Subject: | gss_accept_sec_context doesn't produce error tokens |
Date: | Mon, 5 Apr 2010 19:15:11 -0400 |
From: | "Arlene Berry" <aberry@likewise.com> |
To: | <krb5-bugs@mit.edu> |
The mechglue for gss_accept_sec_context suppresses error tokens which means that an initiator who is waiting for a response after receiving GSS_S_CONTINUE_NEEDED is never notified that there’s a problem. It appears the code has been this way ever since the mechglue was introduced. This fixes it for me:
Index: g_accept_sec_context.c
===================================================================
--- g_accept_sec_context.c (revision 42878)
+++ g_accept_sec_context.c (working copy)
@@ -385,9 +385,6 @@
free(union_ctx_id);
}
- if (output_token->length)
- (void) gss_release_buffer(&temp_minor_status, output_token);
-
if (src_name)
*src_name = GSS_C_NO_NAME;