git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Thu, 7 Nov 2019 04:02:51 +0000 (23:02 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 8 Nov 2019 23:32:22 +0000 (18:32 -0500)
commit	24b844714dea3e47b17511746b5df5b6ddf13d43
tree	5010084e580588fdfb850ff0ae02080397aa1996	tree
parent	c088f56a62702a2cc99c26185681efee1555b7fa	commit \| diff

Fix SPNEGO output parameter bugs

When accepting, do not leak a name if the underlying mech reports a
src_name twice. Record mech_type and delegated_cred_handle and report
them to the caller at the final SPNEGO step, not when the underlying
mech reports them.

When initiating or accepting, report ret_flags at every step, and
filter out PROT_READY as required by RFC 4178 section 3.1. Report a
time_rec value at the final step even if we didn't call into the
underlying mech, using a call to gss_context_time() if necessary.

In the mechglue, initialize ret_flags and time_rec for both
gss_initialize_sec_context() and gss_accept_sec_context().

ticket: 8845

src/lib/gssapi/mechglue/g_accept_sec_context.c		diff \| blob \| blame \| history
src/lib/gssapi/mechglue/g_init_sec_context.c		diff \| blob \| blame \| history
src/lib/gssapi/spnego/gssapiP_spnego.h		diff \| blob \| blame \| history
src/lib/gssapi/spnego/spnego_mech.c		diff \| blob \| blame \| history