diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-03-01 16:57:04 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-03-01 22:04:45 +1100 |
commit | 74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c (patch) | |
tree | f70f5badf550da23766eb4008ca02551a1bb2574 | |
parent | 4dae0e7ec5add0c2000484a7dc6ca6f147e6ecb9 (diff) | |
download | samba-74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c.tar.gz samba-74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c.tar.bz2 samba-74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c.zip |
s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego
The SPNEGO code changed since this was last tested.
Andrew Bartlett
-rw-r--r-- | source3/utils/ntlm_auth.c | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index fb38c8e09e..2216816bb4 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1908,8 +1908,8 @@ static void manage_client_ntlmssp_targ(struct spnego_data spnego) spnego.negTokenTarg.responseToken, &request); - if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from " + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED or OK from " "ntlmssp_client_update, got: %s\n", nt_errstr(status))); x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from " @@ -1950,27 +1950,16 @@ static bool manage_client_krb5_init(struct spnego_data spnego) ssize_t len; TALLOC_CTX *ctx = talloc_tos(); - if ( (spnego.negTokenInit.mechListMIC.data == NULL) || - (spnego.negTokenInit.mechListMIC.length == 0) ) { - DEBUG(1, ("Did not get a principal for krb5\n")); - return False; - } - - principal = talloc_strndup(ctx, (char *)spnego.negTokenInit.mechListMIC.data, - spnego.negTokenInit.mechListMIC.length); - - if (!principal) { - return false; - } + principal = spnego.negTokenInit.targetPrincipal; /* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us */ if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) { - TALLOC_FREE(principal); + principal = NULL; } if (principal == NULL && - !is_ipaddress(opt_target_hostname)) { + opt_target_service && opt_target_hostname && !is_ipaddress(opt_target_hostname)) { DEBUG(3,("manage_client_krb5_init: using target " "hostname not SPNEGO principal\n")); |