From febbd9a5b0d651286116be0c72fb395d432b7ce5 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 25 Sep 2010 23:30:52 +0200 Subject: [PATCH] don't advertise mutual auth for now becuase it's not implemented --- init_sec_context.c | 10 ++++++++-- inquire_attrs_for_mech.c | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/init_sec_context.c b/init_sec_context.c index 515f044..a8561dd 100644 --- a/init_sec_context.c +++ b/init_sec_context.c @@ -253,7 +253,7 @@ peerConfigFree(OM_uint32 *minor, } static OM_uint32 -initReady(OM_uint32 *minor, gss_ctx_id_t ctx) +initReady(OM_uint32 *minor, gss_ctx_id_t ctx, OM_uint32 reqFlags) { OM_uint32 major; const unsigned char *key; @@ -261,6 +261,12 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx) krb5_enctype encryptionType; int gotKey = 0; +#if 0 + /* XXX actually check for mutual auth */ + if (reqFlags & GSS_C_MUTUAL_FLAG) + ctx->gssFlags |= GSS_C_MUTUAL_FLAG; +#endif + /* Cache encryption type derived from selected mechanism OID */ major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &encryptionType); if (GSS_ERROR(major)) @@ -446,7 +452,7 @@ eapGssSmInitAuthenticate(OM_uint32 *minor, resp = eap_get_eapRespData(ctx->initiatorCtx.eap); } else if (ctx->flags & CTX_FLAG_EAP_SUCCESS) { - major = initReady(minor, ctx); + major = initReady(minor, ctx, reqFlags); if (GSS_ERROR(major)) goto cleanup; diff --git a/inquire_attrs_for_mech.c b/inquire_attrs_for_mech.c index ffd33bd..e487a05 100644 --- a/inquire_attrs_for_mech.c +++ b/inquire_attrs_for_mech.c @@ -65,7 +65,7 @@ gss_inquire_attrs_for_mech(OM_uint32 *minor, MA_SUPPORTED(GSS_C_MA_MECH_CONCRETE); MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED); MA_SUPPORTED(GSS_C_MA_AUTH_INIT); - MA_SUPPORTED(GSS_C_MA_AUTH_TARG); +// MA_SUPPORTED(GSS_C_MA_AUTH_TARG); MA_SUPPORTED(GSS_C_MA_AUTH_INIT_INIT); MA_SUPPORTED(GSS_C_MA_DELEG_CRED); MA_SUPPORTED(GSS_C_MA_INTEG_PROT); -- 2.1.4