[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Sep 30 20:46:02 UTC 2020
The branch, master has been updated
via b8653f4ee7a Restrict GSSAPI query to the krb5 mechanism
from 9f24b5098f7 smbclient: Fix recursive mget
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b8653f4ee7ae4afe5391df4f68399858614d8145
Author: Simo Sorce <idra at samba.org>
Date: Thu Sep 24 20:59:42 2020 -0400
Restrict GSSAPI query to the krb5 mechanism
Otherwise GSSAPI will consult other mechanisms if available and we can
only cope with krb5 credentials here.
Signed-off-by: Simo Sorce <idra at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 30 20:45:23 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/gss_samba.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/gss_samba.c b/lib/krb5_wrap/gss_samba.c
index 2a99661ddee..a5940561cda 100644
--- a/lib/krb5_wrap/gss_samba.c
+++ b/lib/krb5_wrap/gss_samba.c
@@ -80,7 +80,15 @@ uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status, krb5_context ctx,
.count = 1,
};
- gss_OID_set mech_set = GSS_C_NO_OID_SET;
+ /* we are interested exclusively in krb5 credentials,
+ * indicate to GSSAPI that we are not interested in any other
+ * mechanism here */
+ gss_OID_set_desc mech_set = {
+ .count = 1,
+ .elements = discard_const_p(struct gss_OID_desc_struct,
+ gss_mech_krb5),
+ };
+
gss_cred_usage_t cred_usage = GSS_C_INITIATE;
gss_name_t name = NULL;
gss_buffer_desc pr_name = {
@@ -144,7 +152,7 @@ uint32_t smb_gss_krb5_import_cred(uint32_t *minor_status, krb5_context ctx,
major_status = gss_acquire_cred_from(minor_status,
name,
0,
- mech_set,
+ &mech_set,
cred_usage,
&cred_store,
cred,
--
Samba Shared Repository
More information about the samba-cvs
mailing list