diff options
author | Volker Lendecke <vlendec@samba.org> | 2003-08-14 21:07:49 +0000 |
---|---|---|
committer | Volker Lendecke <vlendec@samba.org> | 2003-08-14 21:07:49 +0000 |
commit | bb6dff2cb1599882ed6142c3617560b6e9755841 (patch) | |
tree | 18dc1609d8db525876a1182a8d20e237c020e850 | |
parent | 4e4558998ed3ac1c9c4568e64dd5d348e4cb87eb (diff) | |
download | samba-bb6dff2cb1599882ed6142c3617560b6e9755841.tar.gz samba-bb6dff2cb1599882ed6142c3617560b6e9755841.tar.bz2 samba-bb6dff2cb1599882ed6142c3617560b6e9755841.zip |
In ads_verify_realm, all we use in the ADS_STRUCT is the
auth.realm. So directly pass that instead of setting up and tearing
down the ADS_STRUCT.
Volker
(This used to be commit ce5b8d2ec20fe1f4d3d1956020d88272fb84124a)
-rw-r--r-- | source3/libads/kerberos_verify.c | 4 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 17 |
2 files changed, 4 insertions, 17 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 48b61cd1f2..b82e13b05b 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -28,7 +28,7 @@ verify an incoming ticket and parse out the principal name and authorization_data if available */ -NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, +NTSTATUS ads_verify_ticket(const char *realm, const DATA_BLOB *ticket, char **principal, DATA_BLOB *auth_data, DATA_BLOB *ap_rep, uint8 session_key[16]) @@ -79,7 +79,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, return NT_STATUS_LOGON_FAILURE; } - ret = krb5_set_default_realm(context, ads->auth.realm); + ret = krb5_set_default_realm(context, realm); if (ret) { DEBUG(1,("ads_verify_ticket: krb5_set_default_realm failed (%s)\n", error_message(ret))); sret = NT_STATUS_LOGON_FAILURE; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 88b442215d..0b3d42302a 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -149,7 +149,6 @@ static int reply_spnego_kerberos(connection_struct *conn, DATA_BLOB auth_data; DATA_BLOB ap_rep, ap_rep_wrapped, response; auth_serversupplied_info *server_info = NULL; - ADS_STRUCT *ads; uint8 session_key[16]; uint8 tok_id[2]; BOOL foreign = False; @@ -165,18 +164,9 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - ads = ads_init_simple(); - - if (!ads) { - return ERROR_NT(NT_STATUS_LOGON_FAILURE); - } - - ads->auth.realm = strdup(lp_realm()); - - ret = ads_verify_ticket(ads, &ticket, &client, &auth_data, &ap_rep, session_key); + ret = ads_verify_ticket(lp_realm(), &ticket, &client, &auth_data, &ap_rep, session_key); if (!NT_STATUS_IS_OK(ret)) { DEBUG(1,("Failed to verify incoming ticket!\n")); - ads_destroy(&ads); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -187,13 +177,12 @@ static int reply_spnego_kerberos(connection_struct *conn, p = strchr_m(client, '@'); if (!p) { DEBUG(3,("Doesn't look like a valid principal\n")); - ads_destroy(&ads); data_blob_free(&ap_rep); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } *p = 0; - if (strcasecmp(p+1, ads->auth.realm) != 0) { + if (strcasecmp(p+1, lp_realm()) != 0) { DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1)); if (!lp_allow_trusted_domains()) { data_blob_free(&ap_rep); @@ -213,8 +202,6 @@ static int reply_spnego_kerberos(connection_struct *conn, user = smb_xstrdup(client); } - ads_destroy(&ads); - /* setup the string used by %U */ sub_set_smb_name(user); |