Remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is no longer in rfc2478bis

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14584 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-02-21 08:48:15 +00:00
parent 1d02386069
commit 244ca04320
8 changed files with 40 additions and 52 deletions
--- a/lib/gssapi/krb5/ChangeLog
+++ b/lib/gssapi/krb5/ChangeLog
@@ -4,6 +4,14 @@
 	  KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
 	  growing indefinitely as no key is found with KEYTYPE_NULL

+	* compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is
+	  no longer used (however the mechListMIC behaviour is broken,
+	  rfc2478bis support requires the code in the mechglue branch)
+
+	* init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
+
+	* gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
+
 2005-01-05  Luke Howard  <lukeh@padl.com>

 	* 8003.c: use symbolic name for checksum type
--- a/lib/gssapi/krb5/compat.c
+++ b/lib/gssapi/krb5/compat.c
@@ -124,8 +124,7 @@ gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
 /*
 * For compatability with the Windows SPNEGO implementation, the
 * default is to ignore the mechListMIC unless the initiator specified
- * GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, CFX or configured in krb5.conf
- * with the option
+ * CFX or configured in krb5.conf with the option
 * 	[gssapi]require_mechlist_mic=target-principal-pattern.
 * The option is valid for both initiator and acceptor.
 */
@@ -137,22 +136,17 @@ _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
    OM_uint32 ret;
    int is_cfx = 0;

-    if (ctx->flags & GSS_C_EXPECTING_MECH_LIST_MIC_FLAG) {
-	/* initiator insisted on mechListMIC */
+    gsskrb5_is_cfx(ctx, &is_cfx);
+    if (is_cfx) {
+	/* CFX session key was used */
 	*require_mic = TRUE;
    } else {
-	gsskrb5_is_cfx(ctx, &is_cfx);
-	if (is_cfx) {
-	    /* CFX session key was used */
-	    *require_mic = TRUE;
-	} else {
-	    *require_mic = FALSE;
-	    ret = check_compat(minor_status, ctx->target, 
-			       "require_mechlist_mic",
-			       require_mic, TRUE);
-	    if (ret)
-		return ret;
-	}
+	*require_mic = FALSE;
+	ret = check_compat(minor_status, ctx->target, 
+			   "require_mechlist_mic",
+			   require_mic, TRUE);
+	if (ret)
+	    return ret;
    }
    *minor_status = 0;
    return GSS_S_COMPLETE;
--- a/lib/gssapi/krb5/gssapi.h
+++ b/lib/gssapi/krb5/gssapi.h
@@ -116,14 +116,6 @@ typedef OM_uint32 gss_qop_t;
 #define GSS_C_PROT_READY_FLAG 128
 #define GSS_C_TRANS_FLAG 256

-/*
- * GSS_C_EXPECTING_MECH_LIST_MIC_FLAG - Setting this flag causes the
- * initiator to insist that the acceptor integrity protect the mechanism
- * list when using SPNEGO. This can be forced on by setting the 
- * [gssapi]require_mechlist_mic option in krb5.conf.
- */
-#define GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 0x10000
-
 /*
 * Credential usage options
 */
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -725,8 +725,8 @@ spnego_reply
    }

    /*
-     * Verify the mechListMIC if GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
-     * was specified or CFX was used; or if local policy dictated so.
+     * Verify the mechListMIC if CFX was used; or if local policy
+     * dictated so.
     */
    ret = _gss_spnego_require_mechlist_mic(minor_status, *context_handle,
 					   &require_mic);