summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/gensec_krb5.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/auth/gensec_krb5.c')
-rw-r--r--source4/libcli/auth/gensec_krb5.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 97025fa6c4..0f1bf8e700 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -512,9 +512,14 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
{
char *principal;
DATA_BLOB unwrapped_in;
- DATA_BLOB unwrapped_out;
+ DATA_BLOB unwrapped_out = data_blob(NULL, 0);
uint8 tok_id[2];
+ if (!in.data) {
+ *out = unwrapped_out;
+ return NT_STATUS_MORE_PROCESSING_REQUIRED;
+ }
+
/* Parse the GSSAPI wrapping, if it's there... (win2k3 allows it to be omited) */
if (!gensec_gssapi_parse_krb5_wrap(out_mem_ctx, &in, &unwrapped_in, tok_id)) {
nt_status = ads_verify_ticket(out_mem_ctx,
@@ -544,8 +549,11 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, TALL
if (NT_STATUS_IS_OK(nt_status)) {
gensec_krb5_state->state_position = GENSEC_KRB5_DONE;
/* wrap that up in a nice GSS-API wrapping */
+#ifndef GENSEC_SEND_UNWRAPPED_KRB5
*out = gensec_gssapi_gen_krb5_wrap(out_mem_ctx, &unwrapped_out, TOK_ID_KRB_AP_REP);
-
+#else
+ *out = unwrapped_out;
+#endif
gensec_krb5_state->peer_principal = talloc_steal(gensec_krb5_state, principal);
}
return nt_status;
generated by cgit (git 2.34.1) at 2024-11-11 00:31:54 +0000