diff options
| author | Jeremy Allison <jra@samba.org> | 2005-01-24 20:21:15 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:10 -0500 |
| commit | c24c328a9e006473f4dba49fdf1842fb28952ec7 (patch) | |
| tree | 43fee66886e5699d379784db1267bc5433fefd17 | |
| parent | d1b7d109fa2b0c4a4b410ecf18b2f457cf90fcf5 (diff) | |
| download | samba-c24c328a9e006473f4dba49fdf1842fb28952ec7.tar.gz samba-c24c328a9e006473f4dba49fdf1842fb28952ec7.tar.bz2 samba-c24c328a9e006473f4dba49fdf1842fb28952ec7.zip | |
r4970: Fix for bug 2092, allowing fallback after kerberos and allow
gnome vfs to prevent auto-anonymous logon.
Jeremy.
(This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
| -rw-r--r-- | source3/include/client.h | 1 | ||||
| -rw-r--r-- | source3/include/libsmbclient.h | 6 | ||||
| -rw-r--r-- | source3/libsmb/cliconnect.c | 8 | ||||
| -rw-r--r-- | source3/libsmb/libsmbclient.c | 12 |
4 files changed, 23 insertions, 4 deletions
diff --git a/source3/include/client.h b/source3/include/client.h index c182544362..8ae8faf90d 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -144,6 +144,7 @@ struct cli_state { uint16 max_recv_frag; BOOL use_kerberos; + BOOL fallback_after_kerberos; BOOL use_spnego; BOOL use_oplocks; /* should we use oplocks? */ diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h index aaa19cb191..efb04285a7 100644 --- a/source3/include/libsmbclient.h +++ b/source3/include/libsmbclient.h @@ -455,9 +455,15 @@ struct _SMBCCTX { * do _NOT_ touch this from your program ! */ struct smbc_internal_data * internal; + + int flags; }; +/* Flags for SMBCCTX->flags */ +#define SMB_CTX_FLAG_USE_KERBEROS (1 << 0) +#define SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS (1 << 1) +#define SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON (1 << 2) /* don't try to do automatic anon login */ /**@ingroup misc * Create a new SBMCCTX (a context). diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 659e124292..bffe9dfe8a 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -757,13 +757,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, if (ret){ SAFE_FREE(principal); DEBUG(0, ("Kinit failed: %s\n", error_message(ret))); + if (cli->fallback_after_kerberos) + goto ntlmssp; return ADS_ERROR_KRB5(ret); } } rc = cli_session_setup_kerberos(cli, principal, domain); - SAFE_FREE(principal); - return rc; + if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) { + SAFE_FREE(principal); + return rc; + } } #endif diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index df9c4ddcad..8eeadc8a78 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -584,6 +584,13 @@ SMBCSRV *smbc_server(SMBCCTX *context, return NULL; } + if (context->flags & SMB_CTX_FLAG_USE_KERBEROS) { + c.use_kerberos = True; + } + if (context->flags & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS) { + c.fallback_after_kerberos = True; + } + c.timeout = context->timeout; /* Force use of port 139 for first try, so browse lists can work */ @@ -648,8 +655,9 @@ SMBCSRV *smbc_server(SMBCCTX *context, password, strlen(password), password, strlen(password), workgroup) && - /* try an anonymous login if it failed */ - !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) { + /* Try an anonymous login if it failed and this was allowed by flags. */ + ((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) || + !cli_session_setup(&c, "", "", 1,"", 0, workgroup))) { cli_shutdown(&c); errno = EPERM; return NULL; |