From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 13 Sep 2018 21:03:36 +0000 (-0400)
Subject: Check mech cred in gss_inquire_cred_by_mech()
X-Git-Tag: krb5-1.17-beta1~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F842%2Fhead;p=thirdparty%2Fkrb5.git

Check mech cred in gss_inquire_cred_by_mech()

If gss_inquire_cred_by_mech() is called with a mechanism and there is
no corresponding mechanism credential in the union cred, return
GSS_S_NO_CRED (as Heimdal does) instead of interrogating the mechanism
about the default credential.

ticket: 8736 (new)
tags: pullup
target_version: 1.16-next
target_version: 1.15-next
---

diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index cbe045ab9c..4ed7774f1a 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -197,6 +197,8 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
 
     union_cred = (gss_union_cred_t) cred_handle;
     mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
+    if (cred_handle != GSS_C_NO_CREDENTIAL && mech_cred == GSS_C_NO_CREDENTIAL)
+	return (GSS_S_NO_CRED);
 
     public_mech = gssint_get_public_oid(selected_mech);
     status = mech->gss_inquire_cred_by_mech(minor_status,