svn rev #22173: trunk/src/lib/gssapi/spnego/
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Apr 7 17:22:13 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22173
Commit By: tlyu
Log Message:
ticket: 6417
Apply revised patch from Apple that ensures that a REJECT token is
sent on error.
Changed Files:
U trunk/src/lib/gssapi/spnego/spnego_mech.c
Modified: trunk/src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- trunk/src/lib/gssapi/spnego/spnego_mech.c 2009-04-07 17:57:56 UTC (rev 22172)
+++ trunk/src/lib/gssapi/spnego/spnego_mech.c 2009-04-07 21:22:13 UTC (rev 22173)
@@ -1650,8 +1650,7 @@
&negState, &return_token);
}
cleanup:
- if (return_token == INIT_TOKEN_SEND ||
- return_token == CONT_TOKEN_SEND) {
+ if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
/* For acceptor-sends-first send a tokenInit */
int tmpret;
@@ -1666,7 +1665,8 @@
return_token,
output_token);
} else {
- tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech,
+ tmpret = make_spnego_tokenTarg_msg(negState,
+ sc ? sc->internal_mech : GSS_C_NO_OID,
&mechtok_out, mic_out,
return_token,
output_token);
@@ -3025,6 +3025,8 @@
if (outbuf == GSS_C_NO_BUFFER)
return (GSS_S_DEFECTIVE_TOKEN);
+ if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID)
+ return (GSS_S_DEFECTIVE_TOKEN);
outbuf->length = 0;
outbuf->value = NULL;
More information about the cvs-krb5
mailing list