1 files changed, 0 insertions, 37 deletions

diff --git a/krb5-master-ignore-empty-unnecessary-final-token.patch b/krb5-master-ignore-empty-unnecessary-final-token.patch
deleted file mode 100644
index 3ebb888..0000000
--- a/krb5-master-ignore-empty-unnecessary-final-token.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-commit 37af638b742dbd642eb70092e4f7781c3f69d86d
-Author: Greg Hudson <ghudson@mit.edu>
-Date:   Tue Dec 10 12:04:18 2013 -0500
-
-    Fix SPNEGO one-hop interop against old IIS
-    
-    IIS 6.0 and similar return a zero length reponse buffer in the last
-    SPNEGO packet when context initiation is performed without mutual
-    authentication.  In this case the underlying Kerberos mechanism has
-    already completed successfully on the first invocation, and SPNEGO
-    does not expect a mech response token in the answer.  If we get an
-    empty mech response token when the mech is complete during
-    negotiation, ignore it.
-    
-    [ghudson@mit.edu: small code style and commit message changes]
-    
-    ticket: 7797 (new)
-    target_version: 1.12.1
-    tags: pullup
-
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index 3937662..d82934b 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -760,6 +760,12 @@ init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
- 			map_errcode(minor_status);
- 			ret = GSS_S_DEFECTIVE_TOKEN;
- 		}
-+	} else if ((*responseToken)->length == 0 && sc->mech_complete) {
-+		/* Handle old IIS servers returning empty token instead of
-+		 * null tokens in the non-mutual auth case. */
-+		*negState = ACCEPT_COMPLETE;
-+		*tokflag = NO_TOKEN_SEND;
-+		ret = GSS_S_COMPLETE;
- 	} else if (sc->mech_complete) {
- 		/* Reject spurious mech token. */
- 		ret = GSS_S_DEFECTIVE_TOKEN;