diff options
| author | Simo Sorce <simo@redhat.com> | 2014-05-05 17:05:50 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-05-05 17:05:50 -0400 |
| commit | bdb7be8468140550b59d1ec6694130f51ba9a799 (patch) | |
| tree | e797f81b6f8336ccfdec1e4c28635e2a313b57ad /src/gss_ntlmssp.h | |
| parent | 2d7f4ec84126d88b66eed5a06d20d980f88c5b67 (diff) | |
| download | gss-ntlmssp-bdb7be8468140550b59d1ec6694130f51ba9a799.tar.gz gss-ntlmssp-bdb7be8468140550b59d1ec6694130f51ba9a799.tar.xz gss-ntlmssp-bdb7be8468140550b59d1ec6694130f51ba9a799.zip | |
Add way to talk about MIC with SPNEGO
As agreed with MIT people, add an inquire mechanism that serves 2 roles.
On the one hand, if the spnego mechanism makes this call at all it means
it is recent enough to support forcing the mechlistMIC on if we create
an Authenticate message MIC. So remove the environment variable and
instead depend on the SPNEGO layer to call this function before the
Authenticate token is generated (usually right after the Negotiate token
has been produced).
On the other hand if this function has been called assume SPNEGO will
call again right after the authenticate message has been genrated to
know whether the mechlistMIC needs to be added.
Diffstat (limited to 'src/gss_ntlmssp.h')
| -rw-r--r-- | src/gss_ntlmssp.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h index c25cb52..194e954 100644 --- a/src/gss_ntlmssp.h +++ b/src/gss_ntlmssp.h @@ -61,6 +61,10 @@ NTLMSSP_NEGOTIATE_OEM | \ NTLMSSP_NEGOTIATE_UNICODE) +#define NTLMSSP_CTX_FLAG_ESTABLISHED 0x01 /* context was established */ +#define NTLMSSP_CTX_FLAG_SPNEGO_CAN_MIC 0x02 /* SPNEGO asks for MIC */ +#define NTLMSSP_CTX_FLAG_AUTH_WITH_MIC 0x04 /* Auth MIC was created */ + struct gssntlm_name { enum ntlm_name_type { GSSNTLM_NAME_NULL, @@ -150,7 +154,7 @@ struct gssntlm_ctx { struct gssntlm_signseal send; struct gssntlm_signseal recv; - bool established; + uint32_t int_flags; time_t expiration_time; }; @@ -262,6 +266,11 @@ uint32_t gssntlm_set_sec_context_option(uint32_t *minor_status, const gss_OID desired_object, const gss_buffer_t value); +uint32_t gssntlm_inquire_sec_context_by_oid(uint32_t *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + uint32_t gssntlm_get_mic(uint32_t *minor_status, gss_ctx_id_t context_handle, gss_qop_t qop_req, |