pull up r22173 from trunk

 ------------------------------------------------------------------------
 r22173 | tlyu | 2009-04-07 17:22:13 -0400 (Tue, 07 Apr 2009) | 4 lines
 Changed paths:
    M /trunk/src/lib/gssapi/spnego/spnego_mech.c

 ticket: 6417

 Apply revised patch from Apple that ensures that a REJECT token is
 sent on error.

ticket: 6417
version_fixed: 1.7

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22222 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 9b8a46e119a1faed5e5f6a2e60fdef9420eef456..c20f8703d2ac6f0d28f14406eddecdc6bdb67ff7 100644 (file)
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1650,8 +1650,7 @@ spnego_gss_accept_sec_context(
                                 &negState, &return_token);
        }
 cleanup:
-       if (return_token == INIT_TOKEN_SEND ||
-           return_token == CONT_TOKEN_SEND) {
+       if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
                /* For acceptor-sends-first send a tokenInit */
                int tmpret;
 
@@ -1666,7 +1665,8 @@ cleanup:
                                                           return_token,
                                                           output_token);
                } else {
-                       tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech,
+                       tmpret = make_spnego_tokenTarg_msg(negState,
+                                                          sc ? sc->internal_mech : GSS_C_NO_OID,
                                                           &mechtok_out, mic_out,
                                                           return_token,
                                                           output_token);
@@ -3025,6 +3025,8 @@ make_spnego_tokenTarg_msg(OM_uint32 status, gss_OID mech_wanted,
 
        if (outbuf == GSS_C_NO_BUFFER)
                return (GSS_S_DEFECTIVE_TOKEN);
+       if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID)
+           return (GSS_S_DEFECTIVE_TOKEN);
 
        outbuf->length = 0;
        outbuf->value = NULL;