From e5974a1b5f736cf61146e82a33f65540289926a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 10 Nov 2006 02:44:38 +0000 Subject: r19650: Allow Samba to use Heimdal's SPNEGO code. Currently this can only negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend by some means or other. Andrew Bartlett (This used to be commit 476452e143f61a3878a3646864729daaddccdf68) --- source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c | 7 ++++--- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 2 -- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index 4d634bf20f..d3a21464da 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -72,10 +72,11 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, /* * Token must start with [APPLICATION 0] SEQUENCE. * But if it doesn't assume its DCE-STYLE Kerberos! + * And if it's not there at all, then we are requesting a mech list from SPNEGO */ - if (len == 0) - return (GSS_S_DEFECTIVE_TOKEN); - if (*p != 0x60) { + if (len == 0) { + mech_oid = *GSS_SPNEGO_MECHANISM; + } else if (*p != 0x60) { mech_oid = *GSS_KRB5_MECHANISM; } else { p++; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index b6f261fe29..3d01ba69d4 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -213,9 +213,7 @@ _gss_load_mech(void) } add_builtin(__gss_krb5_initialize()); -#ifndef _SAMBA_BUILD_ add_builtin(__gss_spnego_initialize()); -#endif fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { -- cgit