[krbdev.mit.edu #7858] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Jun 26 16:36:08 EDT 2014
Properly reflect MS krb5 mech in SPNEGO acceptor
r25590 changed negotiate_mech() to return an alias into the acceptor's
mech set, with the unfortunate side effect of transforming the
erroneous Microsoft krb5 mech OID into the correct krb5 mech OID,
meaning that we answer with a different OID than the requested one.
Return an alias into the initiator's mech set instead, and store that
in mech_set field the SPNEGO context. The acceptor code only uses
mech_set to hold the allocated storage pointed into by internal_mech,
so this change is safe.
(cherry picked from commit 8255613476d4c1583a5e810b50444f188fde871f)
https://github.com/krb5/krb5/commit/dc31efaeec2c10dfd87951b9298c187f4c65bb39
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: dc31efaeec2c10dfd87951b9298c187f4c65bb39
Branch: krb5-1.12
src/lib/gssapi/spnego/spnego_mech.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
More information about the krb5-bugs
mailing list