From: Tom Yu Date: Mon, 20 Oct 2008 20:11:33 +0000 (+0000) Subject: Apply adapted patch from http://bugs.debian.org/480434 to recurse into X-Git-Tag: krb5-1.7-alpha1~283 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cdea7397975a960e3c02479f8aa4ede0bc349105;p=krb5.git Apply adapted patch from bugs.debian.org/480434 to recurse into SPNEGO creds when attempting to retrieve a mechanism cred. ticket: 5807 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20900 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c index f5bed4719..a34790656 100644 --- a/src/lib/gssapi/mechglue/g_glue.c +++ b/src/lib/gssapi/mechglue/g_glue.c @@ -29,6 +29,7 @@ #endif #include #include +#include "../spnego/gssapiP_spnego.h" #define MSO_BIT (8*(sizeof (int) - 1)) /* Most significant octet bit */ @@ -557,6 +558,18 @@ gssint_get_mechanism_cred(union_cred, mech_type) for (i=0; i < union_cred->count; i++) { if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) return union_cred->cred_array[i]; + + /* for SPNEGO, check the next-lower set of creds */ + if (g_OID_equal(gss_mech_spnego, &union_cred->mechs_array[i])) { + gss_union_cred_t candidate_cred; + gss_cred_id_t sub_cred; + + candidate_cred = (gss_union_cred_t)union_cred->cred_array[i]; + sub_cred = gssint_get_mechanism_cred(candidate_cred, mech_type); + + if(sub_cred != GSS_C_NO_CREDENTIAL) + return sub_cred; + } } return GSS_C_NO_CREDENTIAL; }