generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-10-30 21:50:49 +01:00
Code Issues Projects Releases Wiki Activity

gssapi: use GSS_C_BOTH to acquire credentials

Browse Source 
Problem: if client sets the ZMQ_GSSAPI_PRINCIPAL to a valid
principal, authentication fails.

When an application sets ZMQ_GSSAPI_PRINCIPAL, whether as a
client or a server, libzmq internally calls gss_acquire_cred()
with cred_usage=GSS_C_ACCEPT.  This cred_usage setting is for
acceptors (servers) only, thus it doesn't work for initiators
(clients).

Solution: Change the cred_usage parameter to GSS_C_BOTH to allow
initiators to set ZMQ_GSSAPI_PRINCIPAL.
This commit is contained in:
Jim Garlick
2017-04-18 16:06:53 -07:00
parent c371824b5b
commit f2b579ce02
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/gssapi_mechanism_base.cpp
View File

@@ -338,7 +338,7 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss
return -1; return -1;
maj_stat = gss_acquire_cred (&min_stat, server_name, 0, maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
GSS_C_NO_OID_SET, GSS_C_ACCEPT, GSS_C_NO_OID_SET, GSS_C_BOTH,
cred_, NULL, NULL); cred_, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE)