From cdea7397975a960e3c02479f8aa4ede0bc349105 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Mon, 20 Oct 2008 20:11:33 +0000 Subject: [PATCH] Apply adapted patch from http://bugs.debian.org/480434 to recurse into SPNEGO creds when attempting to retrieve a mechanism cred. ticket: 5807 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20900 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/mechglue/g_glue.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c index f5bed4719..a34790656 100644 --- a/src/lib/gssapi/mechglue/g_glue.c +++ b/src/lib/gssapi/mechglue/g_glue.c @@ -29,6 +29,7 @@ #endif #include #include +#include "../spnego/gssapiP_spnego.h" #define MSO_BIT (8*(sizeof (int) - 1)) /* Most significant octet bit */ @@ -557,6 +558,18 @@ gssint_get_mechanism_cred(union_cred, mech_type) for (i=0; i < union_cred->count; i++) { if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) return union_cred->cred_array[i]; + + /* for SPNEGO, check the next-lower set of creds */ + if (g_OID_equal(gss_mech_spnego, &union_cred->mechs_array[i])) { + gss_union_cred_t candidate_cred; + gss_cred_id_t sub_cred; + + candidate_cred = (gss_union_cred_t)union_cred->cred_array[i]; + sub_cred = gssint_get_mechanism_cred(candidate_cred, mech_type); + + if(sub_cred != GSS_C_NO_CREDENTIAL) + return sub_cred; + } } return GSS_C_NO_CREDENTIAL; } -- 2.26.2