summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-08-12 15:02:02 +0200
committerStefan Metzmacher <metze@samba.org>2008-08-12 16:21:40 +0200
commit8c0fbbf6e927db9fdbffc28fcde0bea97c5e60e6 (patch)
treec8a36dfa01dc0d5e1e412b1dfa0d2e1d2457256b /source4/auth/gensec
parent588cc81760b5bac201afd039855f93b1592d16d4 (diff)
downloadsamba-8c0fbbf6e927db9fdbffc28fcde0bea97c5e60e6.tar.gz
samba-8c0fbbf6e927db9fdbffc28fcde0bea97c5e60e6.tar.bz2
samba-8c0fbbf6e927db9fdbffc28fcde0bea97c5e60e6.zip
gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO
metze (This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 7ded764095..0df40dc82f 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1177,6 +1177,31 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
if (feature & GENSEC_FEATURE_DCE_STYLE) {
return gensec_gssapi_state->got_flags & GSS_C_DCE_STYLE;
}
+ if (feature & GENSEC_FEATURE_NEW_SPNEGO) {
+ NTSTATUS status;
+
+ if (!(gensec_gssapi_state->got_flags & GSS_C_INTEG_FLAG)) {
+ return false;
+ }
+
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "force_new_spnego", false)) {
+ return true;
+ }
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "disable_new_spnego", false)) {
+ return false;
+ }
+
+ status = gensec_gssapi_init_lucid(gensec_gssapi_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ if (gensec_gssapi_state->lucid->protocol == 1) {
+ return true;
+ }
+
+ return false;
+ }
/* We can always do async (rather than strict request/reply) packets. */
if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
return true;