diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-02-17 12:35:14 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-02-17 17:36:37 +1100 |
commit | a315350341d7090402fe8fe2991d18fa530d2398 (patch) | |
tree | 5cd6ff8267550b76def686a934e31f8feb8ea763 | |
parent | 6088f44ed7830691c75846caccf63fcd810436c4 (diff) | |
download | samba-a315350341d7090402fe8fe2991d18fa530d2398.tar.gz samba-a315350341d7090402fe8fe2991d18fa530d2398.tar.bz2 samba-a315350341d7090402fe8fe2991d18fa530d2398.zip |
s3-gse: Allow kerberos key type OID to be optional
-rw-r--r-- | source3/librpc/crypto/gse.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index dcfaa722f9..d8f3af0897 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -581,10 +581,7 @@ static NTSTATUS gse_get_session_key(TALLOC_CTX *mem_ctx, } if ((set == GSS_C_NO_BUFFER_SET) || - (set->count != 2) || - (memcmp(set->elements[1].value, - gse_sesskeytype_oid.elements, - gse_sesskeytype_oid.length) != 0)) { + (set->count == 0)) { #ifdef HAVE_GSSKRB5_GET_SUBKEY krb5_keyblock *subkey; gss_maj = gsskrb5_get_subkey(&gss_min, @@ -620,6 +617,16 @@ static NTSTATUS gse_get_session_key(TALLOC_CTX *mem_ctx, if (keytype) { char *oid; char *p, *q = NULL; + + if (set->count < 2 + || memcmp(set->elements[1].value, + gse_sesskeytype_oid.elements, + gse_sesskeytype_oid.length) != 0) { + /* Perhaps a non-krb5 session key */ + *keytype = 0; + gss_maj = gss_release_buffer_set(&gss_min, &set); + return NT_STATUS_OK; + } if (!ber_read_OID_String(talloc_tos(), data_blob_const(set->elements[1].value, set->elements[1].length), &oid)) { |