diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-12-04 15:23:44 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-12-08 08:55:04 +0100 |
| commit | a21cb5a0a11c63f7746a483dca845c12dcfdf1b2 (patch) | |
| tree | ae4f8fd290b051232872716df44ff0b8e398c330 | |
| parent | 53b49d4091205cfefabf424a2fefc2df756613d9 (diff) | |
| download | samba-a21cb5a0a11c63f7746a483dca845c12dcfdf1b2.tar.gz samba-a21cb5a0a11c63f7746a483dca845c12dcfdf1b2.tar.bz2 samba-a21cb5a0a11c63f7746a483dca845c12dcfdf1b2.zip | |
libcli/auth bring ADS_IGNORE_PRINCIPAL in common
| -rw-r--r-- | libcli/auth/spnego.h | 2 | ||||
| -rw-r--r-- | source3/include/smb_krb5.h | 2 | ||||
| -rw-r--r-- | source4/auth/gensec/spnego.c | 3 |
3 files changed, 4 insertions, 3 deletions
diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h index 6aed765492..9a93f2ed52 100644 --- a/libcli/auth/spnego.h +++ b/libcli/auth/spnego.h @@ -25,6 +25,8 @@ #define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2" #define OID_KERBEROS5 "1.2.840.113554.1.2.2" +#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" + #define SPNEGO_DELEG_FLAG 0x01 #define SPNEGO_MUTUAL_FLAG 0x02 #define SPNEGO_REPLAY_FLAG 0x04 diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index 0a6ba79038..64c5136acb 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -4,8 +4,6 @@ #define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ /* this file uses DEPRECATED interfaces! */ -#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" - #if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) #define KRB5_DEPRECATED 1 #else diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 813bf0a730..898dad1e92 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -827,7 +827,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } - if (spnego.negTokenInit.targetPrincipal) { + if (spnego.negTokenInit.targetPrincipal + && strcmp(spnego.negTokenInit.targetPrincipal, ADS_IGNORE_PRINCIPAL) != 0) { DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal)); if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); |