< prev index next >
src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
Print this page
rev 11815 : 8078439: SPNEGO auth fails if client proposes MS krb5 OID
Reviewed-by: valeriep
*** 536,553 ****
internal_mech = mech_wanted;
// get the token for mechanism
byte[] accept_token;
! if (mechList[0].equals(mech_wanted)) {
// get the mechanism token
byte[] mechToken = initToken.getMechToken();
if (mechToken == null) {
throw new GSSException(GSSException.FAILURE, -1,
"mechToken is missing");
}
accept_token = GSS_acceptSecContext(mechToken);
} else {
accept_token = null;
}
// verify MIC
--- 536,560 ----
internal_mech = mech_wanted;
// get the token for mechanism
byte[] accept_token;
! if (mechList[0].equals(mech_wanted) ||
! (GSSUtil.isKerberosMech(mechList[0]) &&
! GSSUtil.isKerberosMech(mech_wanted))) {
// get the mechanism token
+ if (DEBUG && !mech_wanted.equals(mechList[0])) {
+ System.out.println("SpNegoContext.acceptSecContext: " +
+ "negotiated mech adjusted to " + mechList[0]);
+ }
byte[] mechToken = initToken.getMechToken();
if (mechToken == null) {
throw new GSSException(GSSException.FAILURE, -1,
"mechToken is missing");
}
accept_token = GSS_acceptSecContext(mechToken);
+ mech_wanted = mechList[0];
} else {
accept_token = null;
}
// verify MIC
< prev index next >