[30286] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Check mech cred in gss_inquire_cred_by_mech()

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Sep 17 10:55:12 2018

Date: Mon, 17 Sep 2018 10:54:55 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201809171454.w8HEstCg002873@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

commit 8ea7e36661cfa6d8acb2b1af615870092a408cce
Author: Greg Hudson <ghudson@mit.edu>
Date:   Thu Sep 13 17:03:36 2018 -0400

    Check mech cred in gss_inquire_cred_by_mech()
    If gss_inquire_cred_by_mech() is called with a mechanism and there is
    no corresponding mechanism credential in the union cred, return
    GSS_S_NO_CRED (as Heimdal does) instead of interrogating the mechanism
    about the default credential.
    ticket: 8736 (new)
    tags: pullup
    target_version: 1.16-next
    target_version: 1.15-next

 src/lib/gssapi/mechglue/g_inq_cred.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index cbe045a..4ed7774 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -197,6 +197,8 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
     union_cred = (gss_union_cred_t) cred_handle;
     mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
+    if (cred_handle != GSS_C_NO_CREDENTIAL && mech_cred == GSS_C_NO_CREDENTIAL)
+	return (GSS_S_NO_CRED);
     public_mech = gssint_get_public_oid(selected_mech);
     status = mech->gss_inquire_cred_by_mech(minor_status,
cvs-krb5 mailing list

home help back first fref pref prev next nref lref last post