[Heimdal-source-changes] [heimdal/heimdal] 8d19f3: gss: pass mechanism error tokens through SPNEGO
Luke Howard
noreply at github.com
Fre Apr 24 07:08:10 CEST 2020
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 8d19f3f47f0dbe6b1e00c8b50b7c042d873e3118
https://github.com/heimdal/heimdal/commit/8d19f3f47f0dbe6b1e00c8b50b7c042d873e3118
Author: Luke Howard <lukeh at padl.com>
Date: 2020-04-24 (Fri, 24 Apr 2020)
Changed paths:
M lib/gssapi/spnego/accept_sec_context.c
M lib/gssapi/spnego/init_sec_context.c
Log Message:
-----------
gss: pass mechanism error tokens through SPNEGO
Fix for issue #486 based on a patch by Nico Williams.
A GSS-API acceptor can return an error token to be sent to the initiator. Our
SPNEGO implementation discarded these when sending a SPNEGO reject response.
This patch fixes the SPNEGO acceptor to convey those in the SPNEGO response.
The SPNEGO initiator is also updated to not bail out early on receiving a
SPNEGO reject response from the acceptor, but instead pass the response token
(if any) to gss_init_sec_context(). A reject response with no response token
will continue to return an error.
More information about the Heimdal-source-changes
mailing list