svn rev #22973: trunk/src/lib/gssapi/krb5/

lhoward@MIT.EDU lhoward at MIT.EDU
Thu Oct 22 16:58:37 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22973
Commit By: lhoward
Log Message:
Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passes
a NULL server principal to krb5_rd_req(). Without this the name
canonicalisation support in 1.7 was broken for GSS_C_BOTH
credentials, because cred->name would always be set.



Changed Files:
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c
U   trunk/src/lib/gssapi/krb5/acquire_cred.c
U   trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
Modified: trunk/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/accept_sec_context.c	2009-10-22 16:36:13 UTC (rev 22972)
+++ trunk/src/lib/gssapi/krb5/accept_sec_context.c	2009-10-22 20:58:37 UTC (rev 22973)
@@ -585,7 +585,7 @@
     }
 
     if ((code = krb5_rd_req(context, &auth_context, &ap_req,
-                            cred->name ? cred->name->princ : NULL,
+                            cred->default_identity ? NULL : cred->name->princ,
                             cred->keytab,
                             &ap_req_options,
                             &ticket))) {

Modified: trunk/src/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- trunk/src/lib/gssapi/krb5/acquire_cred.c	2009-10-22 16:36:13 UTC (rev 22972)
+++ trunk/src/lib/gssapi/krb5/acquire_cred.c	2009-10-22 20:58:37 UTC (rev 22973)
@@ -538,6 +538,7 @@
     cred->name = NULL;
     cred->prerfc_mech = (req_old != 0);
     cred->rfc_mech = (req_new != 0);
+    cred->default_identity = (desired_name == GSS_C_NO_NAME);
 
 #ifndef LEAN_CLIENT
     cred->keytab = NULL;

Modified: trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- trunk/src/lib/gssapi/krb5/gssapiP_krb5.h	2009-10-22 16:36:13 UTC (rev 22972)
+++ trunk/src/lib/gssapi/krb5/gssapiP_krb5.h	2009-10-22 20:58:37 UTC (rev 22973)
@@ -169,6 +169,7 @@
     unsigned int prerfc_mech : 1;
     unsigned int rfc_mech : 1;
     unsigned int proxy_cred : 1;
+    unsigned int default_identity : 1;
 
     /* keytab (accept) data */
     krb5_keytab keytab;

More information about the cvs-krb5 mailing list