summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-11-02 03:48:49 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:40 -0500
commitcc0f3779b1de565ed33504d123e41656d6d2aab2 (patch)
tree12928a2becf2827256ef954b83c425daec2ec3ce /source4/auth/gensec
parent375922801fca7eab7eefe28594df70ce28100f19 (diff)
downloadsamba-cc0f3779b1de565ed33504d123e41656d6d2aab2.tar.gz
samba-cc0f3779b1de565ed33504d123e41656d6d2aab2.tar.bz2
samba-cc0f3779b1de565ed33504d123e41656d6d2aab2.zip
r11468: Merge a bit more of init_sec_context from Heimdal CVS into our
DCE_STYLE modified version, and add parametric options to control delegation. It turns out the only remaining issue is sending delegated credentials to a windows server, probably due to the bug lha mentions in his blog (using the wrong key). If I turn delgation on in smbclient, but off in smbd, I can proxy a cifs session. I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix myself :-) Andrew Bartlett (This used to be commit fd5fd03570c13f5644e53ff89ac8eca7c0985740)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 4608b62db5..a51a30900f 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -124,7 +124,14 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
/* TODO: Fill in channel bindings */
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
- gensec_gssapi_state->want_flags = GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG;
+ gensec_gssapi_state->want_flags = 0;
+ if (lp_parm_bool(-1, "gensec_gssapi", "mutual", True)) {
+ gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
+ }
+ if (lp_parm_bool(-1, "gensec_gssapi", "delegation", False)) {
+ gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
+ }
+
gensec_gssapi_state->got_flags = 0;
gensec_gssapi_state->session_key = data_blob(NULL, 0);