gss-ntlmssp icon indicating copy to clipboard operation
gss-ntlmssp copied to clipboard

Published 20 hours ago verified publisher icon gssapi

GSS_C_MA_AUTH_INIT_ANON

Open lhoward opened this issue 4 years ago • 5 comments

If you support GSS_C_ANON_FLAG, you should list GSS_C_MA_AUTH_INIT_ANON as a supported mechanism attribute. Future versions of Heimdal may exclude mechanisms from negotiation that do not support this attribute, if the initiator requested GSS_C_ANON_FLAG.

lhoward avatar Apr 06 '20 05:04 lhoward

TBH I am not sure I ever tested anonymous support, so I am going to assume it is somewhat broken. I will try to validate and then add GSS_C_MA_AUTH_INIT_ANON as part of resolving this issue.

simo5 avatar Apr 06 '20 17:04 simo5

Thanks Simo. Not sure if this mechanism was ever used with Heimdal, anyway? But it's nice for things to be "correct".

lhoward avatar Apr 06 '20 22:04 lhoward

I currently do not allow anon:

if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
    if (req_flags & GSS_C_ANON_FLAG) {
        set_GSSERRS(ERR_NOARG, GSS_S_UNAVAILABLE);
        goto done;

simo5 avatar May 18 '20 18:05 simo5

Ah, then no issue then. But – if you do want to support it, then please advertise GSS_C_MA_AUTH_INIT_ANON too. :)

lhoward avatar May 19 '20 08:05 lhoward

I am working on it, please do not close this issue :)

simo5 avatar May 19 '20 12:05 simo5