summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-11-29 06:21:56 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-11-29 06:21:56 +0000
commitfe64484824d8169bf66822ebf7f6a9180a238e6e (patch)
treedcb44452ab1e776819dd695df8063bda603c212c /source3/smbd
parentff27a326f17223cba12b7e0b41ec84aad8238385 (diff)
downloadsamba-fe64484824d8169bf66822ebf7f6a9180a238e6e.tar.gz
samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.tar.bz2
samba-fe64484824d8169bf66822ebf7f6a9180a238e6e.zip
Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/negprot.c22
-rw-r--r--source3/smbd/sesssetup.c19
2 files changed, 25 insertions, 16 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 9a03e1ba96..78d4da3a75 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -184,15 +184,19 @@ static int negprot_spnego(char *p)
return 16;
}
#endif
-
- /* win2000 uses host$@REALM, which we will probably use eventually,
- but for now this works */
- asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
- blob = spnego_gen_negTokenInit(guid,
- lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain,
- principal);
- free(principal);
-
+ {
+ ADS_STRUCT *ads;
+ ads = ads_init(NULL, NULL, NULL);
+
+ /* win2000 uses host$@REALM, which we will probably use eventually,
+ but for now this works */
+ asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
+ blob = spnego_gen_negTokenInit(guid,
+ lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain,
+ principal);
+ free(principal);
+ ads_destroy(&ads);
+ }
memcpy(p, blob.data, blob.length);
len = blob.length;
data_blob_free(&blob);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 863a509042..35155c0dec 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -74,23 +74,25 @@ static int reply_spnego_kerberos(connection_struct *conn,
DATA_BLOB *secblob)
{
DATA_BLOB ticket;
- char *realm, *client, *p;
+ char *client, *p;
const struct passwd *pw;
char *user;
int sess_vuid;
NTSTATUS ret;
DATA_BLOB auth_data;
auth_serversupplied_info *server_info = NULL;
-
- realm = lp_realm();
+ ADS_STRUCT *ads;
if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- ret = ads_verify_ticket(&ticket, &client, &auth_data);
+ ads = ads_init(NULL, NULL, NULL);
+
+ ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(1,("Failed to verify incoming ticket!\n"));
+ DEBUG(1,("Failed to verify incoming ticket!\n"));
+ ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
@@ -99,15 +101,18 @@ static int reply_spnego_kerberos(connection_struct *conn,
p = strchr_m(client, '@');
if (!p) {
DEBUG(3,("Doesn't look like a valid principal\n"));
+ ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
*p = 0;
- if (strcasecmp(p+1, realm) != 0) {
+ if (strcasecmp(p+1, ads->realm) != 0) {
DEBUG(3,("Ticket for incorrect realm %s\n", p+1));
+ ads_destroy(&ads);
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
-
+ ads_destroy(&ads);
+
user = client;
/* the password is good - let them in */