summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-06-08 14:57:37 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:57:08 -0500
commitdacdfbc98ccb533626058745f4aacef0b0b36286 (patch)
tree3dff4571c0c2d4bec3ac86d2b4a5065b6504a3f1
parent0da9b4b336a24c184f097b46a46ffd9585f4a710 (diff)
downloadsamba-dacdfbc98ccb533626058745f4aacef0b0b36286.tar.gz
samba-dacdfbc98ccb533626058745f4aacef0b0b36286.tar.bz2
samba-dacdfbc98ccb533626058745f4aacef0b0b36286.zip
r7398: commiting abartlet's patch for kerberos authentication when using a keytab and security != ads
(This used to be commit 3faaa5c3eb3b2057984586e069a47cb210c99140)
-rw-r--r--source3/smbd/negprot.c13
-rw-r--r--source3/smbd/sesssetup.c2
2 files changed, 9 insertions, 6 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 054afac683..d4f0167a5f 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -178,7 +178,6 @@ static int negprot_spnego(char *p)
OID_NTLMSSP,
NULL};
const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
- char *principal;
int len;
global_spnego_negotiated = True;
@@ -211,12 +210,16 @@ static int negprot_spnego(char *p)
return 16;
}
#endif
- if (lp_security() != SEC_ADS) {
+ if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
} else {
- asprintf(&principal, "%s$@%s", guid, lp_realm());
- blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
- free(principal);
+ fstring myname;
+ char *host_princ_s = NULL;
+ name_to_fqdn(myname, global_myname());
+ strlower_m(myname);
+ asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm());
+ blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
+ SAFE_FREE(host_princ_s);
}
memcpy(p, blob.data, blob.length);
len = blob.length;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 5808de9788..3b33db24e8 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -468,7 +468,7 @@ static int reply_spnego_negotiate(connection_struct *conn,
DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length));
#ifdef HAVE_KRB5
- if (got_kerberos_mechanism && (SEC_ADS == lp_security())) {
+ if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || lp_use_kerberos_keytab()) ) {
int ret = reply_spnego_kerberos(conn, inbuf, outbuf,
length, bufsize, &secblob);
data_blob_free(&secblob);