diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-11-02 03:48:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:40 -0500 |
commit | cc0f3779b1de565ed33504d123e41656d6d2aab2 (patch) | |
tree | 12928a2becf2827256ef954b83c425daec2ec3ce /source4/auth/gensec | |
parent | 375922801fca7eab7eefe28594df70ce28100f19 (diff) | |
download | samba-cc0f3779b1de565ed33504d123e41656d6d2aab2.tar.gz samba-cc0f3779b1de565ed33504d123e41656d6d2aab2.tar.bz2 samba-cc0f3779b1de565ed33504d123e41656d6d2aab2.zip |
r11468: Merge a bit more of init_sec_context from Heimdal CVS into our
DCE_STYLE modified version, and add parametric options to control
delegation.
It turns out the only remaining issue is sending delegated credentials
to a windows server, probably due to the bug lha mentions in his blog
(using the wrong key).
If I turn delgation on in smbclient, but off in smbd, I can proxy a
cifs session.
I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix
myself :-)
Andrew Bartlett
(This used to be commit fd5fd03570c13f5644e53ff89ac8eca7c0985740)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 4608b62db5..a51a30900f 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -124,7 +124,14 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) /* TODO: Fill in channel bindings */ gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; - gensec_gssapi_state->want_flags = GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG; + gensec_gssapi_state->want_flags = 0; + if (lp_parm_bool(-1, "gensec_gssapi", "mutual", True)) { + gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; + } + if (lp_parm_bool(-1, "gensec_gssapi", "delegation", False)) { + gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; + } + gensec_gssapi_state->got_flags = 0; gensec_gssapi_state->session_key = data_blob(NULL, 0); |