oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: don't explicitly reorder krb5 to front of spnego

Browse Source 
Previously krb5 was tried explicitly, but now the internal mech list is
reordered so that krb5 is first, this should no longer be required. This
permits an application to specify another mechanism as preferred over krb5
using gss_set_neg_mechs().
This commit is contained in:
Luke Howard
2019-12-29 20:45:03 +11:00
parent 161f846d76
commit 5d1a33f780
1 changed files with 5 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/gssapi/spnego/compat.c
View File

@@ -278,7 +278,6 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
OM_uint32 ret, minor;
OM_uint32 first_major = GSS_S_BAD_MECH, first_minor = 0;
size_t i;
int present = FALSE;
int added_negoex = FALSE;
mechtypelist->len = 0;
@@ -296,31 +295,15 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
"NULL mech set returned by SPNEGO inquire/indicate mechs");
/*
* Propose Kerberos mech first if we have Kerberos credentials/supported mechs
* Previously krb5 was tried explicitly, but now the internal mech
* list is reordered so that krb5 is first, this should no longer
* be required. This permits an application to specify another
* mechanism as preferred over krb5 using gss_set_neg_mechs().
*/
ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
supported_mechs, &present);
if (ret == GSS_S_COMPLETE && present) {
for (i = 0; i < supported_mechs->count; i++) {
ret = add_mech_if_approved(minor_status, target_name,
func, userptr, includeMSCompatOID,
cred_handle, mechtypelist,
GSS_KRB5_MECHANISM, &first_mech,
&first_major, &first_minor,
&added_negoex);
}
/*
* Now let's check all other mechs
*/
for (i = 0; i < supported_mechs->count; i++) {
if (gss_oid_equal(&supported_mechs->elements[i], GSS_KRB5_MECHANISM))
continue;
ret = add_mech_if_approved(minor_status, target_name,
func, userptr, FALSE,
cred_handle, mechtypelist,
&supported_mechs->elements[i],
&first_mech,
&first_major, &first_minor,