From 8c0fbbf6e927db9fdbffc28fcde0bea97c5e60e6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 12 Aug 2008 15:02:02 +0200
Subject: gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO

metze
(This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)
---
 source4/auth/gensec/gensec_gssapi.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'source4/auth')

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 7ded764095..0df40dc82f 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1177,6 +1177,31 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
 	if (feature & GENSEC_FEATURE_DCE_STYLE) {
 		return gensec_gssapi_state->got_flags & GSS_C_DCE_STYLE;
 	}
+	if (feature & GENSEC_FEATURE_NEW_SPNEGO) {
+		NTSTATUS status;
+
+		if (!(gensec_gssapi_state->got_flags & GSS_C_INTEG_FLAG)) {
+			return false;
+		}
+
+		if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "force_new_spnego", false)) {
+			return true;
+		}
+		if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "disable_new_spnego", false)) {
+			return false;
+		}
+
+		status = gensec_gssapi_init_lucid(gensec_gssapi_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			return false;
+		}
+
+		if (gensec_gssapi_state->lucid->protocol == 1) {
+			return true;
+		}
+
+		return false;
+	}
 	/* We can always do async (rather than strict request/reply) packets.  */
 	if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
 		return true;
-- 
cgit