From 826acbd391c09669593cbf0df553622a79961a24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 18 Dec 2006 15:00:19 +0000
Subject: [PATCH] Abstract out the initiator filter function, it will be needed
 for the acceptor too.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19410 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/spnego/init_sec_context.c | 33 ++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/lib/gssapi/spnego/init_sec_context.c b/lib/gssapi/spnego/init_sec_context.c
index b5531c29a..3ddf65fa1 100644
--- a/lib/gssapi/spnego/init_sec_context.c
+++ b/lib/gssapi/spnego/init_sec_context.c
@@ -35,6 +35,38 @@
 
 RCSID("$Id$");
 
+/*
+ * Is target_name an sane target for `mech´.
+ */
+
+static int
+initiator_approved(gss_name_t target_name, gss_OID mech)
+{
+    OM_uint32 min_stat, maj_stat;
+    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc out;
+    
+    maj_stat = gss_init_sec_context(&min_stat,
+				    GSS_C_NO_CREDENTIAL,
+				    &ctx,
+				    target_name,
+				    mech,
+				    0,
+				    GSS_C_INDEFINITE,
+				    GSS_C_NO_CHANNEL_BINDINGS,
+				    GSS_C_NO_BUFFER,
+				    NULL,
+				    &out,
+				    NULL,
+				    NULL);
+    if (GSS_ERROR(maj_stat))
+	return 0;
+    gss_release_buffer(&min_stat, &out);
+    gss_delete_sec_context(&min_stat, &ctx, NULL);
+
+    return 1;
+}
+
 /*
  * Send a reply. Note that we only need to send a reply if we
  * need to send a MIC or a mechanism token. Otherwise, we can
@@ -200,6 +232,7 @@ spnego_initial
 
     sub = _gss_spnego_indicate_mechtypelist(&minor, 
 					    ctx->target_name,
+					    initiator_approved,
 					    0,
 					    cred,
 					    &ni.mechTypes,