oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: add some missing GM_USE_MG_CRED checks

Browse Source 
GM_USE_MG_CRED allows a mechanism glue credential to be used by a mechanism
without additional wrapping. Although no extant mechanisms use this flag, the
flag had sporadic support in the mechanism glue already. In the interest of
consistency, add missing GM_USE_MG_CRED checks. If this functionality is not
desired, then all checks should be removed.
This commit is contained in:
Luke Howard
2019-12-28 16:35:04 +11:00
parent 340cc3f092
commit e80248ed36
4 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/gssapi/mech/gss_add_cred_from.c
View File

@@ -130,7 +130,8 @@ gss_add_cred_from(OM_uint32 *minor_status,
*acceptor_time_rec = 0;
if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET;
if ((m = __gss_get_mechanism(desired_mech)) == NULL)
if ((m = __gss_get_mechanism(desired_mech)) == NULL ||
(m->gm_flags & GM_USE_MG_CRED))
return GSS_S_BAD_MECH;
if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
output_cred_handle == NULL) {