Ticket History #6601: gsssspi_set_cred_option cannot handle mech specific option

The current options are specific to the kerberos mechanism. Options are
likely to be implemented by only one mechanism but the mechglue layer
assumes that all mechanisms have implemented each option and will
succeed when asked to set them. This fixes that:


Index: src/lib/gssapi/mechglue/g_set_cred_option.c
===================================================================
--- src/lib/gssapi/mechglue/g_set_cred_option.c (revision 23482)
+++ src/lib/gssapi/mechglue/g_set_cred_option.c (working copy)
@@ -45,6 +45,8 @@
gss_mechanism mech;
int i;
OM_uint32 status;
+ OM_uint32 mech_status;
+ OM_uint32 mech_minor_status;

if (minor_status == NULL)
return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -66,14 +68,20 @@
}

if (mech->gssspi_set_cred_option == NULL) {
- status = GSS_S_UNAVAILABLE;
continue;
}

- status = (mech->gssspi_set_cred_option)(minor_status,
+ mech_status = (mech->gssspi_set_cred_option)(&mech_minor_status,

union_cred->cred_array[i],
desired_object,
value);
+ if (mech_status == GSS_S_UNAVAILABLE) {
+ continue;
+ }
+ else {
+ status = mech_status;
+ *minor_status = mech_minor_status;
+ }
if (status != GSS_S_COMPLETE) {
map_error(minor_status, mech);
break;

pull up r23698 from trunk

------------------------------------------------------------------------
r23698 | tlyu | 2010-02-05 15:52:42 -0500 (Fri, 05 Feb 2010) | 8 lines

ticket: 6601
tags: pullup
target_version: 1.8

Apply patch from Arlene Berry to handle the case where a mechanism
implements set_cred_option but does not implement the requested
option.

https://github.com/krb5/krb5/commit/cc480060c7b31c33e69ba10d0a842b58c796b7db
Commit By: tlyu
Revision: 23709
Changed Files:
U branches/krb5-1-8/src/lib/gssapi/mechglue/g_set_cred_option.c