summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-01-24 20:21:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:55:10 -0500
commitc24c328a9e006473f4dba49fdf1842fb28952ec7 (patch)
tree43fee66886e5699d379784db1267bc5433fefd17
parentd1b7d109fa2b0c4a4b410ecf18b2f457cf90fcf5 (diff)
downloadsamba-c24c328a9e006473f4dba49fdf1842fb28952ec7.tar.gz
samba-c24c328a9e006473f4dba49fdf1842fb28952ec7.tar.bz2
samba-c24c328a9e006473f4dba49fdf1842fb28952ec7.zip
r4970: Fix for bug 2092, allowing fallback after kerberos and allow
gnome vfs to prevent auto-anonymous logon. Jeremy. (This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
-rw-r--r--source3/include/client.h1
-rw-r--r--source3/include/libsmbclient.h6
-rw-r--r--source3/libsmb/cliconnect.c8
-rw-r--r--source3/libsmb/libsmbclient.c12
4 files changed, 23 insertions, 4 deletions
diff --git a/source3/include/client.h b/source3/include/client.h
index c182544362..8ae8faf90d 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -144,6 +144,7 @@ struct cli_state {
uint16 max_recv_frag;
BOOL use_kerberos;
+ BOOL fallback_after_kerberos;
BOOL use_spnego;
BOOL use_oplocks; /* should we use oplocks? */
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index aaa19cb191..efb04285a7 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -455,9 +455,15 @@ struct _SMBCCTX {
* do _NOT_ touch this from your program !
*/
struct smbc_internal_data * internal;
+
+ int flags;
};
+/* Flags for SMBCCTX->flags */
+#define SMB_CTX_FLAG_USE_KERBEROS (1 << 0)
+#define SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS (1 << 1)
+#define SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON (1 << 2) /* don't try to do automatic anon login */
/**@ingroup misc
* Create a new SBMCCTX (a context).
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 659e124292..bffe9dfe8a 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -757,13 +757,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
if (ret){
SAFE_FREE(principal);
DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
+ if (cli->fallback_after_kerberos)
+ goto ntlmssp;
return ADS_ERROR_KRB5(ret);
}
}
rc = cli_session_setup_kerberos(cli, principal, domain);
- SAFE_FREE(principal);
- return rc;
+ if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
+ SAFE_FREE(principal);
+ return rc;
+ }
}
#endif
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index df9c4ddcad..8eeadc8a78 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -584,6 +584,13 @@ SMBCSRV *smbc_server(SMBCCTX *context,
return NULL;
}
+ if (context->flags & SMB_CTX_FLAG_USE_KERBEROS) {
+ c.use_kerberos = True;
+ }
+ if (context->flags & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS) {
+ c.fallback_after_kerberos = True;
+ }
+
c.timeout = context->timeout;
/* Force use of port 139 for first try, so browse lists can work */
@@ -648,8 +655,9 @@ SMBCSRV *smbc_server(SMBCCTX *context,
password, strlen(password),
password, strlen(password),
workgroup) &&
- /* try an anonymous login if it failed */
- !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {
+ /* Try an anonymous login if it failed and this was allowed by flags. */
+ ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
+ !cli_session_setup(&c, "", "", 1,"", 0, workgroup))) {
cli_shutdown(&c);
errno = EPERM;
return NULL;