diff options
author | Simo Sorce <simo@redhat.com> | 2012-01-31 15:53:16 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2012-02-01 17:59:12 -0500 |
commit | f813e263d39173ebf9e84663f49664e82252fbad (patch) | |
tree | 902c256f995372dcf40e180498c7912fc111b274 /proxy | |
parent | 6c126d395d1a42d31a568d1ba53a772421a3d955 (diff) | |
download | gss-proxy-f813e263d39173ebf9e84663f49664e82252fbad.tar.gz gss-proxy-f813e263d39173ebf9e84663f49664e82252fbad.tar.xz gss-proxy-f813e263d39173ebf9e84663f49664e82252fbad.zip |
Temporary workaround for MIT gssapi bugs
gss_iniquire_cred_by_mech() doesn't work on all mechanisms returned by
gss_inquire_cred(), this is a but in MIT libraries that MIT is going to fix.
Diffstat (limited to 'proxy')
-rw-r--r-- | proxy/src/gp_export.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c index 93c484c..311140c 100644 --- a/proxy/src/gp_export.c +++ b/proxy/src/gp_export.c @@ -98,8 +98,34 @@ int gp_export_gssx_cred(gss_cred_id_t *in, gssx_cred *out) &acceptor_lifetime, &cred_usage); if (ret_maj) { + uint32_t msgctx; + uint32_t discard; + gss_buffer_desc tmp; + + gss_oid_to_str(&ret_min, &mechanisms->elements[i], &tmp); + fprintf(stderr, "Mech OID: %s", (char *)tmp.value); + gss_release_buffer(&discard, &tmp); + + msgctx = 0; + gss_display_status(&discard, ret_maj, GSS_C_GSS_CODE, + &mechanisms->elements[i], &msgctx, &tmp); + fprintf(stderr, " ... failed with %s,", (char *)tmp.value); + gss_release_buffer(&discard, &tmp); + + msgctx = 0; + gss_display_status(&discard, ret_min, GSS_C_MECH_CODE, + &mechanisms->elements[i], &msgctx, &tmp); + fprintf(stderr, " %s\n", (char *)tmp.value); + + gss_release_buffer(&discard, &tmp); + + /* temporarily skip any offender */ + out->elements.elements_len--; + continue; +#if 0 ret = EINVAL; goto done; +#endif } ret = gp_conv_name_to_gssx(name, &el->MN); |