rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/krb5-1.15-hide_deperecated_on_indicate.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   8c1676705aba2424a199c01a669dde5740e9d05f
  2.   SOURCES
  3.   krb5-1.15-hide_deperecated_on_indicate.patch
Blob History Raw
8c1676 
From a5e1c99acf3b7260ce9baa29d0bfbb350d026bb6 Mon Sep 17 00:00:00 2001
8c1676 
From: Robbie Harwood <rharwood@redhat.com>
8c1676 
Date: Thu, 19 May 2016 20:31:38 -0400
8c1676 
Subject: [PATCH] Do not indicate deprecated GSS mechanisms
8c1676
8c1676 
The mechanisms themeselves will continue to work if requested, but will
8c1676 
not be included in the gss_indicate_mech() list.  This works around a
8c1676 
bug in some legacy applications that cannot cope with deprecated mechs
8c1676 
being returned.
8c1676
8c1676 
ticket: 8419 (new)
8c1676 
---
8c1676 
 src/lib/gssapi/mechglue/g_initialize.c | 47 ++++++++++++++++++++++++++++++++++
8c1676 
 1 file changed, 47 insertions(+)
8c1676
8c1676 
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
8c1676 
index b7e8a8d..213ea19 100644
8c1676 
--- a/src/lib/gssapi/mechglue/g_initialize.c
8c1676 
+++ b/src/lib/gssapi/mechglue/g_initialize.c
8c1676 
@@ -202,12 +202,55 @@ gss_OID *oid;
8c1676 
 	return (generic_gss_release_oid(minor_status, oid));
8c1676 
 } /* gss_release_oid */
8c1676
8c1676 
+/*
8c1676 
+ * Wrapper around inquire_attrs_for_mech to determine whether a mechanism has
8c1676 
+ * the deprecated attribute.  Must be called without g_mechSetLock since it
8c1676 
+ * will call into the mechglue.
8c1676 
+ */
8c1676 
+static int
8c1676 
+is_deprecated(gss_OID element)
8c1676 
+{
8c1676 
+	OM_uint32 major, minor;
8c1676 
+	gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
8c1676 
+	int deprecated = 0;
8c1676 
+
8c1676 
+	major = gss_inquire_attrs_for_mech(&minor, element, &mech_attrs, NULL);
8c1676 
+	if (major == GSS_S_COMPLETE) {
8c1676 
+		gss_test_oid_set_member(&minor, (gss_OID)GSS_C_MA_DEPRECATED,
8c1676 
+					mech_attrs, &deprecated);
8c1676 
+	}
8c1676 
+
8c1676 
+	if (mech_attrs != GSS_C_NO_OID_SET)
8c1676 
+		gss_release_oid_set(&minor, &mech_attrs);
8c1676 
+
8c1676 
+	return deprecated;
8c1676 
+}
8c1676 
+
8c1676 
+/*
8c1676 
+ * Removes mechs with the deprecated attribute from an OID set.  Must be
8c1676 
+ * called without g_mechSetLock held since it calls into the mechglue.
8c1676 
+ */
8c1676 
+static void
8c1676 
+prune_deprecated(gss_OID_set mech_set)
8c1676 
+{
8c1676 
+	OM_uint32 i, j;
8c1676 
+
8c1676 
+	j = 0;
8c1676 
+	for (i = 0; i < mech_set->count; i++) {
8c1676 
+	    if (!is_deprecated(&mech_set->elements[i]))
8c1676 
+		mech_set->elements[j++] = mech_set->elements[i];
8c1676 
+	    else
8c1676 
+		gssalloc_free(mech_set->elements[i].elements);
8c1676 
+	}
8c1676 
+	mech_set->count = j;
8c1676 
+}
8c1676
8c1676 
 /*
8c1676 
  * this function will return an oid set indicating available mechanisms.
8c1676 
  * The set returned is based on configuration file entries and
8c1676 
  * NOT on the loaded mechanisms.  This function does not check if any
8c1676 
  * of these can actually be loaded.
8c1676 
+ * Deprecated mechanisms will not be returned.
8c1676 
  * This routine needs direct access to the mechanism list.
8c1676 
  * To avoid reading the configuration file each call, we will save a
8c1676 
  * a mech oid set, and only update it once the file has changed.
8c1676 
@@ -245,6 +288,10 @@ gss_OID_set *mechSet_out;
8c1676 
 	k5_mutex_lock(&g_mechSetLock);
8c1676 
 	status = generic_gss_copy_oid_set(minorStatus, &g_mechSet, mechSet_out);
8c1676 
 	k5_mutex_unlock(&g_mechSetLock);
8c1676 
+
8c1676 
+	if (*mechSet_out != GSS_C_NO_OID_SET)
8c1676 
+		prune_deprecated(*mechSet_out);
8c1676 
+
8c1676 
 	return (status);
8c1676 
 } /* gss_indicate_mechs */
8c1676
8c1676 
--
8c1676 
2.8.1
8c1676

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation