aboutsummaryrefslogtreecommitdiff
path: root/lib/libgssapi/gss_accept_sec_context.c
diff options
context:
space:
mode:
authorDoug Rabson <dfr@FreeBSD.org>2008-04-30 11:29:22 +0000
committerDoug Rabson <dfr@FreeBSD.org>2008-04-30 11:29:22 +0000
commite1a0d9eff37cf955826d61e9457eacc06fe94c01 (patch)
treedd56cc4c7dfb7ab8f3003267cf844e494978a815 /lib/libgssapi/gss_accept_sec_context.c
parent8294c41328da2ef40f61abaf69a6583d0c5c5cb7 (diff)
downloadsrc-e1a0d9eff37cf955826d61e9457eacc06fe94c01.tar.gz
src-e1a0d9eff37cf955826d61e9457eacc06fe94c01.zip
When receiving delegated credentials, initialise our cred's linked list.
Add a bit more sanity checking for GSS-API mechanisms that claim to have delegated creds but don't actually return a cred handle. MFC after: 2 weeks
Notes
Notes: svn path=/head/; revision=178692
Diffstat (limited to 'lib/libgssapi/gss_accept_sec_context.c')
-rw-r--r--lib/libgssapi/gss_accept_sec_context.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libgssapi/gss_accept_sec_context.c b/lib/libgssapi/gss_accept_sec_context.c
index 269a620219a5..62a3bdadfa89 100644
--- a/lib/libgssapi/gss_accept_sec_context.c
+++ b/lib/libgssapi/gss_accept_sec_context.c
@@ -187,10 +187,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
*src_name = (gss_name_t) name;
}
+ if (delegated_mc == GSS_C_NO_CREDENTIAL)
+ mech_ret_flags &= ~GSS_C_DELEG_FLAG;
+
if (mech_ret_flags & GSS_C_DELEG_FLAG) {
if (!delegated_cred_handle) {
m->gm_release_cred(minor_status, &delegated_mc);
- *ret_flags &= ~GSS_C_DELEG_FLAG;
+ mech_ret_flags &= ~GSS_C_DELEG_FLAG;
} else {
struct _gss_cred *cred;
struct _gss_mechanism_cred *mc;
@@ -200,6 +203,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
+ SLIST_INIT(&cred->gc_mc);
mc = malloc(sizeof(struct _gss_mechanism_cred));
if (!mc) {
free(cred);