From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 11 Jun 2008 05:59:20 +0000 (+0200)
Subject: credentials: set GSS_KRB5_CRED_NO_CI_FLAGS_X to avoid GSS_C_CONF_FLAG and GSS_C_INTEG... 
X-Git-Tag: samba-4.0.0alpha5~34^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f573c1ff4443f3002c310d3ba29d8c343ad03907;p=thirdparty%2Fsamba.git

credentials: set GSS_KRB5_CRED_NO_CI_FLAGS_X to avoid GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG

metze
---

diff --git a/source/auth/credentials/credentials_krb5.c b/source/auth/credentials/credentials_krb5.c
index 3bc17644488..b9207ab601a 100644
--- a/source/auth/credentials/credentials_krb5.c
+++ b/source/auth/credentials/credentials_krb5.c
@@ -379,19 +379,34 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 	maj_stat = gss_krb5_import_cred(&min_stat, ccache->ccache, NULL, NULL, 
 					&gcc->creds);
 	if (maj_stat) {
+		talloc_free(gcc);
 		if (min_stat) {
 			ret = min_stat;
 		} else {
 			ret = EINVAL;
 		}
+		return ret;
 	}
-	if (ret == 0) {
-		cred->client_gss_creds_obtained = cred->ccache_obtained;
-		talloc_set_destructor(gcc, free_gssapi_creds);
-		cred->client_gss_creds = gcc;
-		*_gcc = gcc;
+
+	/* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */
+	maj_stat = gss_set_cred_option(&min_stat, gcc->creds,
+				       GSS_KRB5_CRED_NO_CI_FLAGS_X,
+				       GSS_C_NO_BUFFER);
+	if (maj_stat) {
+		talloc_free(gcc);
+		if (min_stat) {
+			ret = min_stat;
+		} else {
+			ret = EINVAL;
+		}
+		return ret;
 	}
-	return ret;
+
+	cred->client_gss_creds_obtained = cred->ccache_obtained;
+	talloc_set_destructor(gcc, free_gssapi_creds);
+	cred->client_gss_creds = gcc;
+	*_gcc = gcc;
+	return 0;
 }
 
 /**