[security-dev 00262]: Code review: Failure when SPNEGO request non-Mutual
Weijun Wang
Weijun.Wang at Sun.COM
Mon Aug 4 08:22:01 UTC 2008
Hi All
Please review this code fix:
The bug: http://bugs.sun.com/view_bug.do?bug_id=6733095
Synopsis: Failure when SPNEGO request non-Mutual
Webrev URL: http://hgrev.appspot.com/show?id=201
Description:
Using SPNEGO, when the client calls reqMutualAuth(false)
with Kerberos as the mech, the current implementation fails.
The reason is that when reqMutualAuth(false) is called,
the negotiation process of the underlying mech contains
only one token, which means the server's first call to
Kerberos' acceptSecContext() already returns null.
Unfortunately, the current SPNEGO implementation needs
this output be non-null, therefore the failure.
There's also a tiny error in byte[] acceptSecContext(byte[])
of GSSContextImpl that returns an empty byte array when
the correct output should have been null.
Sorry, no regression tests due to complicated server setup.
Thanks
Weijun
More information about the security-dev
mailing list