diff options
author | Luke Howard <lukeh@padl.com> | 2011-03-17 05:30:11 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2011-03-17 05:30:11 +0000 |
commit | 414587b4af7922ecef105e6037fd7f029e0ff6ef (patch) | |
tree | 1768a87bc6307d8ec503d6ca4d96553e918c4c8a /src/lib/gssapi | |
parent | ec44babaaa63fdc70538c9495318233ef3dc336d (diff) | |
download | krb5-414587b4af7922ecef105e6037fd7f029e0ff6ef.zip krb5-414587b4af7922ecef105e6037fd7f029e0ff6ef.tar.gz krb5-414587b4af7922ecef105e6037fd7f029e0ff6ef.tar.bz2 |
If calling gss_accept_sec_context with non-NULL credentials, ensure
that you have credentials for the mechanism being accepted.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24713 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r-- | src/lib/gssapi/mechglue/g_accept_sec_context.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index 8714f3f..8e0b7c5 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -115,7 +115,6 @@ gss_cred_id_t * d_cred; OM_uint32 status, temp_status, temp_minor_status; OM_uint32 temp_ret_flags = 0; gss_union_ctx_id_t union_ctx_id; - gss_union_cred_t union_cred; gss_cred_id_t input_cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t tmp_d_cred = GSS_C_NO_CREDENTIAL; gss_name_t internal_name = GSS_C_NO_NAME; @@ -181,11 +180,17 @@ gss_cred_id_t * d_cred; /* * get the appropriate cred handle from the union cred struct. - * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will - * use the default credential. */ - union_cred = (gss_union_cred_t) verifier_cred_handle; - input_cred_handle = gssint_get_mechanism_cred(union_cred, token_mech_type); + if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) { + input_cred_handle = + gssint_get_mechanism_cred((gss_union_cred_t)verifier_cred_handle, + token_mech_type); + if (input_cred_handle == GSS_C_NO_CREDENTIAL) { + /* verifier credential specified but no acceptor credential found */ + status = GSS_S_NO_CRED; + goto error_out; + } + } /* * now select the approprate underlying mechanism routine and |