[30811] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix SPNEGO acceptor mech filtering
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu May 21 19:04:44 2020
Date: Thu, 21 May 2020 19:04:05 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202005212304.04LN45HY008459@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/e25918cb9efd7361aa78d2d96cd097dd34fdf35d
commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu May 21 14:15:25 2020 -0400
Fix SPNEGO acceptor mech filtering
Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
accidentally changed the SPNEGO acceptor code to filter mechanisms by
the obtainability of initiator credentials rather than acceptor
credentials, when the default acceptor credential is used.
ticket: 8908 (new)
tags: pullup
target_version: 1.18-next
src/lib/gssapi/spnego/spnego_mech.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 28e00c1..68e3897 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1380,7 +1380,7 @@ acc_ctx_new(OM_uint32 *minor_status,
goto cleanup;
}
- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
+ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
if (ret != GSS_S_COMPLETE) {
*return_token = NO_TOKEN_SEND;
goto cleanup;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
