3party/libzmq
0
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-29 00:32:34 +08:00
Code Issues Projects Releases Wiki Activity

gssapi: fail if client sets wrong principal

Browse Source 
Problem: if client sets ZMQ_GSSAPI_PRINCIPAL to a name
for which credentials cannot be obtained, authentication
proceeds with default credentials.

Solution: Before initializing the security context, check
whether there was a failed attempt to acquire credentials
for a specific principal and bail out if so.

Fixes #2531
This commit is contained in:
Jim Garlick 2017-04-19 16:04:41 -07:00
parent f2b579ce02
commit 4e22dd0e97
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/gssapi_client.cpp
View File

@ -166,6 +166,10 @@ zmq::mechanism_t::status_t zmq::gssapi_client_t::status () const
int zmq::gssapi_client_t::initialize_context () int zmq::gssapi_client_t::initialize_context ()
{ {
// principal was specified but credentials could not be acquired
if (principal_name != NULL && cred == NULL)
return -1;
// First time through, import service_name into target_name // First time through, import service_name into target_name
if (target_name == GSS_C_NO_NAME) { if (target_name == GSS_C_NO_NAME) {
send_tok.value = service_name; send_tok.value = service_name;