diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-02 22:17:06 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-01-05 17:17:28 +0100 |
commit | 25d7675d695fc1325b954cd90e339b1879776e2b (patch) | |
tree | cb22e65f45fc4d104ad5cd1c5c399b61bbd0d71d | |
parent | ab58469ff4f80506bdbf148e3a19ac377e6a054b (diff) | |
download | samba-25d7675d695fc1325b954cd90e339b1879776e2b.tar.gz samba-25d7675d695fc1325b954cd90e339b1879776e2b.tar.bz2 samba-25d7675d695fc1325b954cd90e339b1879776e2b.zip |
s3-librpc Use gsskrb5_get_subkey() where available to get the session key
This allows gse_get_session_key() to work against Heimdal.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/librpc/crypto/gse.c | 15 | ||||
-rw-r--r-- | source4/heimdal_build/wscript_configure | 1 |
2 files changed, 16 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index a61288b254..b4e59da475 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -628,11 +628,26 @@ DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx, (memcmp(set->elements[1].value, gse_sesskeytype_oid.elements, gse_sesskeytype_oid.length) != 0)) { +#ifdef HAVE_GSSKRB5_GET_SUBKEY + krb5_keyblock *subkey; + gss_maj = gsskrb5_get_subkey(&gss_min, + gse_ctx->gss_ctx, + &subkey); + if (gss_maj != 0) { + DEBUG(1, ("NO session key for this mech\n")); + return data_blob_null; + } + ret = data_blob_talloc(mem_ctx, + KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); + krb5_free_keyblock(NULL /* should be krb5_context */, subkey); + return ret; +#else DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown " "OID for data in results:\n")); dump_data(1, (uint8_t *)set->elements[1].value, set->elements[1].length); return data_blob_null; +#endif } ret = data_blob_talloc(mem_ctx, set->elements[0].value, diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index a15070cfbd..5dc4aa14e1 100644 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -86,6 +86,7 @@ conf.define('HAVE_GSS_KRB5_IMPORT_CRED', 1) conf.define('HAVE_GSS_OID_EQUAL', 1) conf.define('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID', 1) conf.define('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT', 1) +conf.define('HAVE_GSSKRB5_GET_SUBKEY', 1) conf.define('HAVE_LIBGSSAPI', 1) conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1) conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1) |