summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-05-11 12:11:35 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:16:38 -0500
commitdc3cb69a090647a1f85c5669c9be77b21378474c (patch)
treef5743a1219542101edb3fa24d823777686516cfc
parent8b2eb02d159774168eeb9c2499447ecf13e1b915 (diff)
downloadsamba-dc3cb69a090647a1f85c5669c9be77b21378474c.tar.gz
samba-dc3cb69a090647a1f85c5669c9be77b21378474c.tar.bz2
samba-dc3cb69a090647a1f85c5669c9be77b21378474c.zip
r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
must register the 'MS' OID for the domain join to progress. Andrew Bartlett (This used to be commit c8fbda6bfd96d5d57cd52bc15d8695547effe2e3)
-rw-r--r--source4/auth/gensec/gensec_gssapi.c32
1 files changed, 31 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index b051e9cb44..0dbcaf5906 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -110,7 +110,8 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->want_flags |= GSS_C_DCE_STYLE;
}
- if (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0) {
+ if ((strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0)
+ || (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5_OLD) == 0)) {
gensec_gssapi_state->gss_oid = &gensec_gss_krb5_mechanism_oid_desc;
} else if (strcmp(gensec_security->ops->oid, GENSEC_OID_SPNEGO) == 0) {
gensec_gssapi_state->gss_oid = &gensec_gss_spnego_mechanism_oid_desc;
@@ -673,6 +674,27 @@ static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = {
};
+/* As a server, this could in theory accept any GSSAPI mech */
+static const struct gensec_security_ops gensec_gssapi_ms_krb5_security_ops = {
+ .name = "gssapi_ms_krb5",
+ .oid = GENSEC_OID_KERBEROS5_OLD,
+ .client_start = gensec_gssapi_client_start,
+ .server_start = gensec_gssapi_server_start,
+ .update = gensec_gssapi_update,
+ .session_key = gensec_gssapi_session_key,
+ .session_info = gensec_gssapi_session_info,
+ .sig_size = gensec_gssapi_sig_size,
+ .sign_packet = gensec_gssapi_sign_packet,
+ .check_packet = gensec_gssapi_check_packet,
+ .seal_packet = gensec_gssapi_seal_packet,
+ .unseal_packet = gensec_gssapi_unseal_packet,
+ .wrap = gensec_gssapi_wrap,
+ .unwrap = gensec_gssapi_unwrap,
+ .have_feature = gensec_gssapi_have_feature,
+ .enabled = False
+
+};
+
static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = {
.name = "gssapi_spnego",
.sasl_name = "GSS-SPNEGO",
@@ -703,6 +725,14 @@ NTSTATUS gensec_gssapi_init(void)
return ret;
}
+
+ ret = gensec_register(&gensec_gssapi_ms_krb5_security_ops);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(0,("Failed to register '%s' gensec backend!\n",
+ gensec_gssapi_ms_krb5_security_ops.name));
+ return ret;
+ }
+
ret = gensec_register(&gensec_gssapi_spnego_security_ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register '%s' gensec backend!\n",