From 404a9223ec66af59606867a6f97c66cd9b05b998 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 22 Oct 2009 20:58:37 +0000 Subject: [PATCH] Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passes a NULL server principal to krb5_rd_req(). Without this the name canonicalisation support in 1.7 was broken for GSS_C_BOTH credentials, because cred->name would always be set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/accept_sec_context.c | 2 +- src/lib/gssapi/krb5/acquire_cred.c | 1 + src/lib/gssapi/krb5/gssapiP_krb5.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 6c141ae99..b6c216d58 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -585,7 +585,7 @@ kg_accept_krb5(minor_status, context_handle, } if ((code = krb5_rd_req(context, &auth_context, &ap_req, - cred->name ? cred->name->princ : NULL, + cred->default_identity ? NULL : cred->name->princ, cred->keytab, &ap_req_options, &ticket))) { diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 9e714059e..ef80116ad 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -538,6 +538,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, cred->name = NULL; cred->prerfc_mech = (req_old != 0); cred->rfc_mech = (req_new != 0); + cred->default_identity = (desired_name == GSS_C_NO_NAME); #ifndef LEAN_CLIENT cred->keytab = NULL; diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 3b8cc067c..13413b972 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -169,6 +169,7 @@ typedef struct _krb5_gss_cred_id_rec { unsigned int prerfc_mech : 1; unsigned int rfc_mech : 1; unsigned int proxy_cred : 1; + unsigned int default_identity : 1; /* keytab (accept) data */ krb5_keytab keytab; -- 2.26.2