summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-03-01 16:57:04 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-03-01 22:04:45 +1100
commit74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c (patch)
treef70f5badf550da23766eb4008ca02551a1bb2574
parent4dae0e7ec5add0c2000484a7dc6ca6f147e6ecb9 (diff)
downloadsamba-74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c.tar.gz
samba-74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c.tar.bz2
samba-74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c.zip
s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego
The SPNEGO code changed since this was last tested. Andrew Bartlett
-rw-r--r--source3/utils/ntlm_auth.c21
1 files changed, 5 insertions, 16 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index fb38c8e09e..2216816bb4 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1908,8 +1908,8 @@ static void manage_client_ntlmssp_targ(struct spnego_data spnego)
spnego.negTokenTarg.responseToken,
&request);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from "
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED or OK from "
"ntlmssp_client_update, got: %s\n",
nt_errstr(status)));
x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from "
@@ -1950,27 +1950,16 @@ static bool manage_client_krb5_init(struct spnego_data spnego)
ssize_t len;
TALLOC_CTX *ctx = talloc_tos();
- if ( (spnego.negTokenInit.mechListMIC.data == NULL) ||
- (spnego.negTokenInit.mechListMIC.length == 0) ) {
- DEBUG(1, ("Did not get a principal for krb5\n"));
- return False;
- }
-
- principal = talloc_strndup(ctx, (char *)spnego.negTokenInit.mechListMIC.data,
- spnego.negTokenInit.mechListMIC.length);
-
- if (!principal) {
- return false;
- }
+ principal = spnego.negTokenInit.targetPrincipal;
/* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us
*/
if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) {
- TALLOC_FREE(principal);
+ principal = NULL;
}
if (principal == NULL &&
- !is_ipaddress(opt_target_hostname)) {
+ opt_target_service && opt_target_hostname && !is_ipaddress(opt_target_hostname)) {
DEBUG(3,("manage_client_krb5_init: using target "
"hostname not SPNEGO principal\n"));