oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gssapi: honor initiator credential in SPNEGO (#506)

Browse Source 
SPNEGO uses the callback function initiator_approved() in order to determine
mechanism availability. Prior to this commit, is not passed in the initiator
credential, so it always uses a default credential. This breaks SPNEGO if a
non-default credential (such as one acquired with
gss_acquire_cred_with_password()) is used. This commit addresses this.
This commit is contained in:
Luke Howard
2019-01-03 23:16:03 +11:00
parent 2242b5bc5b
commit a7d42cdf6b
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -63,7 +63,9 @@ send_reject (OM_uint32 *minor_status,
}
static OM_uint32
acceptor_approved(gss_name_t target_name, gss_OID mech)
acceptor_approved(gss_const_cred_id_t cred_unused,
gss_name_t target_name,
gss_OID mech)
{
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
gss_OID_set oidset;
@@ -393,7 +395,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
if (ret != GSS_S_COMPLETE)
return ret;
ret = acceptor_approved(name, *mech_p);
ret = acceptor_approved(GSS_C_NO_CREDENTIAL, name, *mech_p);
gss_release_name(&junk, &name);
}