oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Drop delegated creds when target is NULL

Browse Source 
In gsskrb5_accept_delegated_token() it is wrong to store the delegated
credentials in the default ccache by default.  When the caller does not
provide a target credential handle, we just do nothing and return success.

Test the return value of gsskrb5_accept_delegated_token() against
GSS_S_COMPLETE, rather than 0.
This commit is contained in:
Viktor Dukhovni
2015-03-04 02:38:09 +00:00
committed by Viktor Dukhovni
parent ca052eadd5
commit fca6363307
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -164,12 +164,13 @@ gsskrb5_accept_delegated_token
/* XXX Create a new delegated_cred_handle? */
if (delegated_cred_handle == NULL) {
kret = krb5_cc_default (context, &ccache);
} else {
*delegated_cred_handle = NULL;
kret = krb5_cc_new_unique (context, krb5_cc_type_memory,
NULL, &ccache);
ret = GSS_S_COMPLETE;
goto out;
}
*delegated_cred_handle = NULL;
kret = krb5_cc_new_unique (context, krb5_cc_type_memory,
NULL, &ccache);
if (kret) {
ctx->flags &= ~GSS_C_DELEG_FLAG;
goto out;
@@ -270,7 +271,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
ctx,
context,
delegated_cred_handle);
if (ret)
if (ret != GSS_S_COMPLETE)
return ret;
} else {
/* Well, looks like it wasn't there after all */