[29334] in CVS-changelog-for-Kerberos-V5
krb5 commit: Revisit inquire_attrs_for_mech on old mechs
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Mar 16 20:58:54 2016
Date: Wed, 16 Mar 2016 20:58:50 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201603170058.u2H0woHD017348@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/89683d1f135765e91041f3a239af865b11aaf86b
commit 89683d1f135765e91041f3a239af865b11aaf86b
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Mar 15 17:45:26 2016 -0400
Revisit inquire_attrs_for_mech on old mechs
In gss_inquire_attrs_for_mech(), if the mech does not implement RFC
5587, return success with empty mech_attrs and known_mech_attrs sets
to indicate a lack of knowledge for all attributes. The previous
behavior of returning an error caused gss_indicate_mechs_by_attr() to
fail out in the presence of an old mechanism, in turn causing
gss_acquire_cred() and SPNEGO to break.
ticket: 8358
src/lib/gssapi/mechglue/g_mechattr.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_mechattr.c b/src/lib/gssapi/mechglue/g_mechattr.c
index 08a6008..e49651e 100644
--- a/src/lib/gssapi/mechglue/g_mechattr.c
+++ b/src/lib/gssapi/mechglue/g_mechattr.c
@@ -181,8 +181,12 @@ gss_inquire_attrs_for_mech(
mech = gssint_get_mechanism(selected_mech);
if (mech == NULL)
return GSS_S_BAD_MECH;
- else if (mech->gss_inquire_attrs_for_mech == NULL)
- return GSS_S_UNAVAILABLE;
+
+ /* If the mech does not implement RFC 5587, return success with an empty
+ * mech_attrs and known_mech_attrs. */
+ if (mech->gss_inquire_attrs_for_mech == NULL)
+ return GSS_S_COMPLETE;
+
public_mech = gssint_get_public_oid(selected_mech);
status = mech->gss_inquire_attrs_for_mech(minor, public_mech, mech_attrs,
known_mech_attrs);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
