diff options
| author | mp153739 <none@none> | 2007-01-08 02:45:56 -0800 |
|---|---|---|
| committer | mp153739 <none@none> | 2007-01-08 02:45:56 -0800 |
| commit | 3dba6097f91d71408b4a7c824521f8f0687ab6ff (patch) | |
| tree | 4f4c7655b6f61bb8ea0f1bff16059616d7423cd5 /usr/src/lib/libgss | |
| parent | d51f1d338914fe15108ef3fb04d422a459cfdeda (diff) | |
| download | illumos-joyent-3dba6097f91d71408b4a7c824521f8f0687ab6ff.tar.gz | |
4854431 krb5_gss_acquire_cred() does not implement correct GSS_C_NO_NAME semantics
6290693 krb mech isn't doing the right thing in regards to gss_delete_sec_context and the output token
6491792 gss_unwrap() is causing duplicate token detection to fail for subsequent calls to gss_unwrap()
Diffstat (limited to 'usr/src/lib/libgss')
| -rw-r--r-- | usr/src/lib/libgss/g_acquire_cred.c | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/usr/src/lib/libgss/g_acquire_cred.c b/usr/src/lib/libgss/g_acquire_cred.c index 9fffa3c63d..b2a9451538 100644 --- a/usr/src/lib/libgss/g_acquire_cred.c +++ b/usr/src/lib/libgss/g_acquire_cred.c @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -341,27 +340,18 @@ gss_add_cred(minor_status, input_cred_handle, union_cred->auxinfo.time_rec = time_rec; union_cred->auxinfo.cred_usage = cred_usage; - /* - * we must set the name; if name is not supplied - * we must do inquire cred to get it - */ - if (internal_name == GSS_C_NO_NAME) { - if (mech->gss_inquire_cred == NULL || - ((status = mech->gss_inquire_cred( - mech->context, - &temp_minor_status, cred, - &allocated_name, NULL, NULL, - NULL)) != GSS_S_COMPLETE)) + /* + * If internal_name is GSS_C_NO_NAME a cred with no associated + * name was requested: don't set auxinfo.name or auxinfo.name_type. + */ + if (internal_name != GSS_C_NO_NAME) { + if ((status = mech->gss_display_name(mech->context, + &temp_minor_status, internal_name, + &union_cred->auxinfo.name, + &union_cred->auxinfo.name_type)) != + GSS_S_COMPLETE) goto errout; - internal_name = allocated_name; } - - if ((status = mech->gss_display_name(mech->context, - &temp_minor_status, internal_name, - &union_cred->auxinfo.name, - &union_cred->auxinfo.name_type)) != - GSS_S_COMPLETE) - goto errout; } /* now add the new credential elements */ |