head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2001.09.07.19.45.46;	author nectar;	state dead;
branches;
next	1.1;

1.1
date	2001.07.19.21.43.42;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update 0.4d -> 0.4e
@
text
@--- lib/gssapi/accept_sec_context.c.orig	Mon Jul 16 22:28:38 2001
+++ lib/gssapi/accept_sec_context.c	Tue Jul 17 08:10:32 2001
@@@@ -283,12 +283,27 @@@@
       
       krb5_ccache ccache;
       
-      if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)
+      if (delegated_cred_handle == NULL)
          /* XXX Create a new delegated_cred_handle? */
          kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-      
-      else {
-         if ((*delegated_cred_handle)->ccache == NULL)
+      else if (*delegated_cred_handle == NULL) {
+	 if ((*delegated_cred_handle =
+	      calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
+	    kret = ENOMEM;
+	    krb5_set_error_string(gssapi_krb5_context, "out of memory");
+	    gssapi_krb5_set_error_string();
+	    goto failure;
+	 }
+	 if ((kret = gss_duplicate_name(minor_status, ticket->client,
+				&(*delegated_cred_handle)->principal)) != 0) {
+	    flags &= ~GSS_C_DELEG_FLAG;
+	    free(*delegated_cred_handle);
+	    *delegated_cred_handle = NULL;
+	    goto end_fwd;
+	 }
+      }
+      if (delegated_cred_handle != NULL &&
+	  (*delegated_cred_handle)->ccache == NULL) {
             kret = krb5_cc_gen_new (gssapi_krb5_context,
                                     &krb5_mcc_ops,
                                     &(*delegated_cred_handle)->ccache);
@


1.1
log
@= Fix possible telnetd vulnerability in option processing.

Obtained from:	heimdal-discuss@@sics.se

= Fix bug in GSSAPI accept_sec_context() that prevented credential
  forwarding from working in some cases.
@
text
@@

