From 3e43c9cce8057d6f61e08702138b2b69c6f62ea1 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 1 Apr 2011 05:51:22 +0000
Subject: verify desired and actual mech OIDs are equal before trying
 gss_duplicate_name

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24770 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/mechglue/g_glue.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c
index f0a5796..092147b 100644
--- a/src/lib/gssapi/mechglue/g_glue.c
+++ b/src/lib/gssapi/mechglue/g_glue.c
@@ -302,8 +302,13 @@ gss_name_t	*internal_name;
     if (mech == NULL)
 	return (GSS_S_BAD_MECH);
 
-    if (mech->gss_duplicate_name != NULL &&
-	union_name->mech_name != GSS_C_NO_NAME) {
+    /*
+     * If we are importing a name for the same mechanism, and the
+     * mechanism implements gss_duplicate_name, then use that.
+     */
+    if (union_name->mech_name != GSS_C_NO_NAME &&
+	g_OID_equal(union_name->mech_type, mech_type) &&
+	mech->gss_duplicate_name != NULL) {
 	status = mech->gss_duplicate_name(minor_status,
 					  union_name->mech_name,
 					  internal_name);
-- 
cgit v1.1