[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Dec 1 23:24:03 UTC 2016
The branch, master has been updated
via 943c6ee s3-libads: Fix canonicalization support with MIT Kerberos
via 7ca7680 s3: libsmb: Setting the LIBSMBCLIENT_NO_CCACHE environment variable doesn't turn off credential cache use.
from 8858657 replace: Include libgen.h if available
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 943c6ee030a07f87545dcf72e3d1a5bc78eac701
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 15 12:09:59 2016 +0100
s3-libads: Fix canonicalization support with MIT Kerberos
This allows to authenticate using user at DOMAIN against an AD DC.
https://bugzilla.samba.org/show_bug.cgi?id=12457
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 2 00:23:02 CET 2016 on sn-devel-144
commit 7ca7680c94f457dea8698124e2780efa55865ed3
Author: Jeremy Allison <jra at samba.org>
Date: Wed Nov 30 10:25:53 2016 -0800
s3: libsmb: Setting the LIBSMBCLIENT_NO_CCACHE environment variable doesn't turn off credential cache use.
Signed-off-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/libads/kerberos.c | 13 ++++++++++++-
source3/libsmb/libsmb_context.c | 4 ++--
2 files changed, 14 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 1203153..d8765dc 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -269,6 +269,7 @@ int kerberos_kinit_password_ext(const char *principal,
krb5_error_code code = 0;
krb5_ccache cc = NULL;
krb5_principal me = NULL;
+ krb5_principal canon_princ = NULL;
krb5_creds my_creds;
krb5_get_init_creds_opt *opt = NULL;
smb_krb5_addresses *addr = NULL;
@@ -302,6 +303,11 @@ int kerberos_kinit_password_ext(const char *principal,
krb5_get_init_creds_opt_set_renew_life(opt, renewable_time);
krb5_get_init_creds_opt_set_forwardable(opt, True);
+
+ /* Turn on canonicalization for lower case realm support */
+#ifndef SAMBA4_USES_HEIMDAL /* MIT */
+ krb5_get_init_creds_opt_set_canonicalize(opt, true);
+#endif /* MIT */
#if 0
/* insane testing */
krb5_get_init_creds_opt_set_tkt_life(opt, 60);
@@ -328,7 +334,12 @@ int kerberos_kinit_password_ext(const char *principal,
goto out;
}
- if ((code = krb5_cc_initialize(ctx, cc, me))) {
+ canon_princ = me;
+#ifndef SAMBA4_USES_HEIMDAL /* MIT */
+ canon_princ = my_creds.client;
+#endif /* MIT */
+
+ if ((code = krb5_cc_initialize(ctx, cc, canon_princ))) {
goto out;
}
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index a956058..ed6ca2b 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -177,8 +177,8 @@ smbc_new_context(void)
smbc_setOptionBrowseMaxLmbCount(context, 3); /* # LMBs to query */
smbc_setOptionUrlEncodeReaddirEntries(context, False);
smbc_setOptionOneSharePerServer(context, False);
- if (getenv("LIBSMBCLIENT_NO_CCACHE") == NULL) {
- smbc_setOptionUseCCache(context, true);
+ if (getenv("LIBSMBCLIENT_NO_CCACHE") != NULL) {
+ smbc_setOptionUseCCache(context, false);
}
smbc_setFunctionAuthData(context, SMBC_get_auth_data);
--
Samba Shared Repository
More information about the samba-cvs
mailing list