rpms/krb5/F-7 krb5-trunk-server_delegation.patch,NONE,1.1
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Fri Nov 16 17:12:27 UTC 2007
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22010
Added Files:
krb5-trunk-server_delegation.patch
Log Message:
- Backport a fix to make handling of returned flags during spnego credential
delegation more forgiving of apps which don't care about flags but still
want a delegated credential handle (#314651, RT#5802). I'm looking at you,
mod_auth_kerb!
krb5-trunk-server_delegation.patch:
--- NEW FILE krb5-trunk-server_delegation.patch ---
If the application calling gss_accept_sec_context() doesn't pass a value
for ret_flags, we'd never be able to check if credentials had been delegated.
The passed-in ret_flags value is a pointer to a bitfield, so the comparision
as-written was not likely to work as expected.
Index: src/lib/gssapi/mechglue/g_accept_sec_context.c
===================================================================
--- src/lib/gssapi/mechglue/g_accept_sec_context.c (revision 20038)
+++ src/lib/gssapi/mechglue/g_accept_sec_context.c (working copy)
@@ -112,6 +112,7 @@
{
OM_uint32 status, temp_status, temp_minor_status;
+ OM_uint32 temp_ret_flags = 0;
gss_union_ctx_id_t union_ctx_id;
gss_union_cred_t union_cred;
gss_cred_id_t input_cred_handle = GSS_C_NO_CREDENTIAL;
@@ -202,7 +203,7 @@
&internal_name,
mech_type,
output_token,
- ret_flags,
+ &temp_ret_flags,
time_rec,
d_cred ? &tmp_d_cred : NULL);
@@ -248,7 +249,7 @@
}
/* Ensure we're returning correct creds format */
- if ((ret_flags && GSS_C_DELEG_FLAG) &&
+ if ((temp_ret_flags & GSS_C_DELEG_FLAG) &&
tmp_d_cred != GSS_C_NO_CREDENTIAL) {
gss_union_cred_t d_u_cred = NULL;
@@ -335,6 +336,8 @@
if (src_name == NULL && tmp_src_name != NULL)
(void) gss_release_name(&temp_minor_status,
&tmp_src_name);
+ if (ret_flags != NULL)
+ *ret_flags = temp_ret_flags;
return (status);
} else {
More information about the fedora-extras-commits
mailing list