krb5 commit [krb5-1.18]: Fix SPNEGO acceptor mech filtering
Greg Hudson
ghudson at mit.edu
Thu May 21 19:05:46 EDT 2020
https://github.com/krb5/krb5/commit/f96f8bf46069b2f613b66bb2ee3e9fc6b7be9a34
commit f96f8bf46069b2f613b66bb2ee3e9fc6b7be9a34
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu May 21 14:15:25 2020 -0400
Fix SPNEGO acceptor mech filtering
Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
accidentally changed the SPNEGO acceptor code to filter mechanisms by
the obtainability of initiator credentials rather than acceptor
credentials, when the default acceptor credential is used.
(cherry picked from commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d)
ticket: 8908
version_fixed: 1.18.2
src/lib/gssapi/spnego/spnego_mech.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index b97edc8..ec0bae6 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1379,7 +1379,7 @@ acc_ctx_new(OM_uint32 *minor_status,
goto cleanup;
}
- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
+ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
if (ret != GSS_S_COMPLETE) {
*return_token = NO_TOKEN_SEND;
goto cleanup;
More information about the cvs-krb5
mailing list