Limit acquire_cred call to to Kerberos only
authorkwc@citi.umich.edu <kwc@citi.umich.edu>
Mon, 3 Jul 2006 22:34:16 +0000 (18:34 -0400)
committerNeil Brown <neilb@suse.de>
Tue, 4 Jul 2006 00:27:15 +0000 (10:27 +1000)
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.

utils/gssd/krb5_util.c

index 3030c3f..2f5e70e 100644 (file)
@@ -280,11 +280,16 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
 {
        u_int maj_stat, min_stat;
        gss_cred_id_t credh;
+       gss_OID_set_desc  desired_mechs;
        krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
        int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
 
+       /* We only care about getting a krb5 cred */
+       desired_mechs.count = 1;
+       desired_mechs.elements = &krb5oid;
+
        maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
-                                   GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+                                   &desired_mechs, GSS_C_INITIATE,
                                    &credh, NULL, NULL);
 
        if (maj_stat != GSS_S_COMPLETE) {