diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2001-11-29 06:21:56 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2001-11-29 06:21:56 +0000 |
| commit | fe64484824d8169bf66822ebf7f6a9180a238e6e (patch) | |
| tree | dcb44452ab1e776819dd695df8063bda603c212c /source3/smbd | |
| parent | ff27a326f17223cba12b7e0b41ec84aad8238385 (diff) | |
| download | samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.tar.gz samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.tar.bz2 samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.zip | |
Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
(This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/negprot.c | 22 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 19 |
2 files changed, 25 insertions, 16 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 9a03e1ba96..78d4da3a75 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -184,15 +184,19 @@ static int negprot_spnego(char *p) return 16; } #endif - - /* win2000 uses host$@REALM, which we will probably use eventually, - but for now this works */ - asprintf(&principal, "HOST/%s@%s", guid, lp_realm()); - blob = spnego_gen_negTokenInit(guid, - lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain, - principal); - free(principal); - + { + ADS_STRUCT *ads; + ads = ads_init(NULL, NULL, NULL); + + /* win2000 uses host$@REALM, which we will probably use eventually, + but for now this works */ + asprintf(&principal, "HOST/%s@%s", guid, ads->realm); + blob = spnego_gen_negTokenInit(guid, + lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain, + principal); + free(principal); + ads_destroy(&ads); + } memcpy(p, blob.data, blob.length); len = blob.length; data_blob_free(&blob); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 863a509042..35155c0dec 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -74,23 +74,25 @@ static int reply_spnego_kerberos(connection_struct *conn, DATA_BLOB *secblob) { DATA_BLOB ticket; - char *realm, *client, *p; + char *client, *p; const struct passwd *pw; char *user; int sess_vuid; NTSTATUS ret; DATA_BLOB auth_data; auth_serversupplied_info *server_info = NULL; - - realm = lp_realm(); + ADS_STRUCT *ads; if (!spnego_parse_krb5_wrap(*secblob, &ticket)) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - ret = ads_verify_ticket(&ticket, &client, &auth_data); + ads = ads_init(NULL, NULL, NULL); + + ret = ads_verify_ticket(ads, &ticket, &client, &auth_data); if (!NT_STATUS_IS_OK(ret)) { - DEBUG(1,("Failed to verify incoming ticket!\n")); + DEBUG(1,("Failed to verify incoming ticket!\n")); + ads_destroy(&ads); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -99,15 +101,18 @@ static int reply_spnego_kerberos(connection_struct *conn, p = strchr_m(client, '@'); if (!p) { DEBUG(3,("Doesn't look like a valid principal\n")); + ads_destroy(&ads); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } *p = 0; - if (strcasecmp(p+1, realm) != 0) { + if (strcasecmp(p+1, ads->realm) != 0) { DEBUG(3,("Ticket for incorrect realm %s\n", p+1)); + ads_destroy(&ads); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - + ads_destroy(&ads); + user = client; /* the password is good - let them in */ |