[29075] in CVS-changelog-for-Kerberos-V5
krb5 commit: Correct GSS major code for non-default QOP values
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Sep 30 18:44:14 2015
Date: Wed, 30 Sep 2015 18:44:10 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201509302244.t8UMiAMt022620@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/45ccc1c85f42e4f41f2042df8a51dd7826533029
commit 45ccc1c85f42e4f41f2042df8a51dd7826533029
Author: Tomas Kuthan <tkuthan@gmail.com>
Date: Wed Sep 30 15:34:26 2015 +0200
Correct GSS major code for non-default QOP values
This patch fixes several krb5 mech error cases to comply with RFC
2743; non-default QOP arguments should result in GSS_S_BAD_QOP, not
GSS_S_FAILURE.
[ghudson@mit.edu: edit commit message]
ticket: 8258 (new)
target_version: 1.14
tags: pullup
src/lib/gssapi/krb5/k5seal.c | 2 +-
src/lib/gssapi/krb5/k5sealiov.c | 4 ++--
src/lib/gssapi/krb5/wrap_size_limit.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index f1c74dd..4da531b 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -337,7 +337,7 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
them later. */
if (qop_req != 0) {
*minor_status = (OM_uint32) G_UNKNOWN_QOP;
- return GSS_S_FAILURE;
+ return GSS_S_BAD_QOP;
}
ctx = (krb5_gss_ctx_id_rec *) context_handle;
diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c
index b53e348..88caa85 100644
--- a/src/lib/gssapi/krb5/k5sealiov.c
+++ b/src/lib/gssapi/krb5/k5sealiov.c
@@ -277,7 +277,7 @@ kg_seal_iov(OM_uint32 *minor_status,
if (qop_req != 0) {
*minor_status = (OM_uint32)G_UNKNOWN_QOP;
- return GSS_S_FAILURE;
+ return GSS_S_BAD_QOP;
}
ctx = (krb5_gss_ctx_id_rec *)context_handle;
@@ -342,7 +342,7 @@ kg_seal_iov_length(OM_uint32 *minor_status,
if (qop_req != GSS_C_QOP_DEFAULT) {
*minor_status = (OM_uint32)G_UNKNOWN_QOP;
- return GSS_S_FAILURE;
+ return GSS_S_BAD_QOP;
}
ctx = (krb5_gss_ctx_id_rec *)context_handle;
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index ed5c599..7959f42 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -91,7 +91,7 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
/* only default qop is allowed */
if (qop_req != GSS_C_QOP_DEFAULT) {
*minor_status = (OM_uint32) G_UNKNOWN_QOP;
- return(GSS_S_FAILURE);
+ return GSS_S_BAD_QOP;
}
ctx = (krb5_gss_ctx_id_rec *) context_handle;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
