[PATCH] Fix failure of mech plugins lacking gss_inquire_attrs_for_mech()

David Woodhouse dwmw2 at infradead.org
Tue Mar 15 19:48:09 EDT 2016

On Tue, 2016-03-15 at 17:48 -0400, Greg Hudson wrote:
> If you can, please verify that
> https://github.com/krb5/krb5/pull/426 fixes this scenario.

Yes, that fixes it. But I'm still unhappy. The "alternative" fix was to
implement gss_inquire_attrs_for_mech() in gssntlmssp, and just to
return GSS_C_NO_OID_SET for both supported and known mechanism sets. As
seen in http://david.woodhou.se/0001-Add-gss_inquire_attrs_for_mech.patch

With that patch to gssntmssp, it appears that the code in the generic
gss_inquire_attrs_for_mech() function is still going to override the
GSS_C_NO_OID_SET that I explicitly returned as the known_mech_attrs,
and wrongly assume that all attrs listed in RFC5587 are known.


David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20160316/420ad0a3/attachment.bin

More information about the krbdev mailing list