From 06e61139604a4c68fff8b9bb35afcea7dacc9707 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 11 Oct 2021 14:57:09 +1100 Subject: [PATCH] gss: _gss_spnego_set_sec_context_option return Fix _gss_spnego_set_sec_context_option() to return GSS_S_UNAVAILABLE if no context handle is provided, so that mechglue will skip to the next mechanism. There are no globally settable options on SPNEGO itself. Fixes: #803 --- lib/gssapi/spnego/context_stubs.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/gssapi/spnego/context_stubs.c b/lib/gssapi/spnego/context_stubs.c index 139fc6e86..638e90d7b 100644 --- a/lib/gssapi/spnego/context_stubs.c +++ b/lib/gssapi/spnego/context_stubs.c @@ -526,9 +526,15 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_set_sec_context_option *minor_status = 0; - if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } + /* + * Return GSS_S_UNAVAILABLE with a NULL context handle as at + * present no context options can be set globally on SPNEGO + * itself. Global mechanism context options are set directly + * on the mechanism; per-context context options are set below + * if ctx->negotiated_ctx_id != GSS_C_NO_CONTEXT. + */ + if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) + return GSS_S_UNAVAILABLE; ctx = (gssspnego_ctx)*context_handle;