[PATCH] Fix failure of mech plugins lacking gss_inquire_attrs_for_mech()
Greg Hudson
ghudson at mit.edu
Mon Mar 14 17:13:44 EDT 2016
On 03/14/2016 04:12 PM, David Woodhouse wrote:
> Since commit 030a4a03a ("Report inquire_attrs_For_mech mech failures")
> the GSS-NTLMSSP plugin fails to work, because it doesn't provide a
> gss_inquire_attrs_for_mech() method.
I may have erred in accepting the new behavior, as RFC 5587 section
3.4.3 does not specify GSS_S_UNAVAILABLE as a return code.
However, I didn't like the old behavior either; it seems like a lie to
say "this mech has no attributes but knows about all of the attributes
from RFC 5587." The right answer might be to return GSS_S_COMPLETE but
supply an empty known_mech_attrs.
Either way, it's definitely a bug that gss_indicate_mechs_by_attr()
fails out in the presence of mechs which don't implement RFC 5587. It
ought to succeed, and it ought to include mechs which don't implement
RFC 5587 when called with empty desired and critical sets.
More information about the krbdev
mailing list