Return unwrapped delegated credentials if the actual mech is not the called mech

Assumes that pseudo mechs are are of how mechglue credentails look like and return credentials like that. Pointed out on krbdev by Nicolas Williams
2009-08-26 22:32:50 -07:00
parent 559103b218
commit 022e7d4319
7 changed files with 44 additions and 155 deletions
--- a/lib/gssapi/spnego/init_sec_context.c
+++ b/lib/gssapi/spnego/init_sec_context.c
@@ -179,7 +179,7 @@ spnego_reply_internal(OM_uint32 *minor_status,
 static OM_uint32
 spnego_initial
           (OM_uint32 * minor_status,
-	    gssspnego_cred cred,
+	    gss_cred_id_t cred,
            gss_ctx_id_t * context_handle,
            const gss_name_t target_name,
            const gss_OID mech_type,
@@ -254,8 +254,7 @@ spnego_initial

    /* generate optimistic token */
    sub = gss_init_sec_context(&minor,
-			       (cred != NULL) ? cred->negotiated_cred_id :
-			          GSS_C_NO_CREDENTIAL,
+			       cred,
 			       &ctx->negotiated_ctx_id,
 			       ctx->target_name,
 			       ctx->preferred_mech_type,
@@ -377,7 +376,7 @@ spnego_initial
 static OM_uint32
 spnego_reply
           (OM_uint32 * minor_status,
-	    const gssspnego_cred cred,
+	    const gss_cred_id_t cred,
            gss_ctx_id_t * context_handle,
            const gss_name_t target_name,
            const gss_OID mech_type,
@@ -498,8 +497,7 @@ spnego_reply
 	/* Fall through as if the negotiated mechanism
 	   was requested explicitly */
 	ret = gss_init_sec_context(&minor,
-				   (cred != NULL) ? cred->negotiated_cred_id :
-				       GSS_C_NO_CREDENTIAL,
+				   cred,
 				   &ctx->negotiated_ctx_id,
 				   ctx->target_name,
 				   &mech,
@@ -629,11 +627,9 @@ OM_uint32 _gss_spnego_init_sec_context
            OM_uint32 * time_rec
           )
 {
-    gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
-
    if (*context_handle == GSS_C_NO_CONTEXT)
 	return spnego_initial (minor_status,
-			       cred,
+			       initiator_cred_handle,
 			       context_handle,
 			       target_name,
 			       mech_type,
@@ -647,7 +643,7 @@ OM_uint32 _gss_spnego_init_sec_context
 			       time_rec);
    else
 	return spnego_reply (minor_status,
-			     cred,
+			     initiator_cred_handle,
 			     context_handle,
 			     target_name,
 			     mech_type,