svn commit: samba r6728 - in branches/SAMBA_4_0/source/auth/gensec:
.
abartlet at samba.org
abartlet at samba.org
Wed May 11 12:11:35 GMT 2005
Author: abartlet
Date: 2005-05-11 12:11:35 +0000 (Wed, 11 May 2005)
New Revision: 6728
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6728
Log:
Microsoft relies very strongly on getting the OIDs it expects, so we
must register the 'MS' OID for the domain join to progress.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-05-11 12:03:48 UTC (rev 6727)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2005-05-11 12:11:35 UTC (rev 6728)
@@ -110,7 +110,8 @@
gensec_gssapi_state->want_flags |= GSS_C_DCE_STYLE;
}
- if (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0) {
+ if ((strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0)
+ || (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5_OLD) == 0)) {
gensec_gssapi_state->gss_oid = &gensec_gss_krb5_mechanism_oid_desc;
} else if (strcmp(gensec_security->ops->oid, GENSEC_OID_SPNEGO) == 0) {
gensec_gssapi_state->gss_oid = &gensec_gss_spnego_mechanism_oid_desc;
@@ -673,6 +674,27 @@
};
+/* As a server, this could in theory accept any GSSAPI mech */
+static const struct gensec_security_ops gensec_gssapi_ms_krb5_security_ops = {
+ .name = "gssapi_ms_krb5",
+ .oid = GENSEC_OID_KERBEROS5_OLD,
+ .client_start = gensec_gssapi_client_start,
+ .server_start = gensec_gssapi_server_start,
+ .update = gensec_gssapi_update,
+ .session_key = gensec_gssapi_session_key,
+ .session_info = gensec_gssapi_session_info,
+ .sig_size = gensec_gssapi_sig_size,
+ .sign_packet = gensec_gssapi_sign_packet,
+ .check_packet = gensec_gssapi_check_packet,
+ .seal_packet = gensec_gssapi_seal_packet,
+ .unseal_packet = gensec_gssapi_unseal_packet,
+ .wrap = gensec_gssapi_wrap,
+ .unwrap = gensec_gssapi_unwrap,
+ .have_feature = gensec_gssapi_have_feature,
+ .enabled = False
+
+};
+
static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = {
.name = "gssapi_spnego",
.sasl_name = "GSS-SPNEGO",
@@ -703,6 +725,14 @@
return ret;
}
+
+ ret = gensec_register(&gensec_gssapi_ms_krb5_security_ops);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(0,("Failed to register '%s' gensec backend!\n",
+ gensec_gssapi_ms_krb5_security_ops.name));
+ return ret;
+ }
+
ret = gensec_register(&gensec_gssapi_spnego_security_ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register '%s' gensec backend!\n",
More information about the samba-cvs
mailing list