2 files changed, 34 insertions, 11 deletions

diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index c28bf720e3..d228a7731e 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -373,6 +373,7 @@ gss_add_cred_from(minor_status, input_cred_handle,
     gss_cred_id_t	cred = NULL;
     gss_OID		new_mechs_array = NULL;
     gss_cred_id_t *	new_cred_array = NULL;
+    gss_OID_set		target_mechs = GSS_C_NO_OID_SET;
 
     status = val_add_cred_args(minor_status,
 			       input_cred_handle,
@@ -439,15 +440,24 @@ gss_add_cred_from(minor_status, input_cred_handle,
     else
 	time_req = 0;
 
+    status = gss_create_empty_oid_set(minor_status, &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
+    status = gss_add_oid_set_member(minor_status,
+				    &mech->mech_type, &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
     if (mech->gss_acquire_cred_from) {
 	status = mech->gss_acquire_cred_from(minor_status, internal_name,
-					     time_req, GSS_C_NULL_OID_SET,
+					     time_req, target_mechs,
 					     cred_usage, cred_store, &cred,
 					     NULL, &time_rec);
     } else if (cred_store == GSS_C_NO_CRED_STORE) {
 	status = mech->gss_acquire_cred(minor_status, internal_name, time_req,
-					GSS_C_NULL_OID_SET, cred_usage, &cred,
-					NULL, &time_rec);
+					target_mechs, cred_usage, &cred, NULL,
+					&time_rec);
     } else {
 	return GSS_S_UNAVAILABLE;
     }
diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
index 6ac650b35e..35ec25c849 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
@@ -339,6 +339,7 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
     gss_cred_id_t	cred = NULL;
     gss_OID		new_mechs_array = NULL;
     gss_cred_id_t *	new_cred_array = NULL;
+    gss_OID_set		target_mechs = GSS_C_NO_OID_SET;
 
     status = val_add_cred_pw_args(minor_status,
 			          input_cred_handle,
@@ -402,15 +403,24 @@ gss_add_cred_with_password(minor_status, input_cred_handle,
     else
 	time_req = 0;
 
+    status = gss_create_empty_oid_set(minor_status, &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
+    status = gss_add_oid_set_member(minor_status,
+				    &mech->mech_type, &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
     status = mech_ext->gssspi_acquire_cred_with_password(minor_status,
-				                         internal_name,
-				                         password,
-                                                         time_req,
-				                         GSS_C_NULL_OID_SET,
-                                                         cred_usage,
-				                         &cred,
-                                                         NULL,
-                                                         &time_rec);
+							 internal_name,
+							 password,
+							 time_req,
+							 target_mechs,
+							 cred_usage,
+							 &cred,
+							 NULL,
+							 &time_rec);
     if (status != GSS_S_COMPLETE) {
 	map_error(minor_status, mech);
 	goto errout;
@@ -506,6 +516,9 @@ errout:
 					   &mech->mech_type,
 					   &allocated_name);
 
+    if (target_mechs)
+	(void)gss_release_oid_set(&temp_minor_status, &target_mechs);
+
     if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
 	free(union_cred);