[SCM] Samba Shared Repository - branch v3-0-test updated -
release-3-0-28-36-g02b5280
Jeremy Allison
jra at samba.org
Sun Dec 16 07:33:37 GMT 2007
The branch, v3-0-test has been updated
via 02b5280a8b35346dc41279bab80a4cec8a7515eb (commit)
from 38eca7a2d0d4b899c3ff94dc3ec51e103ac49cdd (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 02b5280a8b35346dc41279bab80a4cec8a7515eb
Author: Jeremy Allison <jra at samba.org>
Date: Sat Dec 15 23:22:17 2007 -0800
Added patch originally by Andreas Schneider <anschneider at suse.de>
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/configure.in | 24 ++++++++++++++++++++
source/libads/kerberos.c | 52 ++++++++++++++++++++++++++++++++++++++++++++
source/libsmb/cliconnect.c | 49 ++++++++++++++++++++++++++++++++++------
3 files changed, 117 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/configure.in b/source/configure.in
index 91f1582..d9fc21b 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -3944,6 +3944,30 @@ if test x"$with_ads_support" != x"no"; then
fi
+ AC_CACHE_CHECK([for krb5_principal_get_realm],
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM,[
+ AC_TRY_LINK([#include <krb5.h>],
+ [krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_principal_get_realm(ctx, princ);],
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=yes,
+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1,
+ [Whether the function krb5_principal_get_realm is defined])
+ fi
+
+ AC_CACHE_CHECK([for krb5_princ_realm],
+ samba_cv_HAVE_KRB5_PRINC_REALM,[
+ AC_TRY_LINK([#include <krb5.h>],
+ [krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_princ_realm(ctx, princ)->data;],
+ samba_cv_HAVE_KRB5_PRINC_REALM=yes,
+ samba_cv_HAVE_KRB5_PRINC_REALM=no)])
+
+ if test x"$samba_cv_HAVE_KRB5_PRINC_REALM" = x"yes"; then
+ AC_DEFINE(HAVE_KRB5_PRINC_REALM,1,
+ [Whether the macro krb5_princ_realm is defined])
+ fi
+
#
#
# Now the decisions whether we can support krb5
diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c
index c74c98d..6e3063d 100644
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@@ -362,6 +362,58 @@ char* kerberos_secrets_fetch_des_salt( void )
return salt;
}
+/************************************************************************
+ Routine to get the default realm from the kerberos credentials cache.
+ Caller must free if the return value is not NULL.
+************************************************************************/
+
+char *kerberos_get_default_realm_from_ccache( void )
+{
+ char *realm = NULL;
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+ krb5_principal princ = NULL;
+
+ initialize_krb5_error_table();
+ if (krb5_init_context(&ctx)) {
+ return NULL;
+ }
+
+ DEBUG(5,("kerberos_get_default_realm_from_ccache: "
+ "Trying to read krb5 cache: %s\n",
+ krb5_cc_default_name(ctx)));
+ if (krb5_cc_default(ctx, &cc)) {
+ DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+ "failed to read default cache\n"));
+ goto out;
+ }
+ if (krb5_cc_get_principal(ctx, cc, &princ)) {
+ DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+ "failed to get default principal\n"));
+ goto done;
+ }
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
+ realm = SMB_STRDUP(krb5_principal_get_realm(ctx, princ));
+#elif defined(HAVE_KRB5_PRINC_REALM)
+ realm = SMB_STRDUP(krb5_princ_realm(ctx, princ)->data);
+#endif
+
+ out:
+
+ if (princ) {
+ krb5_free_principal(ctx, princ);
+ }
+ if (cc) {
+ krb5_cc_close(ctx, cc);
+ }
+ if (ctx) {
+ krb5_free_context(ctx);
+ }
+done:
+ return realm;
+}
+
/************************************************************************
Routine to get the salting principal for this service. This is
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index d458ce2..fb94ff8 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -40,6 +40,8 @@ static const struct {
{-1,NULL}
};
+static const char *star_smbserver_name = "*SMBSERVER";
+
/**
* Set the user session key for a connection
* @param cli The cli structure to add it too
@@ -861,10 +863,41 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
}
}
- rc = cli_session_setup_kerberos(cli, principal, domain);
- if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
+ /* If we get a bad principal, try to guess it if
+ we have a valid host NetBIOS name.
+ */
+ if (strequal(principal,
+ "not_defined_in_RFC4178 at please_ignore")) {
SAFE_FREE(principal);
- return rc;
+ }
+ if (principal == NULL &&
+ !is_ipaddress(cli->desthost) &&
+ !strequal(star_smbserver_name,
+ cli->desthost)) {
+ char *realm = NULL;
+ DEBUG(3,("cli_session_setup_spnego: got a "
+ "bad server principal, trying to guess ...\n"));
+
+ realm = kerberos_get_default_realm_from_ccache();
+ if (realm && *realm) {
+ if (asprintf(&principal, "%s$@%s",
+ cli->desthost, realm) < 0) {
+ SAFE_FREE(realm);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+ DEBUG(3,("cli_session_setup_spnego: guessed "
+ "server principal=%s\n",
+ principal ? principal : "<null>"));
+ }
+ SAFE_FREE(realm);
+ }
+
+ if (principal) {
+ rc = cli_session_setup_kerberos(cli, principal, domain);
+ if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
+ SAFE_FREE(principal);
+ return rc;
+ }
}
}
#endif
@@ -1412,7 +1445,7 @@ NTSTATUS cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip
char *p;
/* reasonable default hostname */
- if (!host) host = "*SMBSERVER";
+ if (!host) host = star_smbserver_name;
fstrcpy(cli->desthost, host);
@@ -1527,8 +1560,8 @@ again:
*p = 0;
goto again;
}
- if (strcmp(called.name, "*SMBSERVER")) {
- make_nmb_name(&called , "*SMBSERVER", 0x20);
+ if (strcmp(called.name, star_smbserver_name)) {
+ make_nmb_name(&called , star_smbserver_name, 0x20);
goto again;
}
return NT_STATUS_BAD_NETWORK_NAME;
@@ -1652,7 +1685,7 @@ BOOL attempt_netbios_session_request(struct cli_state **ppcli, const char *srcho
*/
if(is_ipaddress(desthost)) {
- make_nmb_name(&called, "*SMBSERVER", 0x20);
+ make_nmb_name(&called, star_smbserver_name, 0x20);
} else {
make_nmb_name(&called, desthost, 0x20);
}
@@ -1661,7 +1694,7 @@ BOOL attempt_netbios_session_request(struct cli_state **ppcli, const char *srcho
NTSTATUS status;
struct nmb_name smbservername;
- make_nmb_name(&smbservername , "*SMBSERVER", 0x20);
+ make_nmb_name(&smbservername, star_smbserver_name, 0x20);
/*
* If the name wasn't *SMBSERVER then
--
Samba Shared Repository
More information about the samba-cvs
mailing list