Add way to check if mechlistMIC must be producedspnego

This is an extension that is needed to work around a bug in Micorsoft's
SPNEGO implementation when the mechanism used is NTLMSSP and a MIC is
produced internally by this mechanism when this is the preferred
mechanism for the client.

In such case Microsoft servers require a mechlistMIC to be produced even
if RFC 4178 (c) says it should be optional.
In order to avoid interoperability problems this function checks if a
MIC has been produced internally and if so set sc->mic_reqd to 1 forcing
us to emit a mechlistMIC.

This function is intentioannly called after every gss_init_sec_context()
although only the second call can actually return a meaningful answer. The
first call is used to signal to the mechanism that the SPNEGO layer does
support forcing a mechlistMIC so that the mechanism does not put a MIC in
the Authenticate message at all if forcing a mechlistMIC is not supported.

Signed-off-by: Simo Sorce <simo@redhat.com>

0 files changed, 0 insertions, 0 deletions