From: Marc Horowitz Date: Sat, 22 Aug 1998 05:20:32 +0000 (+0000) Subject: do not accept a context token for a mech type not supported by the X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fa010f110137a84b4c7cd8dd6ec126c1e6eb80b;p=thirdparty%2Fkrb5.git do not accept a context token for a mech type not supported by the credential. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10870 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index f882f783a7..dbb4902f2c 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -268,13 +268,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle, &(ap_req.length), &ptr, KG_TOK_CTX_AP_REQ, input_token->length))) { -#if 0 /* Don't restrict mechanisms when accepting contexts */ if (! cred->rfc_mech) { code = G_WRONG_MECH; major_status = GSS_S_DEFECTIVE_TOKEN; goto fail; } -#endif mech_used = gss_mech_krb5; gsskrb5_vers = 1000; } else if ((code == G_WRONG_MECH) && @@ -289,13 +287,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle, * compatibility, and use it to decide when to use the * old behavior. */ -#if 0 /* Don't restrict mechanisms when accepting contexts */ if (! cred->prerfc_mech) { code = G_WRONG_MECH; major_status = GSS_S_DEFECTIVE_TOKEN; goto fail; } -#endif mech_used = gss_mech_krb5_old; gsskrb5_vers = 1000; } else if ((code == G_WRONG_MECH) && @@ -303,13 +299,11 @@ krb5_gss_accept_sec_context(minor_status, context_handle, &token_length, &ptr, KG2_TOK_INITIAL, input_token->length))) { -#if 0 /* Don't restrict mechanisms when accepting contexts */ if (! cred->rfcv2_mech) { code = G_WRONG_MECH; major_status = GSS_S_DEFECTIVE_TOKEN; goto fail; } -#endif mech_used = gss_mech_krb5_v2; gsskrb5_vers = 2000; } else {