summaryrefslogtreecommitdiffstats
path: root/lib/libgssapi
diff options
context:
space:
mode:
authordfr <dfr@FreeBSD.org>2008-04-30 11:29:22 +0000
committerdfr <dfr@FreeBSD.org>2008-04-30 11:29:22 +0000
commit0831b4437b8c91986f422fd2d1b67150ddb210dd (patch)
treedd56cc4c7dfb7ab8f3003267cf844e494978a815 /lib/libgssapi
parentef9dc86e5540be4e8085f08f4dc2ae9142fb34b4 (diff)
downloadFreeBSD-src-0831b4437b8c91986f422fd2d1b67150ddb210dd.zip
FreeBSD-src-0831b4437b8c91986f422fd2d1b67150ddb210dd.tar.gz
When receiving delegated credentials, initialise our cred's linked list.
Add a bit more sanity checking for GSS-API mechanisms that claim to have delegated creds but don't actually return a cred handle. MFC after: 2 weeks
Diffstat (limited to 'lib/libgssapi')
-rw-r--r--lib/libgssapi/gss_accept_sec_context.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libgssapi/gss_accept_sec_context.c b/lib/libgssapi/gss_accept_sec_context.c
index 269a620..62a3bda 100644
--- a/lib/libgssapi/gss_accept_sec_context.c
+++ b/lib/libgssapi/gss_accept_sec_context.c
@@ -187,10 +187,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
*src_name = (gss_name_t) name;
}
+ if (delegated_mc == GSS_C_NO_CREDENTIAL)
+ mech_ret_flags &= ~GSS_C_DELEG_FLAG;
+
if (mech_ret_flags & GSS_C_DELEG_FLAG) {
if (!delegated_cred_handle) {
m->gm_release_cred(minor_status, &delegated_mc);
- *ret_flags &= ~GSS_C_DELEG_FLAG;
+ mech_ret_flags &= ~GSS_C_DELEG_FLAG;
} else {
struct _gss_cred *cred;
struct _gss_mechanism_cred *mc;
@@ -200,6 +203,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
+ SLIST_INIT(&cred->gc_mc);
mc = malloc(sizeof(struct _gss_mechanism_cred));
if (!mc) {
free(cred);
OpenPOWER on IntegriCloud