summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-12-04 15:23:44 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-12-08 08:55:04 +0100
commita21cb5a0a11c63f7746a483dca845c12dcfdf1b2 (patch)
treeae4f8fd290b051232872716df44ff0b8e398c330
parent53b49d4091205cfefabf424a2fefc2df756613d9 (diff)
downloadsamba-a21cb5a0a11c63f7746a483dca845c12dcfdf1b2.tar.gz
samba-a21cb5a0a11c63f7746a483dca845c12dcfdf1b2.tar.bz2
samba-a21cb5a0a11c63f7746a483dca845c12dcfdf1b2.zip
libcli/auth bring ADS_IGNORE_PRINCIPAL in common
-rw-r--r--libcli/auth/spnego.h2
-rw-r--r--source3/include/smb_krb5.h2
-rw-r--r--source4/auth/gensec/spnego.c3
3 files changed, 4 insertions, 3 deletions
diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h
index 6aed765492..9a93f2ed52 100644
--- a/libcli/auth/spnego.h
+++ b/libcli/auth/spnego.h
@@ -25,6 +25,8 @@
#define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2"
#define OID_KERBEROS5 "1.2.840.113554.1.2.2"
+#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
+
#define SPNEGO_DELEG_FLAG 0x01
#define SPNEGO_MUTUAL_FLAG 0x02
#define SPNEGO_REPLAY_FLAG 0x04
diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
index 0a6ba79038..64c5136acb 100644
--- a/source3/include/smb_krb5.h
+++ b/source3/include/smb_krb5.h
@@ -4,8 +4,6 @@
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
/* this file uses DEPRECATED interfaces! */
-#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
-
#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
#define KRB5_DEPRECATED 1
#else
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 813bf0a730..898dad1e92 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -827,7 +827,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
- if (spnego.negTokenInit.targetPrincipal) {
+ if (spnego.negTokenInit.targetPrincipal
+ && strcmp(spnego.negTokenInit.targetPrincipal, ADS_IGNORE_PRINCIPAL) != 0) {
DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal));
if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);