Abstract out the initiator filter function, it will be needed for the

acceptor too. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19410 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-12-18 15:00:19 +00:00
parent c11cc5fd1b
commit 826acbd391
1 changed files with 33 additions and 0 deletions
--- a/lib/gssapi/spnego/init_sec_context.c
+++ b/lib/gssapi/spnego/init_sec_context.c
@@ -35,6 +35,38 @@

 RCSID("$Id$");

+/*
+ * Is target_name an sane target for `mech<63>.
+ */
+
+static int
+initiator_approved(gss_name_t target_name, gss_OID mech)
+{
+    OM_uint32 min_stat, maj_stat;
+    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc out;
+    
+    maj_stat = gss_init_sec_context(&min_stat,
+				    GSS_C_NO_CREDENTIAL,
+				    &ctx,
+				    target_name,
+				    mech,
+				    0,
+				    GSS_C_INDEFINITE,
+				    GSS_C_NO_CHANNEL_BINDINGS,
+				    GSS_C_NO_BUFFER,
+				    NULL,
+				    &out,
+				    NULL,
+				    NULL);
+    if (GSS_ERROR(maj_stat))
+	return 0;
+    gss_release_buffer(&min_stat, &out);
+    gss_delete_sec_context(&min_stat, &ctx, NULL);
+
+    return 1;
+}
+
 /*
 * Send a reply. Note that we only need to send a reply if we
 * need to send a MIC or a mechanism token. Otherwise, we can
@@ -200,6 +232,7 @@ spnego_initial

    sub = _gss_spnego_indicate_mechtypelist(&minor, 
 					    ctx->target_name,
+					    initiator_approved,
 					    0,
 					    cred,
 					    &ni.mechTypes,