diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-09-21 15:03:41 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-09-21 15:04:20 -0400 |
| commit | dca7a82f793178c4a51bdd40a173748c3eb2c2a5 (patch) | |
| tree | 01c6bf4b04cdd6fce1a2e1fb6e7e37316cd40f04 /src/lib/gssapi | |
| parent | 4d3200ca369b47e8cf6966ae7670823d57ef2b3f (diff) | |
| download | krb5-dca7a82f793178c4a51bdd40a173748c3eb2c2a5.tar.gz krb5-dca7a82f793178c4a51bdd40a173748c3eb2c2a5.tar.xz krb5-dca7a82f793178c4a51bdd40a173748c3eb2c2a5.zip | |
Resolve verifier cred in accept_sec_context
If the verifier cred handle is of type GSS_C_BOTH, we need to resolve
the initiator part of it in order to create a s4u2proxy delegated
credential handle. (If it's of type GSS_C_ACCEPT, kg_resolve_cred
won't do anything beyond locking and validating the credential.)
ticket: 7356
Diffstat (limited to 'src/lib/gssapi')
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 957f86031..975df14aa 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -514,13 +514,14 @@ kg_accept_krb5(minor_status, context_handle, goto fail; } } else { - major_status = krb5_gss_validate_cred(minor_status, - verifier_cred_handle); + major_status = kg_cred_resolve(minor_status, context, + verifier_cred_handle, GSS_C_NO_NAME); if (GSS_ERROR(major_status)) { code = *minor_status; goto fail; } cred_handle = verifier_cred_handle; + k5_mutex_unlock(&((krb5_gss_cred_id_t)cred_handle)->lock); } cred = (krb5_gss_cred_id_t) cred_handle; |