diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-12-10 07:57:59 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-12-10 16:08:31 +1100 |
| commit | f13404e27b00f826a11684e69cff82ae0023fc91 (patch) | |
| tree | 21049551c417e2be3eb88082b9f047c4ec6edbe7 | |
| parent | 45d784e929b37edddea4c472d288a46b37aa7415 (diff) | |
| download | samba-f13404e27b00f826a11684e69cff82ae0023fc91.tar.gz samba-f13404e27b00f826a11684e69cff82ae0023fc91.tar.bz2 samba-f13404e27b00f826a11684e69cff82ae0023fc91.zip | |
s3-libsmb Don't ever ask for machine$ principals as a target.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
| -rw-r--r-- | source3/libsmb/cliconnect.c | 36 |
1 files changed, 6 insertions, 30 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index c66314891d..65f6924a68 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1290,24 +1290,11 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, !strequal(STAR_SMBSERVER, cli->desthost)) { char *realm = NULL; - char *machine = NULL; char *host = NULL; - DEBUG(3,("cli_session_setup_spnego: got a " - "bad server principal, trying to guess ...\n")); + DEBUG(3,("cli_session_setup_spnego: using target " + "hostname not SPNEGO principal\n")); host = strchr_m(cli->desthost, '.'); - if (host) { - /* We had a '.' in the name. */ - machine = SMB_STRNDUP(cli->desthost, - host - cli->desthost); - } else { - machine = SMB_STRDUP(cli->desthost); - } - if (machine == NULL) { - TALLOC_FREE(principal); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - if (dest_realm) { realm = SMB_STRDUP(dest_realm); strupper_m(realm); @@ -1322,21 +1309,11 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, } if (realm && *realm) { - if (host) { - /* DNS name. */ - principal = talloc_asprintf(talloc_tos(), - "cifs/%s@%s", - cli->desthost, - realm); - } else { - /* NetBIOS name, use machine account. */ - principal = talloc_asprintf(talloc_tos(), - "%s$@%s", - machine, - realm); - } + principal = talloc_asprintf(talloc_tos(), + "cifs/%s@%s", + cli->desthost, + realm); if (!principal) { - SAFE_FREE(machine); SAFE_FREE(realm); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -1344,7 +1321,6 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, "server principal=%s\n", principal ? principal : "<null>")); } - SAFE_FREE(machine); SAFE_FREE(realm); } |