summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-08-20 06:08:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:33:36 -0500
commit40f56f63bec5a609229033dc4c0854bb4fb16f06 (patch)
tree0bce454b79bfa8f387e9f2ca94c1bccbec51f6fc /source4/auth/gensec
parent479be53c0a894df441db9a02d0b75b222b374ae9 (diff)
downloadsamba-40f56f63bec5a609229033dc4c0854bb4fb16f06.tar.gz
samba-40f56f63bec5a609229033dc4c0854bb4fb16f06.tar.bz2
samba-40f56f63bec5a609229033dc4c0854bb4fb16f06.zip
r9415: Remove old kerberos code (including salt guessing code) that has only
caused me pain (and covourty warnings). Simply gensec_gssapi to assume the properties of lorikeet-heimdal, rather than having #ifdef around critical features. This simplifies the code rather a lot. Andrew Bartlett (This used to be commit 11156f556db678c3d325fe5ced5e41a76ed6a3f1)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c24
1 files changed, 6 insertions, 18 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 183e3f201b..b68bfbdb36 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -128,14 +128,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
talloc_set_destructor(gensec_gssapi_state, gensec_gssapi_destory);
- if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
-#ifndef HAVE_GSSKRB5_GET_INITIATOR_SUBKEY
- /* GSSAPI won't give us the session keys, without the
- * right hooks. This is critical when requested, so
- * fail outright. */
- return NT_STATUS_INVALID_PARAMETER;
-#endif
- }
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_gssapi_state->want_flags |= GSS_C_INTEG_FLAG;
}
@@ -143,13 +135,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
gensec_gssapi_state->want_flags |= GSS_C_CONF_FLAG;
}
if (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) {
-#ifndef GSS_C_DCE_STYLE
- /* GSSAPI DCE_STYLE is critical when requested, so
- * fail outright */
- return NT_STATUS_INVALID_PARAMETER;
-#else
gensec_gssapi_state->want_flags |= GSS_C_DCE_STYLE;
-#endif
}
gensec_gssapi_state->gss_oid = gss_mech_krb5;
@@ -678,12 +664,16 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security,
return gensec_gssapi_state->got_flags & GSS_C_CONF_FLAG;
}
if (feature & GENSEC_FEATURE_SESSION_KEY) {
-#ifdef HAVE_GSSKRB5_GET_INITIATOR_SUBKEY
if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length)
&& (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, gensec_gssapi_state->gss_oid->length) == 0)) {
return True;
}
-#endif
+ }
+ if (feature & GENSEC_FEATURE_DCE_STYLE) {
+ return True;
+ }
+ if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
+ return True;
}
return False;
}
@@ -698,7 +688,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
return NT_STATUS_OK;
}
-#ifdef HAVE_GSSKRB5_GET_INITIATOR_SUBKEY
/* Ensure we only call this for GSSAPI/krb5, otherwise things could get very ugly */
if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length)
&& (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements,
@@ -723,7 +712,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit
}
return NT_STATUS_NO_USER_SESSION_KEY;
}
-#endif
DEBUG(1, ("NO session key for this mech\n"));
return NT_STATUS_NO_USER_SESSION_KEY;