]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 09f85df)
Always consider desired_mechs empty in spnego (2)
authorSimo Sorce <simo@redhat.com>
Mon, 6 Aug 2012 19:41:27 +0000 (15:41 -0400)
committerGreg Hudson <ghudson@mit.edu>
Mon, 6 Aug 2012 20:08:22 +0000 (16:08 -0400)
Follow previous change to add_cred_from.
The only case where the spnego gss_*_cred_* functions can be called
with specific OIDs is if the mechglue calls spnego with the spengo
oid, which we never want to loop on anyway. So always consider it as
null, it's the correct behavior with current semantics.

src/lib/gssapi/spnego/spnego_mech.c patch | blob | blame | history

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 4425124b3a84ceae9daa3973d6ee935ba0a012e9..0038043b77e92eb5e47574a60b26d4324c2cae4a 100644 (file)
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -2531,7 +2531,7 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status,
                                      OM_uint32 *time_rec)
 {
        OM_uint32 status, tmpmin;
-       gss_OID_set amechs = GSS_C_NULL_OID_SET, dmechs;
+       gss_OID_set amechs = GSS_C_NULL_OID_SET;
        gss_cred_id_t mcred = NULL;
        spnego_gss_cred_id_t spcred = NULL;
 
@@ -2543,16 +2543,14 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status,
        if (time_rec)
                *time_rec = 0;
 
-       dmechs = desired_mechs;
-       if (desired_mechs == GSS_C_NULL_OID_SET) {
-               status = get_available_mechs(minor_status, desired_name,
-                                            cred_usage, GSS_C_NO_CRED_STORE,
-                                            NULL, &amechs);
-               dmechs = amechs;
-       }
+       status = get_available_mechs(minor_status, desired_name,
+                                    cred_usage, GSS_C_NO_CRED_STORE,
+                                    NULL, &amechs);
+       if (status != GSS_S_COMPLETE)
+           goto cleanup;
 
        status = gss_acquire_cred_with_password(minor_status, desired_name,
-                                               password, time_req, dmechs,
+                                               password, time_req, amechs,
                                                cred_usage, &mcred,
                                                actual_mechs, time_rec);
        if (status != GSS_S_COMPLETE)
Mirror of https://github.com/krb5/krb5.git