From 676ec5fe0b6c7c5126dbf84ef59ec4a5d5f87ede Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 26 Apr 2022 10:23:53 +0200
Subject: [PATCH] Fix gss_localname with SPNEGO wrapping

Fix implemented upstream by Simo
---
 src/mod_auth_gssapi.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index b0999737daedf88fa84a9d8b1543bbedc79194ab..c91aa60707ba9b237a84f95670d483f1a7eab86b 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -1264,7 +1264,21 @@ static int mag_complete(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
 #endif
 
     if (cfg->map_to_local) {
+      /* We have to play heuristics here as gss_localname does not work
+       * as expected with SPNEGO-wrapped names.
+       * http://krbdev.mit.edu/rt/Ticket/Display.html?id=8782
+       */
         maj = gss_localname(&min, client, mech_type, &lname);
+        if (maj != GSS_S_COMPLETE) {
+            uint32_t sub_maj, sub_min;
+            /* try fallback with no oid */
+            sub_maj = gss_localname(&sub_min, client, GSS_C_NO_OID, &lname);
+	    if (sub_maj != GSS_S_UNAVAILABLE) {
+                /* use second call errors only if they are meaningful */
+                maj = sub_maj;
+                min = sub_min;
+            }
+        }
         if (maj != GSS_S_COMPLETE) {
             mag_post_error(req, cfg, MAG_GSS_ERR, maj, min,
                            "gss_localname() failed");
-- 
2.35.1