Patch to restore GSSAPI abstraction to ads_sasl_gssapi_bind
Steve Langasek
vorlon at netexpress.net
Sun Jun 1 02:47:14 GMT 2003
The following patch fixes up ads_sasl_gssapi_bind() to use the GSS API,
instead of calling krb5 functions directly. It has been tested with MIT
KRB5 libs with no adverse effects.
Cheers,
--
Steve Langasek
postmodern programmer
Index: libads/sasl.c
===================================================================
RCS file: /cvsroot/samba/source/libads/sasl.c,v
retrieving revision 1.4.2.9
diff -u -w -r1.4.2.9 sasl.c
--- libads/sasl.c 24 Apr 2003 14:07:13 -0000 1.4.2.9
+++ libads/sasl.c 10 May 2003 15:26:59 -0000
@@ -239,30 +239,16 @@
char *sname;
unsigned sec_layer;
ADS_STATUS status;
- krb5_principal principal;
- krb5_context ctx;
- krb5_enctype enc_types[] = {
-#ifdef ENCTYPE_ARCFOUR_HMAC
- ENCTYPE_ARCFOUR_HMAC,
-#endif
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_NULL};
- gss_OID_desc nt_principal =
- {10, "\052\206\110\206\367\022\001\002\002\002"};
/* we need to fetch a service ticket as the ldap user in the
servers realm, regardless of our realm */
asprintf(&sname, "ldap/%s@%s", ads->config.ldap_server_name, ads->config.realm);
- krb5_init_context(&ctx);
- krb5_set_default_tgs_ktypes(ctx, enc_types);
- krb5_parse_name(ctx, sname, &principal);
- free(sname);
- krb5_free_context(ctx);
- input_name.value = &principal;
- input_name.length = sizeof(principal);
+ input_name.value = sname;
+ input_name.length = strlen(sname);
- gss_rc = gss_import_name(&minor_status,&input_name,&nt_principal, &serv_name);
+ gss_rc = gss_import_name(&minor_status,&input_name, GSS_C_NO_OID, &serv_name);
+ free(sname);
if (gss_rc) {
return ADS_ERROR_GSS(gss_rc, minor_status);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030531/2ad990f6/attachment.bin
More information about the samba-technical
mailing list