[krbdev.mit.edu #7858] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Feb 5 00:40:47 EST 2014
Properly reflect MS krb5 mech in SPNEGO acceptor
r25590 changed negotiate_mech() to return an alias into the acceptor's
mech set, with the unfortunate side effect of transforming the
erroneous Microsoft krb5 mech OID into the correct krb5 mech OID,
meaning that we answer with a different OID than the requested one.
Return an alias into the initiator's mech set instead, and store that
in mech_set field the SPNEGO context. The acceptor code only uses
mech_set to hold the allocated storage pointed into by internal_mech,
so this change is safe.
https://github.com/krb5/krb5/commit/8255613476d4c1583a5e810b50444f188fde871f
Author: Greg Hudson <ghudson at mit.edu>
Commit: 8255613476d4c1583a5e810b50444f188fde871f
Branch: master
src/lib/gssapi/spnego/spnego_mech.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
More information about the krb5-bugs
mailing list