diff options
| author | Simo Sorce <simo@redhat.com> | 2012-08-12 21:43:23 +0200 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2012-09-14 17:01:59 -0400 |
| commit | 8885f38b2627dc1ead69a6fc973a259dd1b052d0 (patch) | |
| tree | d2873a2c00bd82b4eabea940480d3bf844dcf274 | |
| parent | c2e6705cf060ce60ac609e1e28f61fffab586374 (diff) | |
| download | krb5-8885f38b2627dc1ead69a6fc973a259dd1b052d0.tar.gz krb5-8885f38b2627dc1ead69a6fc973a259dd1b052d0.tar.xz krb5-8885f38b2627dc1ead69a6fc973a259dd1b052d0.zip | |
Check creds to select mech in accept_sec_context
| -rw-r--r-- | src/lib/gssapi/mechglue/g_accept_sec_context.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index e01b8549e7..1ca0f5d751 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -156,10 +156,29 @@ gss_cred_id_t * d_cred; if (status) return status; - status = gssint_select_mech_type(minor_status, token_mech_type, - &selected_mech); - if (status) - return status; + /* if the verifier contains creds, it may be an interposer plugin + * calling back into the mechglue layer, so use the mechanism for + * which we have matching creds for if available */ + if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) { + gss_union_cred_t uc; + int i; + + uc = (gss_union_cred_t)verifier_cred_handle; + for (i = 0; i < uc->count; i++) { + if (g_OID_equal(token_mech_type, + gssint_get_public_oid(&uc->mechs_array[i]))) { + selected_mech = &uc->mechs_array[i]; + break; + } + } + } + + if (selected_mech == GSS_C_NO_OID) { + status = gssint_select_mech_type(minor_status, token_mech_type, + &selected_mech); + if (status) + return status; + } } else { union_ctx_id = (gss_union_ctx_id_t)*context_handle; |