Fix gss_inquire_cred_by_mech.
commitca052eadd5590e9d7feafc2b7b805a2e1c577c92
authorViktor Dukhovni <viktor@twosigma.com>
Wed, 4 Mar 2015 02:24:54 +0000 (4 02:24 +0000)
committerViktor Dukhovni <viktor@dukhovni.org>
Tue, 10 Mar 2015 03:07:29 +0000 (10 03:07 +0000)
treedc1da27533b20e6506aebeb392ce71e254c5ef24
parent84852509896abba2a98a35d1dff6deaf514a2d95
Fix gss_inquire_cred_by_mech.

Delegated or other explicit credentials were mishandled, the code only
worked correctly when processing default credentials.  In particular
this caused root's default credential cache to be accessed when accepting
delegated credentials in SSH:

    ssh_gssapi_accept_ctx() ->
        ssh_gssapi_getclient() ->
    gss_inquire_cred_by_mech()

When /tmp/krb5cc_0 contained expired tickets, cascaded credentials
stopped working for non-root users!
lib/gssapi/krb5/inquire_cred.c
lib/gssapi/krb5/inquire_cred_by_mech.c