[security-dev 00262]: Code review: Failure when SPNEGO request non-Mutual
Weijun.Wang at Sun.COM
Mon Aug 4 01:22:01 PDT 2008
Please review this code fix:
The bug: http://bugs.sun.com/view_bug.do?bug_id=6733095
Synopsis: Failure when SPNEGO request non-Mutual
Webrev URL: http://hgrev.appspot.com/show?id=201
Using SPNEGO, when the client calls reqMutualAuth(false)
with Kerberos as the mech, the current implementation fails.
The reason is that when reqMutualAuth(false) is called,
the negotiation process of the underlying mech contains
only one token, which means the server's first call to
Kerberos' acceptSecContext() already returns null.
Unfortunately, the current SPNEGO implementation needs
this output be non-null, therefore the failure.
There's also a tiny error in byte acceptSecContext(byte)
of GSSContextImpl that returns an empty byte array when
the correct output should have been null.
Sorry, no regression tests due to complicated server setup.
More information about the security-dev