diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-05-11 12:11:35 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:16:38 -0500 |
commit | dc3cb69a090647a1f85c5669c9be77b21378474c (patch) | |
tree | f5743a1219542101edb3fa24d823777686516cfc | |
parent | 8b2eb02d159774168eeb9c2499447ecf13e1b915 (diff) | |
download | samba-dc3cb69a090647a1f85c5669c9be77b21378474c.tar.gz samba-dc3cb69a090647a1f85c5669c9be77b21378474c.tar.bz2 samba-dc3cb69a090647a1f85c5669c9be77b21378474c.zip |
r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
must register the 'MS' OID for the domain join to progress.
Andrew Bartlett
(This used to be commit c8fbda6bfd96d5d57cd52bc15d8695547effe2e3)
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index b051e9cb44..0dbcaf5906 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -110,7 +110,8 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->want_flags |= GSS_C_DCE_STYLE; } - if (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0) { + if ((strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0) + || (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5_OLD) == 0)) { gensec_gssapi_state->gss_oid = &gensec_gss_krb5_mechanism_oid_desc; } else if (strcmp(gensec_security->ops->oid, GENSEC_OID_SPNEGO) == 0) { gensec_gssapi_state->gss_oid = &gensec_gss_spnego_mechanism_oid_desc; @@ -673,6 +674,27 @@ static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = { }; +/* As a server, this could in theory accept any GSSAPI mech */ +static const struct gensec_security_ops gensec_gssapi_ms_krb5_security_ops = { + .name = "gssapi_ms_krb5", + .oid = GENSEC_OID_KERBEROS5_OLD, + .client_start = gensec_gssapi_client_start, + .server_start = gensec_gssapi_server_start, + .update = gensec_gssapi_update, + .session_key = gensec_gssapi_session_key, + .session_info = gensec_gssapi_session_info, + .sig_size = gensec_gssapi_sig_size, + .sign_packet = gensec_gssapi_sign_packet, + .check_packet = gensec_gssapi_check_packet, + .seal_packet = gensec_gssapi_seal_packet, + .unseal_packet = gensec_gssapi_unseal_packet, + .wrap = gensec_gssapi_wrap, + .unwrap = gensec_gssapi_unwrap, + .have_feature = gensec_gssapi_have_feature, + .enabled = False + +}; + static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = { .name = "gssapi_spnego", .sasl_name = "GSS-SPNEGO", @@ -703,6 +725,14 @@ NTSTATUS gensec_gssapi_init(void) return ret; } + + ret = gensec_register(&gensec_gssapi_ms_krb5_security_ops); + if (!NT_STATUS_IS_OK(ret)) { + DEBUG(0,("Failed to register '%s' gensec backend!\n", + gensec_gssapi_ms_krb5_security_ops.name)); + return ret; + } + ret = gensec_register(&gensec_gssapi_spnego_security_ops); if (!NT_STATUS_IS_OK(ret)) { DEBUG(0,("Failed to register '%s' gensec backend!\n", |