From: Tom Yu Date: Sat, 1 Mar 2003 22:15:22 +0000 (+0000) Subject: There isn't really a point to validating cred_handle if it was just X-Git-Tag: krb5-1.3-alpha1~66 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=95d8dd623b6ad9e15cc611d0a26971ac873c7556;p=krb5.git There isn't really a point to validating cred_handle if it was just acquired by acquire_cred(), so instead of the suggested patch, validate verifier_cred_handle only if we didn't acquire_cred(). * accept_sec_context.c (krb5_gss_accept_sec_context): Don't validate verifier_cred_handle if GSS_C_NO_CREDENTIAL is passed in. ticket: 1356 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15211 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 65ecfc1f5..b85af053e 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,8 @@ +2003-03-01 Tom Yu + + * accept_sec_context.c (krb5_gss_accept_sec_context): Don't + validate verifier_cred_handle if GSS_C_NO_CREDENTIAL is passed in. + 2003-02-25 Tom Yu * set_ccache.c (gss_krb5_ccache_name): Don't return a pointer to diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index c0efb3db1..be212b526 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -284,15 +284,15 @@ krb5_gss_accept_sec_context(minor_status, context_handle, goto fail; } } else { + major_status = krb5_gss_validate_cred(minor_status, + verifier_cred_handle); + if (GSS_ERROR(major_status)) { + code = *minor_status; + goto fail; + } cred_handle = verifier_cred_handle; } - major_status = krb5_gss_validate_cred(minor_status, verifier_cred_handle); - if (GSS_ERROR(major_status)) { - code = *minor_status; - goto fail; - } - cred = (krb5_gss_cred_id_t) cred_handle; /* make sure the supplied credentials are valid for accept */