DCE_STYLE and sequence numbers
Stefan (metze) Metzmacher
metze at samba.org
Fri Jul 25 06:11:18 GMT 2008
Andrew Bartlett schrieb:
> Looking into our DCE_STYLE patch, I wonder if this, from lib/gssapi/krb5/accept_sec_context.c is correct:
>
> if (req_flags & GSS_C_DCE_STYLE) {
> int32_t con_flags;
> krb5_data outbuf;
>
> /* Do don't do sequence number for the mk-rep */
> krb5_auth_con_removeflags(context,
> ctx->auth_context,
> KRB5_AUTH_CONTEXT_DO_SEQUENCE,
> &con_flags);
>
> kret = krb5_mk_rep(context,
> ctx->auth_context,
> &outbuf);
> if (kret) {
> *minor_status = kret;
> return GSS_S_FAILURE;
> }
>
> output_token->length = outbuf.length;
> output_token->value = outbuf.data;
>
> krb5_auth_con_removeflags(context,
> ctx->auth_context,
> KRB5_AUTH_CONTEXT_DO_SEQUENCE,
> NULL);
> }
I also noticed that...but as it still worked with arcfour-hmac-md5
I was happy.
I think it was correct in my original patch...
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080725/64955459/signature.bin
More information about the samba-technical
mailing list