2007-10-04 22:08:39 +00:00
|
|
|
An spnego credential is itself a union credential, so search through it
|
|
|
|
|
when we're looking for credentials of a mechanism which may already have
|
2007-11-09 15:40:20 +00:00
|
|
|
been wrapped by spnego. RT #5807.
|
2007-10-04 22:08:39 +00:00
|
|
|
|
|
|
|
|
Index: src/lib/gssapi/mechglue/g_glue.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/gssapi/mechglue/g_glue.c (revision 20093)
|
|
|
|
|
+++ src/lib/gssapi/mechglue/g_glue.c (working copy)
|
|
|
|
|
@@ -33,6 +33,8 @@
|
|
|
|
|
#define MSO_BIT (8*(sizeof (int) - 1)) /* Most significant octet bit */
|
|
|
|
|
|
|
|
|
|
extern gss_mechanism *gssint_mechs_array;
|
|
|
|
|
+#define SPNEGO_OID_LENGTH 6
|
|
|
|
|
+#define SPNEGO_OID "\053\006\001\005\005\002"
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This file contains the support routines for the glue layer.
|
|
|
|
|
@@ -548,6 +550,8 @@
|
|
|
|
|
gss_OID mech_type;
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
+ gss_union_cred_t spnego_cred;
|
|
|
|
|
+ gss_cred_id_t mech_cred;
|
|
|
|
|
|
|
|
|
|
if (union_cred == GSS_C_NO_CREDENTIAL)
|
|
|
|
|
return GSS_C_NO_CREDENTIAL;
|
|
|
|
|
@@ -555,6 +559,17 @@
|
|
|
|
|
for (i=0; i < union_cred->count; i++) {
|
|
|
|
|
if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
|
|
|
|
|
return union_cred->cred_array[i];
|
|
|
|
|
+
|
|
|
|
|
+ /* if this is an spnego credential, search its contents */
|
|
|
|
|
+ if ((union_cred->mechs_array[i].length == SPNEGO_OID_LENGTH) &&
|
|
|
|
|
+ (memcmp(union_cred->mechs_array[i].elements,
|
|
|
|
|
+ SPNEGO_OID,
|
|
|
|
|
+ SPNEGO_OID_LENGTH) == 0)) {
|
|
|
|
|
+ spnego_cred = union_cred->cred_array[i];
|
|
|
|
|
+ mech_cred = gssint_get_mechanism_cred(spnego_cred, mech_type);
|
|
|
|
|
+ if (mech_cred != GSS_C_NO_CREDENTIAL)
|
|
|
|
|
+ return mech_cred;
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
return GSS_C_NO_CREDENTIAL;
|
|
|
|
|
}
|
