Fixes for S3 DCE/RPC GSSAPI with Heimdal
Love Hörnquist Åstrand
lha at kth.se
Fri Apr 29 11:13:04 MDT 2011
29 apr 2011 kl. 07:55 skrev "Luke Howard" <lukeh at padl.com>:
>>>> What gss function return an allocated oid ? I'm asking since gss-Release-oid is not part of the api.
>>>
>>> MIT gss_init_sec_context and gss_accept_sec_context apparently.
>>
>> ISC and ASC dont require use of gss_release_oid if conforming to the standard. MIT conforms for their base mechs.
>
>
> So, the GSS EAP mechanism can in some cases return allocated OIDs.
That would be a bug in the eap mechs then, and they work with firefox or SAP that don't call gss_release_oid
ISC needs to return an OID that the caller don't need to free. Just use a global to capture and return already allocated oids if they already exists.
gss_release_oid is not part of the gss-api spec.
Love
More information about the samba-technical
mailing list