From 84dca625cab96f72123308d80a5aeed5fc42f0c5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 14 Jul 2009 13:22:38 +1000
Subject: s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on
 AP_OPTS_MUTUAL_REQUIRED

We had previously assumed it was unconditional.  Samba3 didn't mind
very much, but Samba4's samba3-like client did, and the behaviour
differed to Win2008 behaviour.

Andrew Bartlett
---
 source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source4/heimdal/lib/gssapi/krb5')

diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index e0944852a7..8ead2bdf75 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -522,7 +522,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 	     * Samba style get some flags (but not DCE-STYLE)
 	     */
 	    ctx->flags =
-		GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+		GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+	    if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
+		    ctx->flags |= GSS_C_MUTUAL_FLAG;
+	    }
         }
     }
 
-- 
cgit