summaryrefslogtreecommitdiff
path: root/auth/kerberos
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-03-08 16:16:12 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-03-08 11:53:57 +0100
commit9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0 (patch)
tree3777252306fe542981ec9b20afcf158ac5df1f73 /auth/kerberos
parent5b372d7015553a0ab9523999184124fa9d6555e7 (diff)
downloadsamba-9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0.tar.gz
samba-9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0.tar.bz2
samba-9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0.zip
auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type
The key type OID is optional, but we require that information to determine if we should use NEW_SPNEGO. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
Diffstat (limited to 'auth/kerberos')
-rw-r--r--auth/kerberos/gssapi_pac.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 8a4d8c3be1..1a9d6aa26e 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -223,10 +223,29 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
char *oid;
char *p, *q = NULL;
- if (set->count < 2
- || memcmp(set->elements[1].value,
- gse_sesskeytype_oid.elements,
- gse_sesskeytype_oid.length) != 0) {
+ if (set->count < 2) {
+
+#ifdef HAVE_GSSKRB5_GET_SUBKEY
+ krb5_keyblock *subkey;
+ gss_maj = gsskrb5_get_subkey(&gss_min,
+ gssapi_context,
+ &subkey);
+ if (gss_maj == 0) {
+ *keytype = KRB5_KEY_TYPE(subkey);
+ krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
+ } else
+#else
+ {
+ *keytype = 0;
+ }
+#endif
+ gss_maj = gss_release_buffer_set(&gss_min, &set);
+
+ return NT_STATUS_OK;
+
+ } else if (memcmp(set->elements[1].value,
+ gse_sesskeytype_oid.elements,
+ gse_sesskeytype_oid.length) != 0) {
/* Perhaps a non-krb5 session key */
*keytype = 0;
gss_maj = gss_release_buffer_set(&gss_min, &set);