|
|
763cb5 |
From 676ec5fe0b6c7c5126dbf84ef59ec4a5d5f87ede Mon Sep 17 00:00:00 2001
|
|
|
763cb5 |
From: rpm-build <rpm-build>
|
|
|
763cb5 |
Date: Tue, 26 Apr 2022 10:23:53 +0200
|
|
|
763cb5 |
Subject: [PATCH] Fix gss_localname with SPNEGO wrapping
|
|
|
763cb5 |
|
|
|
763cb5 |
Fix implemented upstream by Simo
|
|
|
763cb5 |
---
|
|
|
763cb5 |
src/mod_auth_gssapi.c | 14 ++++++++++++++
|
|
|
763cb5 |
1 file changed, 14 insertions(+)
|
|
|
763cb5 |
|
|
|
763cb5 |
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
|
|
|
763cb5 |
index b0999737daedf88fa84a9d8b1543bbedc79194ab..c91aa60707ba9b237a84f95670d483f1a7eab86b 100644
|
|
|
763cb5 |
--- a/src/mod_auth_gssapi.c
|
|
|
763cb5 |
+++ b/src/mod_auth_gssapi.c
|
|
|
763cb5 |
@@ -1264,7 +1264,21 @@ static int mag_complete(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
|
|
763cb5 |
#endif
|
|
|
763cb5 |
|
|
|
763cb5 |
if (cfg->map_to_local) {
|
|
|
763cb5 |
+ /* We have to play heuristics here as gss_localname does not work
|
|
|
763cb5 |
+ * as expected with SPNEGO-wrapped names.
|
|
|
763cb5 |
+ * http://krbdev.mit.edu/rt/Ticket/Display.html?id=8782
|
|
|
763cb5 |
+ */
|
|
|
763cb5 |
maj = gss_localname(&min, client, mech_type, &lname);
|
|
|
763cb5 |
+ if (maj != GSS_S_COMPLETE) {
|
|
|
763cb5 |
+ uint32_t sub_maj, sub_min;
|
|
|
763cb5 |
+ /* try fallback with no oid */
|
|
|
763cb5 |
+ sub_maj = gss_localname(&sub_min, client, GSS_C_NO_OID, &lname);
|
|
|
763cb5 |
+ if (sub_maj != GSS_S_UNAVAILABLE) {
|
|
|
763cb5 |
+ /* use second call errors only if they are meaningful */
|
|
|
763cb5 |
+ maj = sub_maj;
|
|
|
763cb5 |
+ min = sub_min;
|
|
|
763cb5 |
+ }
|
|
|
763cb5 |
+ }
|
|
|
763cb5 |
if (maj != GSS_S_COMPLETE) {
|
|
|
763cb5 |
mag_post_error(req, cfg, MAG_GSS_ERR, maj, min,
|
|
|
763cb5 |
"gss_localname() failed");
|
|
|
763cb5 |
--
|
|
|
763cb5 |
2.35.1
|
|
|
763cb5 |
|