Properly check return error when filtering mechs

We need to fail only if the input was an actual set and instead we get back GSS_C_NO_OID_SET. In all other cases we are fine. Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-06-24 16:10:58 -0400
committer: Simo Sorce <simo@redhat.com> 2015-06-24 16:10:58 -0400
commit: c27219caa2d75baf854b1535eb222d679fbe4fcd (patch)
tree: 3e242a2a6ae4e871dc49ba3d91580bd320b46750
parent: d6d8a6b02923827c09eaaebd1e341043860f7b8c (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index 87a1051..d673912 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -349,6 +349,8 @@ gss_OID_set mag_filter_unwanted_mechs(gss_OID_set src)
     uint32_t maj, min;
     int present = 0;
 
+    if (src == GSS_C_NO_OID_SET) return GSS_C_NO_OID_SET;
+
     for (int i = 0; unwanted_mechs[i] != GSS_C_NO_OID; i++) {
         maj = gss_test_oid_set_member(&min,
                                       discard_const(unwanted_mechs[i]),
@@ -459,7 +461,8 @@ static bool mag_auth_basic(request_rec *req,
      * multiple times uselessly.
      */
     filtered_mechs = mag_filter_unwanted_mechs(allowed_mechs);
-    if (filtered_mechs == GSS_C_NO_OID_SET) {
+    if ((allowed_mechs != GSS_C_NO_OID_SET) &&
+        (filtered_mechs == GSS_C_NO_OID_SET)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, req, "Fatal "
                       "failure while filtering mechs, aborting");
         goto done;
author	Simo Sorce <simo@redhat.com>	2015-06-24 16:10:58 -0400
committer	Simo Sorce <simo@redhat.com>	2015-06-24 16:10:58 -0400
commit	c27219caa2d75baf854b1535eb222d679fbe4fcd (patch)
tree	3e242a2a6ae4e871dc49ba3d91580bd320b46750
parent	d6d8a6b02923827c09eaaebd1e341043860f7b8c (diff)