2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers

don't like it. [RT #20986]
2026-06-11 03:19:59 -04:00 · 2010-03-12 03:47:08 +00:00 · 2010-03-12 03:47:08 +00:00 · a80d26914a
commit a80d26914a
parent c19f322914
2 changed files with 9 additions and 2 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+2867.	[bug]		Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
+			don't like it.  [RT #20986]
+
 2866.	[bug]		Windows does not like the TSIG name being compressed.
 			[RT #20986]

--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: gssapictx.c,v 1.14 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: gssapictx.c,v 1.15 2010/03/12 03:47:08 marka Exp $ */

 #include <config.h>

@ -488,8 +488,12 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
 		gintokenp = NULL;
 	}

+	/*
+	 * Note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
+	 * servers don't like it.
+	 */
 	flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
-		GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
+		GSS_C_INTEG_FLAG;

 	gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
 				    gname, GSS_SPNEGO_MECHANISM, flags,