[26802] in CVS-changelog-for-Kerberos-V5
krb5 commit: Always consider desired_mechs empty in spnego
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Aug 3 16:08:40 2012
Date: Fri, 3 Aug 2012 16:08:38 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201208032008.q73K8c4x030077@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/c1ce35f1d35280161ced99f177bf989579a7238e
commit c1ce35f1d35280161ced99f177bf989579a7238e
Author: Simo Sorce <simo@redhat.com>
Date: Tue Jun 12 14:46:24 2012 -0400
Always consider desired_mechs empty in spnego
The only case where the spnego gss_aquire_cred function can be called
with specific OIDs is if the mechglue calls spenego with the spengo
oid, which we never want to loop on anyway. So always consider it as
null, it's the correct behavior with current semantics.
src/lib/gssapi/spnego/spnego_mech.c | 22 ++++------------------
1 files changed, 4 insertions(+), 18 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 91cf571..4425124 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -374,26 +374,12 @@ spnego_gss_acquire_cred_from(OM_uint32 *minor_status,
spcred->neg_mechs = GSS_C_NULL_OID_SET;
/*
- * If the user did not specify a list of mechs,
- * use get_available_mechs to collect a list of
+ * Always use get_available_mechs to collect a list of
* mechs for which creds are available.
*/
- if (desired_mechs == GSS_C_NULL_OID_SET) {
- status = get_available_mechs(minor_status, desired_name,
- cred_usage, cred_store, &mcred,
- &amechs);
- } else {
- /*
- * The caller gave a specific list of mechanisms,
- * so just get whatever creds are available.
- * gss_acquire_creds will return the subset of mechs for
- * which the given 'output_cred_handle' is valid.
- */
- status = gss_acquire_cred_from(minor_status, desired_name,
- time_req, desired_mechs,
- cred_usage, cred_store, &mcred,
- &amechs, time_rec);
- }
+ status = get_available_mechs(minor_status, desired_name,
+ cred_usage, cred_store, &mcred,
+ &amechs);
if (actual_mechs && amechs != GSS_C_NULL_OID_SET) {
(void) gssint_copy_oid_set(&tmpmin, amechs, actual_mechs);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
