From: kwc@citi.umich.edu <kwc@citi.umich.edu>
Date: Mon, 3 Jul 2006 22:34:16 +0000 (-0400)
Subject: Limit acquire_cred call to to Kerberos only
X-Git-Tag: nfs-utils-1-0-9~23
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=commitdiff_plain;h=0f899e6d862994ffb437ae73e087c4a21ab59723

Limit acquire_cred call to to Kerberos only

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>

Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.
---

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 3030c3f..2f5e70e 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -280,11 +280,16 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
 {
 	u_int maj_stat, min_stat;
 	gss_cred_id_t credh;
+	gss_OID_set_desc  desired_mechs;
 	krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
 	int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
 
+	/* We only care about getting a krb5 cred */
+	desired_mechs.count = 1;
+	desired_mechs.elements = &krb5oid;
+
 	maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
-				    GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+				    &desired_mechs, GSS_C_INITIATE,
 				    &credh, NULL, NULL);
 
 	if (maj_stat != GSS_S_COMPLETE) {