diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-03-08 16:16:12 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-03-08 11:53:57 +0100 |
commit | 9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0 (patch) | |
tree | 3777252306fe542981ec9b20afcf158ac5df1f73 /auth/kerberos | |
parent | 5b372d7015553a0ab9523999184124fa9d6555e7 (diff) | |
download | samba-9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0.tar.gz samba-9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0.tar.bz2 samba-9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0.zip |
auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type
The key type OID is optional, but we require that information to determine if
we should use NEW_SPNEGO.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
Diffstat (limited to 'auth/kerberos')
-rw-r--r-- | auth/kerberos/gssapi_pac.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c index 8a4d8c3be1..1a9d6aa26e 100644 --- a/auth/kerberos/gssapi_pac.c +++ b/auth/kerberos/gssapi_pac.c @@ -223,10 +223,29 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx, char *oid; char *p, *q = NULL; - if (set->count < 2 - || memcmp(set->elements[1].value, - gse_sesskeytype_oid.elements, - gse_sesskeytype_oid.length) != 0) { + if (set->count < 2) { + +#ifdef HAVE_GSSKRB5_GET_SUBKEY + krb5_keyblock *subkey; + gss_maj = gsskrb5_get_subkey(&gss_min, + gssapi_context, + &subkey); + if (gss_maj == 0) { + *keytype = KRB5_KEY_TYPE(subkey); + krb5_free_keyblock(NULL /* should be krb5_context */, subkey); + } else +#else + { + *keytype = 0; + } +#endif + gss_maj = gss_release_buffer_set(&gss_min, &set); + + return NT_STATUS_OK; + + } else if (memcmp(set->elements[1].value, + gse_sesskeytype_oid.elements, + gse_sesskeytype_oid.length) != 0) { /* Perhaps a non-krb5 session key */ *keytype = 0; gss_maj = gss_release_buffer_set(&gss_min, &set); |