[16113] in Kerberos-V5-bugs
[krbdev.mit.edu #8737] gss_add_cred() ignores desired_name if
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Sep 13 17:23:35 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8737@krbdev.mit.edu>
Message-ID: <rt-8737-48810.4.73790213740578@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8737'":;
Date: Thu, 13 Sep 2018 17:22:59 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
gss_add_cred() only processes desired_name into an internal name if an
input cred handle is given. There is no reason to apply this
condition, and acquiring a mech cred for the default name instead of
the caller-provided name is clearly the wrong behavior.
Commit 25ee704e83c2c63d4b5ecd12ea31c1979239041e (ticket 7217) altered
the code so that an internal name is generated if a cred store is given
but no input cred handle.
This bug was present in the Solaris mechglue but was fixed in changeset
191d30c3be82 with bug number 6285582.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs