mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
Restrict GSSAPI query to the krb5 mechanism
Otherwise GSSAPI will consult other mechanisms if available and we can only cope with krb5 credentials here. Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 30 20:45:23 UTC 2020 on sn-devel-184
This commit is contained in:
parent
9f24b5098f
commit
b8653f4ee7
@ -80,7 +80,15 @@ uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status, krb5_context ctx,
|
||||
.count = 1,
|
||||
};
|
||||
|
||||
gss_OID_set mech_set = GSS_C_NO_OID_SET;
|
||||
/* we are interested exclusively in krb5 credentials,
|
||||
* indicate to GSSAPI that we are not interested in any other
|
||||
* mechanism here */
|
||||
gss_OID_set_desc mech_set = {
|
||||
.count = 1,
|
||||
.elements = discard_const_p(struct gss_OID_desc_struct,
|
||||
gss_mech_krb5),
|
||||
};
|
||||
|
||||
gss_cred_usage_t cred_usage = GSS_C_INITIATE;
|
||||
gss_name_t name = NULL;
|
||||
gss_buffer_desc pr_name = {
|
||||
@ -144,7 +152,7 @@ uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status, krb5_context ctx,
|
||||
major_status = gss_acquire_cred_from(minor_status,
|
||||
name,
|
||||
0,
|
||||
mech_set,
|
||||
&mech_set,
|
||||
cred_usage,
|
||||
&cred_store,
|
||||
cred,
|
||||
|
Loading…
Reference in New Issue
Block a user