summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-11-29 06:21:56 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-11-29 06:21:56 +0000
commitfe64484824d8169bf66822ebf7f6a9180a238e6e (patch)
treedcb44452ab1e776819dd695df8063bda603c212c /source3/smbd/sesssetup.c
parentff27a326f17223cba12b7e0b41ec84aad8238385 (diff)
downloadsamba-fe64484824d8169bf66822ebf7f6a9180a238e6e.tar.gz
samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.tar.bz2
samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.zip
Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
Diffstat (limited to 'source3/smbd/sesssetup.c')
-rw-r--r--source3/smbd/sesssetup.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 863a509042..35155c0dec 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -74,23 +74,25 @@ static int reply_spnego_kerberos(connection_struct *conn,
DATA_BLOB *secblob)
{
DATA_BLOB ticket;
- char *realm, *client, *p;
+ char *client, *p;
const struct passwd *pw;
char *user;
int sess_vuid;
NTSTATUS ret;
DATA_BLOB auth_data;
auth_serversupplied_info *server_info = NULL;
-
- realm = lp_realm();
+ ADS_STRUCT *ads;
if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- ret = ads_verify_ticket(&ticket, &client, &auth_data);
+ ads = ads_init(NULL, NULL, NULL);
+
+ ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(1,("Failed to verify incoming ticket!\n"));
+ DEBUG(1,("Failed to verify incoming ticket!\n"));
+ ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -99,15 +101,18 @@ static int reply_spnego_kerberos(connection_struct *conn,
p = strchr_m(client, '@');
if (!p) {
DEBUG(3,("Doesn't look like a valid principal\n"));
+ ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
*p = 0;
- if (strcasecmp(p+1, realm) != 0) {
+ if (strcasecmp(p+1, ads->realm) != 0) {
DEBUG(3,("Ticket for incorrect realm %s\n", p+1));
+ ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
-
+ ads_destroy(&ads);
+
user = client;
/* the password is good - let them in */
generated by cgit (git 2.34.1) at 2024-08-07 09:35:25 +0000