[krbdev.mit.edu #8081] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Feb 6 17:26:44 EST 2015
Properly reflect MS krb5 mech in SPNEGO acceptor
r25590 changed negotiate_mech() to return an alias into the acceptor's
mech set, with the unfortunate side effect of transforming the
erroneous Microsoft krb5 mech OID into the correct krb5 mech OID,
meaning that we answer with a different OID than the requested one.
Return an alias into the initiator's mech set instead, and store that
in mech_set field the SPNEGO context. The acceptor code only uses
mech_set to hold the allocated storage pointed into by internal_mech,
so this change is safe.
(cherry picked from commit 8255613476d4c1583a5e810b50444f188fde871f)
https://github.com/krb5/krb5/commit/50814d9bd2e20cbad5e58b5f8073d25508acb0d7
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: 50814d9bd2e20cbad5e58b5f8073d25508acb0d7
Branch: krb5-1.11
src/lib/gssapi/spnego/spnego_mech.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
More information about the krb5-bugs
mailing list