From: Mark Andrews <marka@isc.org>
Date: Fri, 12 Mar 2010 03:47:08 +0000 (+0000)
Subject: 2867.   [bug]           Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
X-Git-Tag: v9.4-ESV-R2~26^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a80d26914afece7324158918e8d74c7c8384a0df;p=thirdparty%2Fbind9.git

2867.   [bug]           Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
                        don't like it.  [RT #20986]
---

diff --git a/CHANGES b/CHANGES
index a8aa9861c42..2dc02008e96 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2867.	[bug]		Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
+			don't like it.  [RT #20986]
+
 2866.	[bug]		Windows does not like the TSIG name being compressed.
 			[RT #20986]
 
diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
index 6724590b4f3..5f1cd855c1e 100644
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: gssapictx.c,v 1.14 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: gssapictx.c,v 1.15 2010/03/12 03:47:08 marka Exp $ */
 
 #include <config.h>
 
@@ -488,8 +488,12 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
 		gintokenp = NULL;
 	}
 
+	/*
+	 * Note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
+	 * servers don't like it.
+	 */
 	flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
-		GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
+		GSS_C_INTEG_FLAG;
 
 	gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
 				    gname, GSS_SPNEGO_MECHANISM, flags,