oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Better support for "non-standard" GSS mechs

Browse Source 
If an initial security context token doesn't have a standard header per
RFC2743 then try all mechanisms until one succeeds or all fail.

We still try to guess NTLMSSP, raw Kerberos, and SPNEGO, from tasting
the initial security context token.
This commit is contained in:
Nicolas Williams
2020-04-16 22:53:22 -05:00
committed by Nico Williams
parent 4199118c76
commit 92c288994a
4 changed files with 133 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/gssapi/ntlm/init_sec_context.c
View File

@@ -347,7 +347,7 @@ _gss_ntlm_init_sec_context
if (ret) {
_gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
*minor_status = ret;
return GSS_S_FAILURE;
return GSS_S_DEFECTIVE_TOKEN;
}
ctx->flags = type2.flags;
@@ -437,7 +437,7 @@ _gss_ntlm_init_sec_context
_gss_ntlm_delete_sec_context(minor_status,
context_handle, NULL);
*minor_status = ret;
return GSS_S_FAILURE;
return GSS_S_DEFECTIVE_TOKEN;
}
if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {