Add flag to not add gss-api INT|CONF to the negotiation

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22655 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/krb5/set_cred_option.c

@@ -34,11 +34,20 @@
 
 RCSID("$Id$");
 
+/* 1.2.752.43.13.17 */
+static gss_OID_desc gss_krb5_ccache_name_x_oid_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
+
+gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X = &gss_krb5_ccache_name_x_oid_desc;
+
+/* 1.2.752.43.13.18 */
 static gss_OID_desc gss_krb5_import_cred_x_oid_desc =
-{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
 
 gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
 
+
+
 static OM_uint32
 import_cred(OM_uint32 *minor_status,
 	    krb5_context context,
@@ -201,6 +210,27 @@ out:
     return major_stat;
 }
 
+static OM_uint32
+no_ci_flags(OM_uint32 *minor_status,
+	    krb5_context context,
+	    gss_cred_id_t *cred_handle,
+	    const gss_buffer_t value)
+{
+    gsskrb5_cred cred;
+
+    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
+	*minor_status = 0;
+	return GSS_S_FAILURE;
+    }
+
+    cred = (gsskrb5_cred)*cred_handle;
+    cred->cred_flags |= GSS_CF_NO_CI_FLAGS;
+	
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+
+}
+
 
 OM_uint32
 _gsskrb5_set_cred_option
@@ -224,6 +254,11 @@ _gsskrb5_set_cred_option
     if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
 	return allowed_enctypes(minor_status, context, cred_handle, value);
 
+    if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) {
+	return no_ci_flags(minor_status, context, cred_handle, value);
+    }
+	
+
     *minor_status = EINVAL;
     return GSS_S_FAILURE;
 }