oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: don't generate mechListMIC in SPNEGO if it is safe to omit it

Browse Source
This commit is contained in:
Luke Howard
2020-01-01 22:32:46 +11:00
parent 4fb6a6adc9
commit 044c1c6b63
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -494,6 +494,16 @@ acceptor_complete(OM_uint32 * minor_status,
*get_mic = 1; *get_mic = 1;
} }
/*
* Change from previous versions: do not generate a MIC if not
* necessary. This conforms to RFC4178 s.5 ("if the accepted
* mechanism is the most preferred mechanism of both the initiator
* and acceptor, then the MIC token exchange... is OPTIONAL"),
* and is consistent with MIT and Windows behavior.
*/
if (ctx->flags.safe_omit)
*get_mic = 0;
if (verify_mic && mic == NULL && ctx->flags.safe_omit) { if (verify_mic && mic == NULL && ctx->flags.safe_omit) {
/* /*
* Peer is old and didn't send a mic while we expected * Peer is old and didn't send a mic while we expected