46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
If the application calling gss_accept_sec_context() doesn't pass a value
|
|
for ret_flags, we'd never be able to check if credentials had been delegated.
|
|
|
|
The passed-in ret_flags value is a pointer to a bitfield, so the comparision
|
|
as-written was not likely to work as expected.
|
|
|
|
Index: src/lib/gssapi/mechglue/g_accept_sec_context.c
|
|
===================================================================
|
|
--- src/lib/gssapi/mechglue/g_accept_sec_context.c (revision 20038)
|
|
+++ src/lib/gssapi/mechglue/g_accept_sec_context.c (working copy)
|
|
@@ -112,6 +112,7 @@
|
|
|
|
{
|
|
OM_uint32 status, temp_status, temp_minor_status;
|
|
+ OM_uint32 temp_ret_flags = 0;
|
|
gss_union_ctx_id_t union_ctx_id;
|
|
gss_union_cred_t union_cred;
|
|
gss_cred_id_t input_cred_handle = GSS_C_NO_CREDENTIAL;
|
|
@@ -202,7 +203,7 @@
|
|
&internal_name,
|
|
mech_type,
|
|
output_token,
|
|
- ret_flags,
|
|
+ ret_flags ? &temp_ret_flags : NULL,
|
|
time_rec,
|
|
d_cred ? &tmp_d_cred : NULL);
|
|
|
|
@@ -248,7 +249,7 @@
|
|
}
|
|
|
|
/* Ensure we're returning correct creds format */
|
|
- if ((ret_flags && GSS_C_DELEG_FLAG) &&
|
|
+ if ((temp_ret_flags & GSS_C_DELEG_FLAG) &&
|
|
tmp_d_cred != GSS_C_NO_CREDENTIAL) {
|
|
gss_union_cred_t d_u_cred = NULL;
|
|
|
|
@@ -335,6 +336,8 @@
|
|
if (src_name == NULL && tmp_src_name != NULL)
|
|
(void) gss_release_name(&temp_minor_status,
|
|
&tmp_src_name);
|
|
+ if (ret_flags != NULL)
|
|
+ *ret_flags = temp_ret_flags;
|
|
return (status);
|
|
} else {
|
|
|