krb5 commit [krb5-1.16]: Check mech cred in gss_inquire_cred_by_mech()
Greg Hudson
ghudson at mit.edu
Tue Oct 30 12:25:47 EDT 2018
https://github.com/krb5/krb5/commit/1b4558642544300b296b358e3de5fb683d2054c8
commit 1b4558642544300b296b358e3de5fb683d2054c8
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Sep 13 17:03:36 2018 -0400
Check mech cred in gss_inquire_cred_by_mech()
If gss_inquire_cred_by_mech() is called with a mechanism and there is
no corresponding mechanism credential in the union cred, return
GSS_S_NO_CRED (as Heimdal does) instead of interrogating the mechanism
about the default credential.
(cherry picked from commit 8ea7e36661cfa6d8acb2b1af615870092a408cce)
ticket: 8736
version_fixed: 1.16.2
src/lib/gssapi/mechglue/g_inq_cred.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index 9111962..5025bf1 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -197,6 +197,8 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
union_cred = (gss_union_cred_t) cred_handle;
mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
+ if (cred_handle != GSS_C_NO_CREDENTIAL && mech_cred == GSS_C_NO_CREDENTIAL)
+ return (GSS_S_NO_CRED);
#if 0
if (mech_cred == NULL)
More information about the cvs-krb5
mailing list