summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-02-17 12:35:14 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-02-17 17:36:37 +1100
commita315350341d7090402fe8fe2991d18fa530d2398 (patch)
tree5cd6ff8267550b76def686a934e31f8feb8ea763
parent6088f44ed7830691c75846caccf63fcd810436c4 (diff)
downloadsamba-a315350341d7090402fe8fe2991d18fa530d2398.tar.gz
samba-a315350341d7090402fe8fe2991d18fa530d2398.tar.bz2
samba-a315350341d7090402fe8fe2991d18fa530d2398.zip
s3-gse: Allow kerberos key type OID to be optional
-rw-r--r--source3/librpc/crypto/gse.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index dcfaa722f9..d8f3af0897 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -581,10 +581,7 @@ static NTSTATUS gse_get_session_key(TALLOC_CTX *mem_ctx,
}
if ((set == GSS_C_NO_BUFFER_SET) ||
- (set->count != 2) ||
- (memcmp(set->elements[1].value,
- gse_sesskeytype_oid.elements,
- gse_sesskeytype_oid.length) != 0)) {
+ (set->count == 0)) {
#ifdef HAVE_GSSKRB5_GET_SUBKEY
krb5_keyblock *subkey;
gss_maj = gsskrb5_get_subkey(&gss_min,
@@ -620,6 +617,16 @@ static NTSTATUS gse_get_session_key(TALLOC_CTX *mem_ctx,
if (keytype) {
char *oid;
char *p, *q = NULL;
+
+ if (set->count < 2
+ || memcmp(set->elements[1].value,
+ gse_sesskeytype_oid.elements,
+ gse_sesskeytype_oid.length) != 0) {
+ /* Perhaps a non-krb5 session key */
+ *keytype = 0;
+ gss_maj = gss_release_buffer_set(&gss_min, &set);
+ return NT_STATUS_OK;
+ }
if (!ber_read_OID_String(talloc_tos(),
data_blob_const(set->elements[1].value,
set->elements[1].length), &oid)) {