} else if (strcmp(*argv, "-spnego") == 0) {
spnego = 1;
} else if (strcmp(*argv, "-krb5") == 0) {
- mechanism = "{ 1 3 5 1 5 2 }";
+ mechanism = "{ 1 2 840 113554 1 2 2 }";
#ifdef _WIN32
} else if (strcmp(*argv, "-threads") == 0) {
argc--;
OM_uint32 first_major = GSS_S_COMPLETE, first_minor = 0;
OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE;
gss_OID_set mechs = GSS_C_NO_OID_SET;
+ gss_OID_set_desc except_attrs;
+ gss_OID_desc attr_oids[1];
unsigned int i;
gss_union_cred_t creds = NULL;
/*
* if desired_mechs equals GSS_C_NULL_OID_SET, then try to
- * acquire credentials for all mechanisms.
+ * acquire credentials for all non-deprecated mechanisms.
*/
if (desired_mechs == GSS_C_NULL_OID_SET) {
- major = gss_indicate_mechs(minor_status, &mechs);
+ attr_oids[0] = *GSS_C_MA_DEPRECATED;
+ except_attrs.count = 1;
+ except_attrs.elements = attr_oids;
+ major = gss_indicate_mechs_by_attrs(minor_status, GSS_C_NO_OID_SET,
+ &except_attrs, GSS_C_NO_OID_SET,
+ &mechs);
if (major != GSS_S_COMPLETE)
goto cleanup;
} else
* SPNEGO because it will also return the SPNEGO mech and we do not
* want to consider SPNEGO as an available security mech for
* negotiation. For this reason, get_available_mechs will return
- * all available mechs except SPNEGO.
+ * all available, non-deprecated mechs except SPNEGO.
*
* If a ptr to a creds list is given, this function will attempt
* to acquire creds for the creds given and trim the list of
int found = 0;
OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
gss_OID_set mechs, goodmechs;
-
- major_status = gss_indicate_mechs(minor_status, &mechs);
+ gss_OID_set_desc except_attrs;
+ gss_OID_desc attr_oids[1];
+
+ attr_oids[0] = *GSS_C_MA_DEPRECATED;
+ except_attrs.count = 1;
+ except_attrs.elements = attr_oids;
+ major_status = gss_indicate_mechs_by_attrs(minor_status,
+ GSS_C_NO_OID_SET,
+ &except_attrs,
+ GSS_C_NO_OID_SET, &mechs);
if (major_status != GSS_S_COMPLETE) {
return (major_status);
projects / thirdparty / krb5.git / commitdiff
