gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO

metze
(This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 7ded764095a83c319f2ccaf1cf146b2aff840b71..0df40dc82fbc75e6a6588ec75c1ad12e42bf40c7 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1177,6 +1177,31 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
        if (feature & GENSEC_FEATURE_DCE_STYLE) {
                return gensec_gssapi_state->got_flags & GSS_C_DCE_STYLE;
        }
+       if (feature & GENSEC_FEATURE_NEW_SPNEGO) {
+               NTSTATUS status;
+
+               if (!(gensec_gssapi_state->got_flags & GSS_C_INTEG_FLAG)) {
+                       return false;
+               }
+
+               if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "force_new_spnego", false)) {
+                       return true;
+               }
+               if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "disable_new_spnego", false)) {
+                       return false;
+               }
+
+               status = gensec_gssapi_init_lucid(gensec_gssapi_state);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return false;
+               }
+
+               if (gensec_gssapi_state->lucid->protocol == 1) {
+                       return true;
+               }
+
+               return false;
+       }
        /* We can always do async (rather than strict request/reply) packets.  */
        if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
                return true;