Allow GSS mechs to force mechlistMIC in SPNEGO

During a SPNEGO negotiation, if the NTLMSSP mechanism is used and a
MIC is produced within the final initiator mechanism token, Microsoft
servers require a mechlistMIC even if NTLMSSP was the most preferred
mechanism.

In spnego_mech.c, add a helper function mech_requires_mechlistMIC
which queries the mechanism to determine whether we might need to
produce a mechlistMIC for interoperability.  Call it after each call
to the mechanism's gss_init_sec_context and set sc->mic_reqd if it
returns true.  Although only the second call to NTLMSSP will actually
ever return true, the first call makes the mechanism aware that the
SPNEGO implementation supports this feature.

[ghudson@mit.edu: clarified commit message and code]

ticket: 7907 (new)

0 files changed, 0 insertions, 0 deletions