Skip Menu |
 

Subject: gss_add_cred() ignores desired_name if creating a new credential
gss_add_cred() only processes desired_name into an internal name if an
input cred handle is given. There is no reason to apply this
condition, and acquiring a mech cred for the default name instead of
the caller-provided name is clearly the wrong behavior.

Commit 25ee704e83c2c63d4b5ecd12ea31c1979239041e (ticket 7217) altered
the code so that an internal name is generated if a cred store is given
but no input cred handle.

This bug was present in the Solaris mechglue but was fixed in changeset
191d30c3be82 with bug number 6285582.
Side note: in the Solaris mechglue after the fix, if no desired_name is
given but an input cred handle is given, the mechglue attempts to apply
the name from the credential (remembered in the auxinfo structure,
which we eliminated in commit
889d3ca4c482f730cd194f2d83c41d70bc615a67). Heimdal does not do this
and I don't believe we need to either.
From: ghudson@mit.edu
Subject: git commit

Always honor desired_name in gss_add_cred()

Remove the conditionalization around the desired_name processing in
gss_add_cred_from(), so that we always honor the requested name.

https://github.com/krb5/krb5/commit/6d4eb6eb473c93f0db05409195448364382760a9
Author: Greg Hudson <ghudson@mit.edu>
Commit: 6d4eb6eb473c93f0db05409195448364382760a9
Branch: master
src/lib/gssapi/mechglue/g_acquire_cred.c | 28 +++++++++++++---------------
src/tests/gssapi/t_add_cred.c | 10 ++++++++++
2 files changed, 23 insertions(+), 15 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Always honor desired_name in gss_add_cred()

Remove the conditionalization around the desired_name processing in
gss_add_cred_from(), so that we always honor the requested name.

(cherry picked from commit 6d4eb6eb473c93f0db05409195448364382760a9)

https://github.com/krb5/krb5/commit/fa12f4ef6f6449ea1eb63ffa45f94be11cace433
Author: Greg Hudson <ghudson@mit.edu>
Commit: fa12f4ef6f6449ea1eb63ffa45f94be11cace433
Branch: krb5-1.16
src/lib/gssapi/mechglue/g_acquire_cred.c | 28 +++++++++++++---------------
src/tests/gssapi/t_add_cred.c | 10 ++++++++++
2 files changed, 23 insertions(+), 15 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Always honor desired_name in gss_add_cred()

Remove the conditionalization around the desired_name processing in
gss_add_cred_from(), so that we always honor the requested name.

(cherry picked from commit 6d4eb6eb473c93f0db05409195448364382760a9)

https://github.com/krb5/krb5/commit/0ab749b38930d43b4640b7b2e9448079510fd4a5
Author: Greg Hudson <ghudson@mit.edu>
Commit: 0ab749b38930d43b4640b7b2e9448079510fd4a5
Branch: krb5-1.15
src/lib/gssapi/mechglue/g_acquire_cred.c | 28 +++++++++++++---------------
src/tests/gssapi/t_add_cred.c | 10 ++++++++++
2 files changed, 23 insertions(+), 15 deletions(-)