diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-02-03 11:54:32 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-02-16 15:18:43 +0100 |
| commit | eb3e34e965c04d286c31d6951d781a814bf4ab42 (patch) | |
| tree | 100158bc2fc9eca4e19faf630fe933f50ca910c7 /source3/smbd/negprot.c | |
| parent | 2b511f0e9280e0b918265bac8090d79d3c9d5115 (diff) | |
| download | samba-eb3e34e965c04d286c31d6951d781a814bf4ab42.tar.gz samba-eb3e34e965c04d286c31d6951d781a814bf4ab42.tar.bz2 samba-eb3e34e965c04d286c31d6951d781a814bf4ab42.zip | |
s3-smbd Remove unused code now we always have SPNEGO via gensec
This was previously needed because SPNEGO was only available in the AD DC.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/smbd/negprot.c')
| -rw-r--r-- | source3/smbd/negprot.c | 40 |
1 files changed, 4 insertions, 36 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 473b98a8a2..717000a432 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -193,16 +193,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) #ifdef DEVELOPER size_t slen; #endif - const char *OIDs_krb5[] = {OID_KERBEROS5, - OID_KERBEROS5_OLD, - OID_NTLMSSP, - NULL}; - const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL}; struct gensec_security *gensec_security; - sconn->use_gensec_hook = false; - - /* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */ + /* See if we can get an SPNEGO blob */ status = auth_generic_prepare(talloc_tos(), sconn->remote_address, &gensec_security); @@ -213,8 +206,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) NULL, data_blob_null, &blob); /* If we get the list of OIDs, the 'OK' answer * is NT_STATUS_MORE_PROCESSING_REQUIRED */ - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - sconn->use_gensec_hook = true; + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n")); + blob = data_blob_null; } } TALLOC_FREE(gensec_security); @@ -235,32 +229,6 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) */ - if (sconn->use_gensec_hook) { - /* blob initialised above */ - } else if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) { -#if 0 - /* Code for PocketPC client */ - blob = data_blob(guid, 16); -#else - /* Code for standalone WXP client */ - blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE"); -#endif - } else if (!lp_send_spnego_principal()) { - /* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */ - blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL); - } else { - fstring myname; - char *host_princ_s = NULL; - name_to_fqdn(myname, lp_netbios_name()); - strlower_m(myname); - if (asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm()) - == -1) { - return data_blob_null; - } - blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s); - SAFE_FREE(host_princ_s); - } - if (blob.length == 0 || blob.data == NULL) { return data_blob_null; } |