summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-06-11 07:59:20 +0200
committerStefan Metzmacher <metze@samba.org>2008-06-19 13:59:38 +0200
commit809d82d16943bf59e6623bcc6ce5248999f6da07 (patch)
tree4c03e810609b9ce69ff52e31bbabff9372b79047 /source4/auth/credentials
parentb388f932ba14078697878567956c2f16ad8abc68 (diff)
downloadsamba-809d82d16943bf59e6623bcc6ce5248999f6da07.tar.gz
samba-809d82d16943bf59e6623bcc6ce5248999f6da07.tar.bz2
samba-809d82d16943bf59e6623bcc6ce5248999f6da07.zip
credentials: set GSS_KRB5_CRED_NO_CI_FLAGS_X to avoid GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG
metze (This used to be commit f573c1ff4443f3002c310d3ba29d8c343ad03907)
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r--source4/auth/credentials/credentials_krb5.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 3bc1764448..b9207ab601 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -379,19 +379,34 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache, NULL, NULL,
&gcc->creds);
if (maj_stat) {
+ talloc_free(gcc);
if (min_stat) {
ret = min_stat;
} else {
ret = EINVAL;
}
+ return ret;
}
- if (ret == 0) {
- cred->client_gss_creds_obtained = cred->ccache_obtained;
- talloc_set_destructor(gcc, free_gssapi_creds);
- cred->client_gss_creds = gcc;
- *_gcc = gcc;
+
+ /* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */
+ maj_stat = gss_set_cred_option(&min_stat, gcc->creds,
+ GSS_KRB5_CRED_NO_CI_FLAGS_X,
+ GSS_C_NO_BUFFER);
+ if (maj_stat) {
+ talloc_free(gcc);
+ if (min_stat) {
+ ret = min_stat;
+ } else {
+ ret = EINVAL;
+ }
+ return ret;
}
- return ret;
+
+ cred->client_gss_creds_obtained = cred->ccache_obtained;
+ talloc_set_destructor(gcc, free_gssapi_creds);
+ cred->client_gss_creds = gcc;
+ *_gcc = gcc;
+ return 0;
}
/**