From 809d82d16943bf59e6623bcc6ce5248999f6da07 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 11 Jun 2008 07:59:20 +0200 Subject: credentials: set GSS_KRB5_CRED_NO_CI_FLAGS_X to avoid GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG metze (This used to be commit f573c1ff4443f3002c310d3ba29d8c343ad03907) --- source4/auth/credentials/credentials_krb5.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'source4/auth/credentials/credentials_krb5.c') diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 3bc1764448..b9207ab601 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -379,19 +379,34 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache, NULL, NULL, &gcc->creds); if (maj_stat) { + talloc_free(gcc); if (min_stat) { ret = min_stat; } else { ret = EINVAL; } + return ret; } - if (ret == 0) { - cred->client_gss_creds_obtained = cred->ccache_obtained; - talloc_set_destructor(gcc, free_gssapi_creds); - cred->client_gss_creds = gcc; - *_gcc = gcc; + + /* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */ + maj_stat = gss_set_cred_option(&min_stat, gcc->creds, + GSS_KRB5_CRED_NO_CI_FLAGS_X, + GSS_C_NO_BUFFER); + if (maj_stat) { + talloc_free(gcc); + if (min_stat) { + ret = min_stat; + } else { + ret = EINVAL; + } + return ret; } - return ret; + + cred->client_gss_creds_obtained = cred->ccache_obtained; + talloc_set_destructor(gcc, free_gssapi_creds); + cred->client_gss_creds = gcc; + *_gcc = gcc; + return 0; } /** -- cgit