diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-08-20 06:08:52 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:33:36 -0500 |
commit | 40f56f63bec5a609229033dc4c0854bb4fb16f06 (patch) | |
tree | 0bce454b79bfa8f387e9f2ca94c1bccbec51f6fc /source4/auth/gensec | |
parent | 479be53c0a894df441db9a02d0b75b222b374ae9 (diff) | |
download | samba-40f56f63bec5a609229033dc4c0854bb4fb16f06.tar.gz samba-40f56f63bec5a609229033dc4c0854bb4fb16f06.tar.bz2 samba-40f56f63bec5a609229033dc4c0854bb4fb16f06.zip |
r9415: Remove old kerberos code (including salt guessing code) that has only
caused me pain (and covourty warnings).
Simply gensec_gssapi to assume the properties of lorikeet-heimdal,
rather than having #ifdef around critical features. This simplifies
the code rather a lot.
Andrew Bartlett
(This used to be commit 11156f556db678c3d325fe5ced5e41a76ed6a3f1)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 183e3f201b..b68bfbdb36 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -128,14 +128,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) talloc_set_destructor(gensec_gssapi_state, gensec_gssapi_destory); - if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { -#ifndef HAVE_GSSKRB5_GET_INITIATOR_SUBKEY - /* GSSAPI won't give us the session keys, without the - * right hooks. This is critical when requested, so - * fail outright. */ - return NT_STATUS_INVALID_PARAMETER; -#endif - } if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { gensec_gssapi_state->want_flags |= GSS_C_INTEG_FLAG; } @@ -143,13 +135,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->want_flags |= GSS_C_CONF_FLAG; } if (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) { -#ifndef GSS_C_DCE_STYLE - /* GSSAPI DCE_STYLE is critical when requested, so - * fail outright */ - return NT_STATUS_INVALID_PARAMETER; -#else gensec_gssapi_state->want_flags |= GSS_C_DCE_STYLE; -#endif } gensec_gssapi_state->gss_oid = gss_mech_krb5; @@ -678,12 +664,16 @@ static BOOL gensec_gssapi_have_feature(struct gensec_security *gensec_security, return gensec_gssapi_state->got_flags & GSS_C_CONF_FLAG; } if (feature & GENSEC_FEATURE_SESSION_KEY) { -#ifdef HAVE_GSSKRB5_GET_INITIATOR_SUBKEY if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length) && (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, gensec_gssapi_state->gss_oid->length) == 0)) { return True; } -#endif + } + if (feature & GENSEC_FEATURE_DCE_STYLE) { + return True; + } + if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { + return True; } return False; } @@ -698,7 +688,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit return NT_STATUS_OK; } -#ifdef HAVE_GSSKRB5_GET_INITIATOR_SUBKEY /* Ensure we only call this for GSSAPI/krb5, otherwise things could get very ugly */ if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length) && (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, @@ -723,7 +712,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit } return NT_STATUS_NO_USER_SESSION_KEY; } -#endif DEBUG(1, ("NO session key for this mech\n")); return NT_STATUS_NO_USER_SESSION_KEY; |