oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Keep track of the opportunistic token in the inital message, it might

Browse Source 
be a complete gss-api context, in that case we'll get back
accept_completed without any token. With this change, krb5 w/o mutual
authentication works.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19043 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-15 10:18:55 +00:00
parent c8fd5412ce
commit c00799be18
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/gssapi/spnego/init_sec_context.c
View File

@@ -228,6 +228,8 @@ spnego_initial
_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
return sub; return sub;
} }
if (sub == GSS_S_COMPLETE)
ctx->maybe_open = 1;
if (mech_token.length != 0) { if (mech_token.length != 0) {
ALLOC(ni.mechToken, 1); ALLOC(ni.mechToken, 1);
@@ -439,6 +441,9 @@ spnego_reply
if (ret == GSS_S_COMPLETE) { if (ret == GSS_S_COMPLETE) {
ctx->open = 1; ctx->open = 1;
} }
} else if (*(resp.negResult) == accept_completed) {
if (ctx->maybe_open)
ctx->open = 1;
} }
if (*(resp.negResult) == request_mic) { if (*(resp.negResult) == request_mic) {