r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
authorAndrew Bartlett <abartlet@samba.org>
Wed, 11 May 2005 12:11:35 +0000 (12:11 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:16:38 +0000 (13:16 -0500)
must register the 'MS' OID for the domain join to progress.

Andrew Bartlett

source/auth/gensec/gensec_gssapi.c

index b051e9cb44cfa52fd4012b30e886d5dca249f263..0dbcaf5906618429ae35e85060d5537f6bbc8581 100644 (file)
@@ -110,7 +110,8 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
                gensec_gssapi_state->want_flags |= GSS_C_DCE_STYLE;
        }
 
-       if (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0) {
+       if ((strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5) == 0)
+               || (strcmp(gensec_security->ops->oid, GENSEC_OID_KERBEROS5_OLD) == 0)) {
                gensec_gssapi_state->gss_oid = &gensec_gss_krb5_mechanism_oid_desc;
        } else if (strcmp(gensec_security->ops->oid, GENSEC_OID_SPNEGO) == 0) {
                gensec_gssapi_state->gss_oid = &gensec_gss_spnego_mechanism_oid_desc;
@@ -673,6 +674,27 @@ static const struct gensec_security_ops gensec_gssapi_krb5_security_ops = {
 
 };
 
+/* As a server, this could in theory accept any GSSAPI mech */
+static const struct gensec_security_ops gensec_gssapi_ms_krb5_security_ops = {
+       .name           = "gssapi_ms_krb5",
+       .oid            = GENSEC_OID_KERBEROS5_OLD,
+       .client_start   = gensec_gssapi_client_start,
+       .server_start   = gensec_gssapi_server_start,
+       .update         = gensec_gssapi_update,
+       .session_key    = gensec_gssapi_session_key,
+       .session_info   = gensec_gssapi_session_info,
+       .sig_size       = gensec_gssapi_sig_size,
+       .sign_packet    = gensec_gssapi_sign_packet,
+       .check_packet   = gensec_gssapi_check_packet,
+       .seal_packet    = gensec_gssapi_seal_packet,
+       .unseal_packet  = gensec_gssapi_unseal_packet,
+       .wrap           = gensec_gssapi_wrap,
+       .unwrap         = gensec_gssapi_unwrap,
+       .have_feature   = gensec_gssapi_have_feature,
+       .enabled        = False
+
+};
+
 static const struct gensec_security_ops gensec_gssapi_spnego_security_ops = {
        .name           = "gssapi_spnego",
        .sasl_name      = "GSS-SPNEGO",
@@ -703,6 +725,14 @@ NTSTATUS gensec_gssapi_init(void)
                return ret;
        }
 
+
+       ret = gensec_register(&gensec_gssapi_ms_krb5_security_ops);
+       if (!NT_STATUS_IS_OK(ret)) {
+               DEBUG(0,("Failed to register '%s' gensec backend!\n",
+                       gensec_gssapi_ms_krb5_security_ops.name));
+               return ret;
+       }
+
        ret = gensec_register(&gensec_gssapi_spnego_security_ops);
        if (!NT_STATUS_IS_OK(ret)) {
                DEBUG(0,("Failed to register '%s' gensec backend!\n",