diff options
author | Tom Yu <tlyu@mit.edu> | 2009-04-07 21:22:13 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2009-04-07 21:22:13 +0000 |
commit | 8241f4980a11b5494377de4f30992d5a5debca95 (patch) | |
tree | e1a75868ea7fc8b1ab1a64576b0d515f29c7f0ca /src/lib/gssapi | |
parent | 324affc316edff9bf690c05a18fb18167c562ca1 (diff) | |
download | krb5-8241f4980a11b5494377de4f30992d5a5debca95.tar.gz krb5-8241f4980a11b5494377de4f30992d5a5debca95.tar.xz krb5-8241f4980a11b5494377de4f30992d5a5debca95.zip |
Apply revised patch from Apple that ensures that a REJECT token is
sent on error.
ticket: 6417
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22173 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 708017a8d3..2fc6f7158d 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1650,8 +1650,7 @@ spnego_gss_accept_sec_context( &negState, &return_token); } cleanup: - if (return_token == INIT_TOKEN_SEND || - return_token == CONT_TOKEN_SEND) { + if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { /* For acceptor-sends-first send a tokenInit */ int tmpret; @@ -1666,7 +1665,8 @@ cleanup: return_token, output_token); } else { - tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech, + tmpret = make_spnego_tokenTarg_msg(negState, + sc ? sc->internal_mech : GSS_C_NO_OID, &mechtok_out, mic_out, return_token, output_token); @@ -3025,6 +3025,8 @@ make_spnego_tokenTarg_msg(OM_uint32 status, gss_OID mech_wanted, if (outbuf == GSS_C_NO_BUFFER) return (GSS_S_DEFECTIVE_TOKEN); + if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID) + return (GSS_S_DEFECTIVE_TOKEN); outbuf->length = 0; outbuf->value = NULL; |