diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-06-03 20:46:30 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-06-03 20:46:30 -0400 |
| commit | 9421a2652f645bd0beef3e58b4b8fbc18d98f742 (patch) | |
| tree | a6b5b3061d2120e68ba45458c6d4667dabd6d37c /src/lib | |
| parent | 71ca96850348569a7358b32301bb0cc60eb08103 (diff) | |
| download | krb5-9421a2652f645bd0beef3e58b4b8fbc18d98f742.tar.gz krb5-9421a2652f645bd0beef3e58b4b8fbc18d98f742.tar.xz krb5-9421a2652f645bd0beef3e58b4b8fbc18d98f742.zip | |
Fail from gss_acquire_cred if we have no keytab
If a caller tries to acquire krb5 acceptor creds with no desired name
and we have no keytab keys, fail from gss_acquire_cred instead of
deferring until gss_accept_sec_context.
ticket: 7159 (new)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/gssapi/krb5/acquire_cred.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index c08e0597f..2bbee5fd8 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -227,6 +227,7 @@ acquire_accept_cred(krb5_context context, } if (desired_name != NULL) { + /* Make sure we keys matching the desired name in the keytab. */ code = check_keytab(context, kt, desired_name); if (code) { krb5_kt_close(context, kt); @@ -254,6 +255,13 @@ acquire_accept_cred(krb5_context context, *minor_status = code; return GSS_S_FAILURE; } + } else { + /* Make sure we have a keytab with keys in it. */ + code = krb5_kt_have_content(context, kt); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } } cred->keytab = kt; |