diff options
| author | Gerald Carter <jerry@samba.org> | 2007-09-28 18:15:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:31:03 -0500 |
| commit | 5221ebb299081da6a806362212c6a8ceb9cc70a8 (patch) | |
| tree | 40822494127c0bebd85a6db2c27115e923e91ae8 /source3/libsmb/cliconnect.c | |
| parent | 58a9621904f0334d8f5a1f34e2dfd95409e7c68d (diff) | |
| download | samba-5221ebb299081da6a806362212c6a8ceb9cc70a8.tar.gz samba-5221ebb299081da6a806362212c6a8ceb9cc70a8.tar.bz2 samba-5221ebb299081da6a806362212c6a8ceb9cc70a8.zip | |
r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
Diffstat (limited to 'source3/libsmb/cliconnect.c')
| -rw-r--r-- | source3/libsmb/cliconnect.c | 38 |
1 files changed, 10 insertions, 28 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index a4bbf9a6ec..820a904ea4 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -822,36 +822,20 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, free(OIDs[i]); } + DEBUG(3,("got principal=%s\n", principal ? principal : "<null>")); if (got_kerberos_mechanism && (principal == NULL)) { - fstring dns_name; - fstring nb_name; - /* - * We didn't get a valid principal in the negTokenInit. Fake - * it, or fall back on NTLM. We prefer to fake it, and hit the - * translate_name cache to get a REAL realm name. - */ - if (!(cli->desthost && translate_name(domain, dns_name, - nb_name) && - asprintf(&principal, "host/%s@%s", cli->desthost, - dns_name))) { - - /* - * It is WRONG to depend on the principal sent in the - * negprot reply, but right now we do it. So for safety - * (don't segfault later) disable Kerberos when no - * principal was sent. -- VL - */ - DEBUG(1, ("Kerberos mech was offered, but no principal was " - "sent, disabling Kerberos\n")); - cli->use_kerberos = False; - } - + * It is WRONG to depend on the principal sent in the negprot + * reply, but right now we do it. So for safety (don't + * segfault later) disable Kerberos when no principal was + * sent. -- VL + */ + DEBUG(1, ("Kerberos mech was offered, but no principal was " + "sent, disabling Kerberos\n")); + cli->use_kerberos = False; } - DEBUG(3,("got principal=%s\n", principal ? principal : "<null>")); - fstrcpy(cli->user_name, user); #ifdef HAVE_KRB5 @@ -888,9 +872,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, ntlmssp: - /* NTLM is sensitive to adding a domain with a UPN */ - return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, - (strchr(user, '@') ? NULL : domain))); + return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain)); } /**************************************************************************** |