diff options
author | Ken Raeburn <raeburn@mit.edu> | 2000-07-01 03:48:01 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2000-07-01 03:48:01 +0000 |
commit | 1ff3e2653da2f73ab3cc4c4f220d7781b43c9362 (patch) | |
tree | d4de3ebceb44cd5d88bbbab448770b9a890376a5 /src/lib/gssapi | |
parent | 9796ff01c5f57756a2105d290b5e0f5281f632ec (diff) | |
download | krb5-1ff3e2653da2f73ab3cc4c4f220d7781b43c9362.tar.gz krb5-1ff3e2653da2f73ab3cc4c4f220d7781b43c9362.tar.xz krb5-1ff3e2653da2f73ab3cc4c4f220d7781b43c9362.zip |
pullup from 1.2.1 release
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12502 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 7 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/init_sec_context.c | 20 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 087104e70..6f764457e 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,10 @@ +2000-06-27 Tom Yu <tlyu@mit.edu> + + * init_sec_context.c (get_credentials): Add initial iteration of + krb5_get_credentials in order to differentiate between an actual + missing credential and merely a bad match based on enctype. This + was causing problems with kadmin. + 2000-06-09 Tom Yu <tlyu@mit.edu> Ken Raeburn <raeburn@mit.edu> diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 13a971ffa..acac47184 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -77,6 +77,10 @@ #include <stdlib.h> #include <assert.h> +/* + * $Id$ + */ + /* XXX This is for debugging only!!! Should become a real bitfield at some point */ int krb5_gss_dbg_client_expcreds = 0; @@ -109,11 +113,25 @@ static krb5_error_code get_credentials(context, cred, server, now, in_creds.keyblock.enctype = 0; + /* + * Initial iteration is necessary to catch a non-matching + * credential prior to looping through the GSSAPI-supported + * enctypes, since an enctype mismatch in the loop below will + * return KRB5_CC_NOTFOUND rather than one of the other error + * codes. + */ + code = krb5_get_credentials(context, 0, cred->ccache, + &in_creds, out_creds); + if (code) + goto cleanup; + krb5_free_creds(context, *out_creds); + *out_creds = NULL; for (i = 0; enctypes[i]; i++) { in_creds.keyblock.enctype = enctypes[i]; code = krb5_get_credentials(context, 0, cred->ccache, &in_creds, out_creds); - if (code != KRB5_CC_NOT_KTYPE && code != KRB5KDC_ERR_ETYPE_NOSUPP) + if (code != KRB5_CC_NOT_KTYPE && code != KRB5_CC_NOTFOUND + && code != KRB5KDC_ERR_ETYPE_NOSUPP) break; } if (enctypes[i] == 0) { |