 static void gpmint_indicate_mechs(void)

 {

     union gp_rpc_arg uarg;

@@ -313,7 +299,7 @@ int gpm_mech_to_static(gss_OID mech_type, gss_OID *mech_static)

     *mech_static = GSS_C_NO_OID;

     for (size_t i = 0; i < global_mechs.mech_set->count; i++) {

-        if (gpm_equal_oids(&global_mechs.mech_set->elements[i], mech_type)) {

+        if (gss_oid_equal(&global_mechs.mech_set->elements[i], mech_type)) {

             *mech_static = &global_mechs.mech_set->elements[i];

             return 0;

         }

@@ -383,7 +369,7 @@ OM_uint32 gpm_inquire_names_for_mech(OM_uint32 *minor_status,

     }

     for (unsigned i = 0; i < global_mechs.info_len; i++) {

-        if (!gpm_equal_oids(global_mechs.info[i].mech, mech_type)) {

+        if (!gss_oid_equal(global_mechs.info[i].mech, mech_type)) {

             continue;

         }

         ret_maj = gpm_copy_gss_OID_set(&ret_min,

@@ -481,7 +467,7 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status,

     }

     for (unsigned i = 0; i < global_mechs.info_len; i++) {

-        if (!gpm_equal_oids(global_mechs.info[i].mech, mech)) {

+        if (!gss_oid_equal(global_mechs.info[i].mech, mech)) {

             continue;

         }

@@ -540,7 +526,7 @@ OM_uint32 gpm_inquire_saslname_for_mech(OM_uint32 *minor_status,

     }

     for (unsigned i = 0; i < global_mechs.info_len; i++) {

-        if (!gpm_equal_oids(global_mechs.info[i].mech, desired_mech)) {

+        if (!gss_oid_equal(global_mechs.info[i].mech, desired_mech)) {

             continue;

         }

         ret_maj = gpm_copy_gss_buffer(&ret_min,

@@ -598,7 +584,7 @@ OM_uint32 gpm_display_mech_attr(OM_uint32 *minor_status,

     }

     for (unsigned i = 0; i < global_mechs.desc_len; i++) {

-        if (!gpm_equal_oids(global_mechs.desc[i].attr, mech_attr)) {

+        if (!gss_oid_equal(global_mechs.desc[i].attr, mech_attr)) {

             continue;

         }

         ret_maj = gpm_copy_gss_buffer(&ret_min,

diff --git a/src/client/gssapi_gpm.h b/src/client/gssapi_gpm.h

index b7ba04b..bdf12e1 100644

--- a/src/client/gssapi_gpm.h

+++ b/src/client/gssapi_gpm.h

@@ -10,6 +10,7 @@

 #include <string.h>

 #include <gssapi/gssapi.h>

 #include <gssapi/gssapi_ext.h>

+#include <gssapi/gssapi_krb5.h>

 #include "rpcgen/gp_rpc.h"

 #include "rpcgen/gss_proxy.h"

 #include "src/gp_common.h"