Pull up r25666 from trunk
authorTom Yu <tlyu@mit.edu>
Fri, 10 Feb 2012 21:19:10 +0000 (21:19 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 10 Feb 2012 21:19:10 +0000 (21:19 +0000)
 ------------------------------------------------------------------------
 r25666 | ghudson | 2012-01-31 16:35:34 -0500 (Tue, 31 Jan 2012) | 12 lines

 ticket: 7084
 subject: Don't check mech in krb5_gss_inquire_cred_by_mech
 target_version: 1.10.1
 tags: pullup

 krb5_gss_inquire_cred_by_mech checks its mech argument against two of
 the four mechs a krb5 cred might have (the krb5 mech and the old krb5
 mech, but not the wrong Microsoft mech or the IAKERB mech), so would
 spuriously fail for the other two mechs.  There is no reason to check
 the mechanism if we assume a reasonable mechglue is interpreting
 application gss_inquire_cred_by_mech calls, so just remove the check.

ticket: 7084
version_fixed: 1.10.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25682 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/inq_cred.c

index 057e51bfa17b8c43725b8b071209c3e54e436ea4..78685dbaa022c73d4d29bc43b4a588ab8853f8b2 100644 (file)
@@ -224,16 +224,6 @@ krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
     OM_uint32           lifetime;
     OM_uint32           mstat;
 
-    /*
-     * We only know how to handle our own creds.
-     */
-    if ((mech_type != GSS_C_NULL_OID) &&
-        !g_OID_equal(gss_mech_krb5_old, mech_type) &&
-        !g_OID_equal(gss_mech_krb5, mech_type)) {
-        *minor_status = 0;
-        return(GSS_S_NO_CRED);
-    }
-
     cred = (krb5_gss_cred_id_t) cred_handle;
     mstat = krb5_gss_inquire_cred(minor_status,
                                   cred_handle,