sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type

Browse Source 
The key type OID is optional, but we require that information to determine if
we should use NEW_SPNEGO.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Mar  8 11:53:57 CET 2012 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2012-03-08 16:16:12 +11:00
parent 5b372d7015
commit 9a11f2ea09
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
auth/kerberos/gssapi_pac.c
View File

@ -223,10 +223,29 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
char *oid;
char *p, *q = NULL;
if (set->count < 2
|| memcmp(set->elements[1].value,
gse_sesskeytype_oid.elements,
gse_sesskeytype_oid.length) != 0) {
if (set->count < 2) {
#ifdef HAVE_GSSKRB5_GET_SUBKEY
krb5_keyblock *subkey;
gss_maj = gsskrb5_get_subkey(&gss_min,
gssapi_context,
&subkey);
if (gss_maj == 0) {
*keytype = KRB5_KEY_TYPE(subkey);
krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
} else
#else
{
*keytype = 0;
}
#endif
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_OK;
} else if (memcmp(set->elements[1].value,
gse_sesskeytype_oid.elements,
gse_sesskeytype_oid.length) != 0) {
/* Perhaps a non-krb5 session key */
*keytype = 0;
gss_maj = gss_release_buffer_set(&gss_min, &set);