gss: make gss_compare_name comply with RFC2743

Anonymous names should always compare FALSE in GSS_Compare_name(). If the names
are being compared at the mechglue layer then we should check for
GSS_C_NT_ANONYMOUS.

diff --git a/lib/gssapi/mech/gss_compare_name.c b/lib/gssapi/mech/gss_compare_name.c
index fdeb6c757ba5313daf7c53b23870d409869e67b5..b67ab478591e9455c167ee5a1944b1ff2a49d667 100644 (file)
--- a/lib/gssapi/mech/gss_compare_name.c
+++ b/lib/gssapi/mech/gss_compare_name.c
@@ -46,7 +46,10 @@ gss_compare_name(OM_uint32 *minor_status,
         */
        if (name1->gn_value.value && name2->gn_value.value) {
                *name_equal = 1;
-               if (!gss_oid_equal(name1->gn_type, name2->gn_type)) {
+               /* RFC 2743: anonymous names always compare false */
+               if (gss_oid_equal(name1->gn_type, GSS_C_NT_ANONYMOUS) ||
+                   gss_oid_equal(name2->gn_type, GSS_C_NT_ANONYMOUS) ||
+                   !gss_oid_equal(name1->gn_type, name2->gn_type)) {
                        *name_equal = 0;
                } else if (name1->gn_value.length != name2->gn_value.length ||
                    memcmp(name1->gn_value.value, name2->gn_value.value,