Apply revised patch from Apple that ensures that a REJECT token is
authorTom Yu <tlyu@mit.edu>
Wed, 8 Apr 2009 01:22:45 +0000 (01:22 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 8 Apr 2009 01:22:45 +0000 (01:22 +0000)
sent on error.

ticket: 6426

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22178 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/spnego/spnego_mech.c

index 7854d9f8c62db2b6c9b22efdd8ebc126205400bd..630c73ac1ab2d0f02b35cf75e44b09778063ac70 100644 (file)
@@ -1248,9 +1248,9 @@ spnego_gss_accept_sec_context(void *ct,
                                 &negState, &return_token);
        }
 cleanup:
-       if (return_token == INIT_TOKEN_SEND ||
-           return_token == CONT_TOKEN_SEND) {
-               tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech,
+       if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
+               tmpret = make_spnego_tokenTarg_msg(negState,
+                                                  sc ? sc->internal_mech : GSS_C_NO_OID,
                                                   &mechtok_out, mic_out,
                                                   return_token,
                                                   output_token);
@@ -2465,6 +2465,8 @@ make_spnego_tokenTarg_msg(OM_uint32 status, gss_OID mech_wanted,
 
        if (outbuf == GSS_C_NO_BUFFER)
                return (GSS_S_DEFECTIVE_TOKEN);
+       if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID)
+           return (GSS_S_DEFECTIVE_TOKEN);
 
        outbuf->length = 0;
        outbuf->value = NULL;