krb5 commit: Always consider desired_mechs empty in spnego (2)

Greg Hudson ghudson at MIT.EDU
Mon Aug 6 16:08:29 EDT 2012


https://github.com/krb5/krb5/commit/bb02471343e899c600025248501cd6c8ac737c55
commit bb02471343e899c600025248501cd6c8ac737c55
Author: Simo Sorce <simo at redhat.com>
Date:   Mon Aug 6 15:41:27 2012 -0400

    Always consider desired_mechs empty in spnego (2)
    
    Follow previous change to add_cred_from.
    The only case where the spnego gss_*_cred_* functions can be called
    with specific OIDs is if the mechglue calls spnego with the spengo
    oid, which we never want to loop on anyway. So always consider it as
    null, it's the correct behavior with current semantics.

 src/lib/gssapi/spnego/spnego_mech.c |   16 +++++++---------
 1 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 4425124..0038043 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -2531,7 +2531,7 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status,
 				      OM_uint32 *time_rec)
 {
 	OM_uint32 status, tmpmin;
-	gss_OID_set amechs = GSS_C_NULL_OID_SET, dmechs;
+	gss_OID_set amechs = GSS_C_NULL_OID_SET;
 	gss_cred_id_t mcred = NULL;
 	spnego_gss_cred_id_t spcred = NULL;
 
@@ -2543,16 +2543,14 @@ spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status,
 	if (time_rec)
 		*time_rec = 0;
 
-	dmechs = desired_mechs;
-	if (desired_mechs == GSS_C_NULL_OID_SET) {
-		status = get_available_mechs(minor_status, desired_name,
-					     cred_usage, GSS_C_NO_CRED_STORE,
-					     NULL, &amechs);
-		dmechs = amechs;
-	}
+	status = get_available_mechs(minor_status, desired_name,
+				     cred_usage, GSS_C_NO_CRED_STORE,
+				     NULL, &amechs);
+	if (status != GSS_S_COMPLETE)
+	    goto cleanup;
 
 	status = gss_acquire_cred_with_password(minor_status, desired_name,
-						password, time_req, dmechs,
+						password, time_req, amechs,
 						cred_usage, &mcred,
 						actual_mechs, time_rec);
 	if (status != GSS_S_COMPLETE)


More information about the cvs-krb5 mailing list