svn commit: samba r7398 - branches/SAMBA_3_0/source/smbd
trunk/source/smbd
jerry at samba.org
jerry at samba.org
Wed Jun 8 14:57:38 GMT 2005
Author: jerry
Date: 2005-06-08 14:57:37 +0000 (Wed, 08 Jun 2005)
New Revision: 7398
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7398
Log:
commiting abartlet's patch for kerberos authentication when using a keytab and security != ads
Modified:
branches/SAMBA_3_0/source/smbd/negprot.c
branches/SAMBA_3_0/source/smbd/sesssetup.c
trunk/source/smbd/negprot.c
trunk/source/smbd/sesssetup.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/negprot.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/negprot.c 2005-06-08 14:45:04 UTC (rev 7397)
+++ branches/SAMBA_3_0/source/smbd/negprot.c 2005-06-08 14:57:37 UTC (rev 7398)
@@ -178,7 +178,6 @@
OID_NTLMSSP,
NULL};
const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
- char *principal;
int len;
global_spnego_negotiated = True;
@@ -211,12 +210,16 @@
return 16;
}
#endif
- if (lp_security() != SEC_ADS) {
+ if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
} else {
- asprintf(&principal, "%s$@%s", guid, lp_realm());
- blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
- free(principal);
+ fstring myname;
+ char *host_princ_s = NULL;
+ name_to_fqdn(myname, global_myname());
+ strlower_m(myname);
+ asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm());
+ blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
+ SAFE_FREE(host_princ_s);
}
memcpy(p, blob.data, blob.length);
len = blob.length;
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-06-08 14:45:04 UTC (rev 7397)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-06-08 14:57:37 UTC (rev 7398)
@@ -468,7 +468,7 @@
DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length));
#ifdef HAVE_KRB5
- if (got_kerberos_mechanism && (SEC_ADS == lp_security())) {
+ if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || lp_use_kerberos_keytab()) ) {
int ret = reply_spnego_kerberos(conn, inbuf, outbuf,
length, bufsize, &secblob);
data_blob_free(&secblob);
Modified: trunk/source/smbd/negprot.c
===================================================================
--- trunk/source/smbd/negprot.c 2005-06-08 14:45:04 UTC (rev 7397)
+++ trunk/source/smbd/negprot.c 2005-06-08 14:57:37 UTC (rev 7398)
@@ -178,7 +178,6 @@
OID_NTLMSSP,
NULL};
const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
- char *principal;
int len;
global_spnego_negotiated = True;
@@ -211,12 +210,16 @@
return 16;
}
#endif
- if (lp_security() != SEC_ADS) {
+ if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
} else {
- asprintf(&principal, "%s$@%s", guid, lp_realm());
- blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
- free(principal);
+ fstring myname;
+ char *host_princ_s = NULL;
+ name_to_fqdn(myname, global_myname());
+ strlower_m(myname);
+ asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm());
+ blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
+ SAFE_FREE(host_princ_s);
}
memcpy(p, blob.data, blob.length);
len = blob.length;
Modified: trunk/source/smbd/sesssetup.c
===================================================================
--- trunk/source/smbd/sesssetup.c 2005-06-08 14:45:04 UTC (rev 7397)
+++ trunk/source/smbd/sesssetup.c 2005-06-08 14:57:37 UTC (rev 7398)
@@ -469,7 +469,7 @@
DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length));
#ifdef HAVE_KRB5
- if (got_kerberos_mechanism && (SEC_ADS == lp_security())) {
+ if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || lp_use_kerberos_keytab()) ) {
int ret = reply_spnego_kerberos(conn, inbuf, outbuf,
length, bufsize, &secblob);
data_blob_free(&secblob);
More information about the samba-cvs
mailing list