krb5 commit: Fix SPNEGO acceptor mech filtering
Greg Hudson
ghudson at mit.edu
Thu May 21 19:04:05 EDT 2020
https://github.com/krb5/krb5/commit/e25918cb9efd7361aa78d2d96cd097dd34fdf35d
commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu May 21 14:15:25 2020 -0400
Fix SPNEGO acceptor mech filtering
Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
accidentally changed the SPNEGO acceptor code to filter mechanisms by
the obtainability of initiator credentials rather than acceptor
credentials, when the default acceptor credential is used.
ticket: 8908 (new)
tags: pullup
target_version: 1.18-next
src/lib/gssapi/spnego/spnego_mech.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 28e00c1..68e3897 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1380,7 +1380,7 @@ acc_ctx_new(OM_uint32 *minor_status,
goto cleanup;
}
- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
+ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
if (ret != GSS_S_COMPLETE) {
*return_token = NO_TOKEN_SEND;
goto cleanup;
More information about the cvs-krb5
mailing list