[krbdev.mit.edu #7907] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu May 8 15:20:05 EDT 2014
Allow GSS mechs to force mechlistMIC in SPNEGO
During a SPNEGO negotiation, if the NTLMSSP mechanism is used and a
MIC is produced within the final initiator mechanism token, Microsoft
servers require a mechlistMIC even if NTLMSSP was the most preferred
mechanism.
In spnego_mech.c, add a helper function mech_requires_mechlistMIC
which queries the mechanism to determine whether we might need to
produce a mechlistMIC for interoperability. Call it after each call
to the mechanism's gss_init_sec_context and set sc->mic_reqd if it
returns true. Although only the second call to NTLMSSP will actually
ever return true, the first call makes the mechanism aware that the
SPNEGO implementation supports this feature.
[ghudson at mit.edu: clarified commit message and code]
https://github.com/krb5/krb5/commit/bff6bbf52401f9464df365d76f0987fbf8101c5e
Author: Simo Sorce <simo at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: bff6bbf52401f9464df365d76f0987fbf8101c5e
Branch: master
src/lib/gssapi/spnego/spnego_mech.c | 37 +++++++++++++++++++++++++++++++++++
1 files changed, 37 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list