oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: order SPNEGO proposed mechs by req_flags

Browse Source 
Sort the list of mechanisms proposed by the initiator so that mechanisms are
preferred by their advertised support for GSS flags. For example, if
GSS_C_MUTUAL_FLAG is requested, a mechanism that offers GSS_C_MA_AUTH_TARG will
be preferred over one that doesn't. The flag/mechanism attribute combinations
are also assigned a weight (mutual trumps anonymous, for example).
This commit is contained in:
Luke Howard
2020-04-07 12:39:43 +10:00
committed by Nico Williams
parent 1c74afb01a
commit 3b7aae7fce
3 changed files with 98 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -132,7 +132,7 @@ send_supported_mechs (OM_uint32 *minor_status,
nt.u.negTokenInit.mechToken = NULL;
nt.u.negTokenInit.negHints = NULL;
ret = _gss_spnego_indicate_mechtypelist(minor_status, NULL,
ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME, 0,
acceptor_approved, ctx, 1, acceptor_cred,
&nt.u.negTokenInit.mechTypes, NULL);
if (ret != GSS_S_COMPLETE) {