From: Simo Sorce Date: Mon, 6 Aug 2012 19:41:27 +0000 (-0400) Subject: Always consider desired_mechs empty in spnego (2) X-Git-Tag: krb5-1.11-alpha1~345 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bb02471343e899c600025248501cd6c8ac737c55;p=thirdparty%2Fkrb5.git Always consider desired_mechs empty in spnego (2) Follow previous change to add_cred_from. The only case where the spnego gss_*_cred_* functions can be called with specific OIDs is if the mechglue calls spnego with the spengo oid, which we never want to loop on anyway. So always consider it as null, it's the correct behavior with current semantics. --- diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 4425124b3a..0038043b77 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -2531,7 +2531,7 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status, OM_uint32 *time_rec) { OM_uint32 status, tmpmin; - gss_OID_set amechs = GSS_C_NULL_OID_SET, dmechs; + gss_OID_set amechs = GSS_C_NULL_OID_SET; gss_cred_id_t mcred = NULL; spnego_gss_cred_id_t spcred = NULL; @@ -2543,16 +2543,14 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status, if (time_rec) *time_rec = 0; - dmechs = desired_mechs; - if (desired_mechs == GSS_C_NULL_OID_SET) { - status = get_available_mechs(minor_status, desired_name, - cred_usage, GSS_C_NO_CRED_STORE, - NULL, &amechs); - dmechs = amechs; - } + status = get_available_mechs(minor_status, desired_name, + cred_usage, GSS_C_NO_CRED_STORE, + NULL, &amechs); + if (status != GSS_S_COMPLETE) + goto cleanup; status = gss_acquire_cred_with_password(minor_status, desired_name, - password, time_req, dmechs, + password, time_req, amechs, cred_usage, &mcred, actual_mechs, time_rec); if (status != GSS_S_COMPLETE)