krb5_init_sec_context: skip the token header when GSS_C_DCE_STYLE is specified

Windows (and heimdal) accepts packets with token header
in the server, but it doesn't match the windows client.
We now match the windows client and that fixes
also the display in wireshark.

metze

diff --git a/source/heimdal/lib/gssapi/krb5/init_sec_context.c b/source/heimdal/lib/gssapi/krb5/init_sec_context.c
index d4482a54b275243ca8414d4c069c001c42544b4a..ab7624eef0e4bbd63d204b070804e6b09f3c998f 100644 (file)
--- a/source/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -540,12 +540,18 @@ init_auth
        goto failure;
     }
 
-    ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
-                                  (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
-    if (ret)
-       goto failure;
+    if (flags & GSS_C_DCE_STYLE) {
+       output_token->value = outbuf.data;
+       output_token->length = outbuf.length;
+    } else {
+        ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
+                                   (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
+       if (ret)
+           goto failure;
+
+       krb5_data_free (&outbuf);
+    }
 
-    krb5_data_free (&outbuf);
     krb5_free_creds(context, kcred);
     free_Checksum(&cksum);
     if (cred == NULL)