git.samba.org / metze / heimdal / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dfb1e6f) | patch
gss: pass mechanism error tokens through SPNEGO
authorLuke Howard <lukeh@padl.com>
Tue, 21 Apr 2020 23:35:14 +0000 (09:35 +1000)
committerLuke Howard <lukeh@padl.com>
Fri, 24 Apr 2020 05:07:55 +0000 (15:07 +1000)
commit8d19f3f47f0dbe6b1e00c8b50b7c042d873e3118
tree94321ec2d0478650191667bdbd8051e29d757043tree
parentdfb1e6fcf8e1b7b0ed507f32ad91e531ea3bcd3ecommit | diff
gss: pass mechanism error tokens through SPNEGO

Fix for issue #486 based on a patch by Nico Williams.

A GSS-API acceptor can return an error token to be sent to the initiator. Our
SPNEGO implementation discarded these when sending a SPNEGO reject response.
This patch fixes the SPNEGO acceptor to convey those in the SPNEGO response.

The SPNEGO initiator is also updated to not bail out early on receiving a
SPNEGO reject response from the acceptor, but instead pass the response token
(if any) to gss_init_sec_context(). A reject response with no response token
will continue to return an error.
lib/gssapi/spnego/accept_sec_context.c diff | blob | history
lib/gssapi/spnego/init_sec_context.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.