diff options
author | Luke Howard <lukeh@padl.com> | 2009-10-22 20:58:37 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-10-22 20:58:37 +0000 |
commit | 404a9223ec66af59606867a6f97c66cd9b05b998 (patch) | |
tree | 1e50e2d2dd02bd5cb8ccac4c31e3981a334a280c /src/lib | |
parent | 8df202e9f06b58a590b33665d701ef2dd34317f3 (diff) | |
download | krb5-404a9223ec66af59606867a6f97c66cd9b05b998.zip krb5-404a9223ec66af59606867a6f97c66cd9b05b998.tar.gz krb5-404a9223ec66af59606867a6f97c66cd9b05b998.tar.bz2 |
Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passes
a NULL server principal to krb5_rd_req(). Without this the name
canonicalisation support in 1.7 was broken for GSS_C_BOTH
credentials, because cred->name would always be set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 2 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 1 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 1 |
3 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 6c141ae..b6c216d 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -585,7 +585,7 @@ kg_accept_krb5(minor_status, context_handle, } if ((code = krb5_rd_req(context, &auth_context, &ap_req, - cred->name ? cred->name->princ : NULL, + cred->default_identity ? NULL : cred->name->princ, cred->keytab, &ap_req_options, &ticket))) { diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 9e71405..ef80116 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -538,6 +538,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->name = NULL; cred->prerfc_mech = (req_old != 0); cred->rfc_mech = (req_new != 0); + cred->default_identity = (desired_name == GSS_C_NO_NAME); #ifndef LEAN_CLIENT cred->keytab = NULL; diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 3b8cc06..13413b9 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -169,6 +169,7 @@ typedef struct _krb5_gss_cred_id_rec { unsigned int prerfc_mech : 1; unsigned int rfc_mech : 1; unsigned int proxy_cred : 1; + unsigned int default_identity : 1; /* keytab (accept) data */ krb5_keytab keytab; |