summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-08-14 21:07:49 +0000
committerVolker Lendecke <vlendec@samba.org>2003-08-14 21:07:49 +0000
commitbb6dff2cb1599882ed6142c3617560b6e9755841 (patch)
tree18dc1609d8db525876a1182a8d20e237c020e850
parent4e4558998ed3ac1c9c4568e64dd5d348e4cb87eb (diff)
downloadsamba-bb6dff2cb1599882ed6142c3617560b6e9755841.tar.gz
samba-bb6dff2cb1599882ed6142c3617560b6e9755841.tar.bz2
samba-bb6dff2cb1599882ed6142c3617560b6e9755841.zip
In ads_verify_realm, all we use in the ADS_STRUCT is the
auth.realm. So directly pass that instead of setting up and tearing down the ADS_STRUCT. Volker (This used to be commit ce5b8d2ec20fe1f4d3d1956020d88272fb84124a)
-rw-r--r--source3/libads/kerberos_verify.c4
-rw-r--r--source3/smbd/sesssetup.c17
2 files changed, 4 insertions, 17 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 48b61cd1f2..b82e13b05b 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -28,7 +28,7 @@
verify an incoming ticket and parse out the principal name and
authorization_data if available
*/
-NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
+NTSTATUS ads_verify_ticket(const char *realm, const DATA_BLOB *ticket,
char **principal, DATA_BLOB *auth_data,
DATA_BLOB *ap_rep,
uint8 session_key[16])
@@ -79,7 +79,7 @@ NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket,
return NT_STATUS_LOGON_FAILURE;
}
- ret = krb5_set_default_realm(context, ads->auth.realm);
+ ret = krb5_set_default_realm(context, realm);
if (ret) {
DEBUG(1,("ads_verify_ticket: krb5_set_default_realm failed (%s)\n", error_message(ret)));
sret = NT_STATUS_LOGON_FAILURE;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 88b442215d..0b3d42302a 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -149,7 +149,6 @@ static int reply_spnego_kerberos(connection_struct *conn,
DATA_BLOB auth_data;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
auth_serversupplied_info *server_info = NULL;
- ADS_STRUCT *ads;
uint8 session_key[16];
uint8 tok_id[2];
BOOL foreign = False;
@@ -165,18 +164,9 @@ static int reply_spnego_kerberos(connection_struct *conn,
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- ads = ads_init_simple();
-
- if (!ads) {
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
- }
-
- ads->auth.realm = strdup(lp_realm());
-
- ret = ads_verify_ticket(ads, &ticket, &client, &auth_data, &ap_rep, session_key);
+ ret = ads_verify_ticket(lp_realm(), &ticket, &client, &auth_data, &ap_rep, session_key);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1,("Failed to verify incoming ticket!\n"));
- ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -187,13 +177,12 @@ static int reply_spnego_kerberos(connection_struct *conn,
p = strchr_m(client, '@');
if (!p) {
DEBUG(3,("Doesn't look like a valid principal\n"));
- ads_destroy(&ads);
data_blob_free(&ap_rep);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
*p = 0;
- if (strcasecmp(p+1, ads->auth.realm) != 0) {
+ if (strcasecmp(p+1, lp_realm()) != 0) {
DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
if (!lp_allow_trusted_domains()) {
data_blob_free(&ap_rep);
@@ -213,8 +202,6 @@ static int reply_spnego_kerberos(connection_struct *conn,
user = smb_xstrdup(client);
}
- ads_destroy(&ads);
-
/* setup the string used by %U */
sub_set_smb_name(user);