summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-09-28 18:15:34 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:31:03 -0500
commit5221ebb299081da6a806362212c6a8ceb9cc70a8 (patch)
tree40822494127c0bebd85a6db2c27115e923e91ae8 /source3/libsmb
parent58a9621904f0334d8f5a1f34e2dfd95409e7c68d (diff)
downloadsamba-5221ebb299081da6a806362212c6a8ceb9cc70a8.tar.gz
samba-5221ebb299081da6a806362212c6a8ceb9cc70a8.tar.bz2
samba-5221ebb299081da6a806362212c6a8ceb9cc70a8.zip
r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c38
-rw-r--r--source3/libsmb/clispnego.c19
-rw-r--r--source3/libsmb/namequery.c29
-rw-r--r--source3/libsmb/trusts_util.c2
4 files changed, 11 insertions, 77 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index a4bbf9a6ec..820a904ea4 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -822,36 +822,20 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
free(OIDs[i]);
}
+ DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
if (got_kerberos_mechanism && (principal == NULL)) {
- fstring dns_name;
- fstring nb_name;
-
/*
- * We didn't get a valid principal in the negTokenInit. Fake
- * it, or fall back on NTLM. We prefer to fake it, and hit the
- * translate_name cache to get a REAL realm name.
- */
- if (!(cli->desthost && translate_name(domain, dns_name,
- nb_name) &&
- asprintf(&principal, "host/%s@%s", cli->desthost,
- dns_name))) {
-
- /*
- * It is WRONG to depend on the principal sent in the
- * negprot reply, but right now we do it. So for safety
- * (don't segfault later) disable Kerberos when no
- * principal was sent. -- VL
- */
- DEBUG(1, ("Kerberos mech was offered, but no principal was "
- "sent, disabling Kerberos\n"));
- cli->use_kerberos = False;
- }
-
+ * It is WRONG to depend on the principal sent in the negprot
+ * reply, but right now we do it. So for safety (don't
+ * segfault later) disable Kerberos when no principal was
+ * sent. -- VL
+ */
+ DEBUG(1, ("Kerberos mech was offered, but no principal was "
+ "sent, disabling Kerberos\n"));
+ cli->use_kerberos = False;
}
- DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
-
fstrcpy(cli->user_name, user);
#ifdef HAVE_KRB5
@@ -888,9 +872,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
ntlmssp:
- /* NTLM is sensitive to adding a domain with a UPN */
- return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass,
- (strchr(user, '@') ? NULL : domain)));
+ return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain));
}
/****************************************************************************
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index c45883d890..9432ce81d3 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -52,18 +52,7 @@ DATA_BLOB spnego_gen_negTokenInit(char guid[16],
asn1_push_tag(&data, ASN1_CONTEXT(3));
asn1_push_tag(&data, ASN1_SEQUENCE(0));
asn1_push_tag(&data, ASN1_CONTEXT(0));
-
- /*
- * @todo
- * Windows 2008 sends a bogus principal, since this
- * is not truly supported in the SPNEGO protocol.
- *
- * We should do the same, but I'm worried this will break things,
- * such as DFS.
- * todd.stecher@isilon.com
- */
asn1_write_GeneralString(&data,principal);
-
asn1_pop_tag(&data);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
@@ -165,14 +154,6 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_start_tag(&data, ASN1_SEQUENCE(0));
asn1_start_tag(&data, ASN1_CONTEXT(0));
asn1_read_GeneralString(&data,principal);
- /*
- * Windows 2008 sends a bogus principal, since this
- * is not truly supported in the SPNEGO protocol.
- * todd.stecher@isilon.com
- */
- if (strcmp(ADS_IGNORE_PRINCIPAL, *principal) == 0)
- SAFE_FREE(*principal);
-
asn1_end_tag(&data);
asn1_end_tag(&data);
asn1_end_tag(&data);
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 4a7ae0c2e5..49e3375f50 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -1714,32 +1714,3 @@ NTSTATUS get_kdc_list( const char *realm, const char *sitename, struct ip_servic
return NT_STATUS_OK;
}
-
-
-BOOL translate_name(const char *realm, fstring dns_domain_name,
- fstring nb_domain_name)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS wb_result;
-
- /* Call winbindd */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.domain_name, realm);
- wb_result = winbindd_request_response(WINBINDD_DOMAIN_INFO,
- &request, &response);
-
- if (wb_result != NSS_STATUS_SUCCESS) {
- DEBUG(0, ("Failed to translate %s\n", realm));
- return False;
- }
-
- fstrcpy(dns_domain_name, response.data.domain_info.alt_name);
- fstrcpy(nb_domain_name, response.data.domain_info.name);
-
- return True;
-
-}
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 4a231dcd15..0922f9f41e 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
already have valid creds. If not we must set them up. */
if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
- uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
cli->cli->desthost, /* server name */