From d4711b2410846fc891c0b2fd4475fce58c63abeb Mon Sep 17 00:00:00 2001 From: kouril Date: Tue, 23 Mar 2004 15:32:35 +0000 Subject: [PATCH] Use GSS_C_NT_HOSTBASED_SERVICE instead of GSS_C_NT_USER_NAME in the gss_import_name() Don't free the gss structs when additional GSS iterations are required --- src/mod_auth_kerb.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index a5ed5b1..c51d930 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -921,14 +921,14 @@ get_gss_creds(request_rec *r, * the MIT as replay (Two valid MS authenticators may contain the same time * and utime fields and only differ in the sequential numbers). */ - snprintf(buf, sizeof(buf), "%s/%s", conf->krb_service_name, + snprintf(buf, sizeof(buf), "%s@%s", conf->krb_service_name, ap_get_server_name(r)); input_token.value = buf; input_token.length = strlen(buf) + 1; major_status = gss_import_name(&minor_status, &input_token, - GSS_C_NT_USER_NAME, + GSS_C_NT_HOSTBASED_SERVICE, &server_name); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, @@ -1130,7 +1130,8 @@ end: if (client_name != GSS_C_NO_NAME) gss_release_name(&minor_status, &client_name); - cleanup_gss_connection(gss_connection); + if (! major_status & GSS_S_CONTINUE_NEEDED) + cleanup_gss_connection(gss_connection); return ret; } -- 2.1.4