diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-12-20 08:52:52 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-15 09:13:22 +0200 |
commit | 7bf0308a319df4359fb8f22954da16873b975dc2 (patch) | |
tree | 406aa096130b6eb1559a726a4eacaf8c6abf926d /source4/ldap_server/ldap_backend.c | |
parent | e244ba4a8f8dea571df6abb96324cb696af67450 (diff) | |
download | samba-7bf0308a319df4359fb8f22954da16873b975dc2.tar.gz |
s4:auth/gensec: let GENSEC_FEATURE_SESSION_KEY result in GSS_C_INTEG_FLAG
This is important to allow the 'new_spnego' with mech_list protection to work
for a SMB session setup.
This is not strictly needed as we always announce GENSEC_FEATURE_SESSION_KEY
in gensec_gssapi_have_feature(), but it's better to send GSS_C_INTEG_FLAG
over the wire.
This may prevent a ticket from a Samba client to an SMB server
(particularly a DC) being misused to connect to the LDAP server on that
DC, as the LDAP server will require GSSAPI signing of the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/ldap_server/ldap_backend.c')
0 files changed, 0 insertions, 0 deletions