diff options
author | Gerald Carter <jerry@samba.org> | 2005-06-08 14:57:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:57:08 -0500 |
commit | dacdfbc98ccb533626058745f4aacef0b0b36286 (patch) | |
tree | 3dff4571c0c2d4bec3ac86d2b4a5065b6504a3f1 /source3/smbd | |
parent | 0da9b4b336a24c184f097b46a46ffd9585f4a710 (diff) | |
download | samba-dacdfbc98ccb533626058745f4aacef0b0b36286.tar.gz samba-dacdfbc98ccb533626058745f4aacef0b0b36286.tar.bz2 samba-dacdfbc98ccb533626058745f4aacef0b0b36286.zip |
r7398: commiting abartlet's patch for kerberos authentication when using a keytab and security != ads
(This used to be commit 3faaa5c3eb3b2057984586e069a47cb210c99140)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/negprot.c | 13 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 2 |
2 files changed, 9 insertions, 6 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 054afac683..d4f0167a5f 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -178,7 +178,6 @@ static int negprot_spnego(char *p) OID_NTLMSSP, NULL}; const char *OIDs_plain[] = {OID_NTLMSSP, NULL}; - char *principal; int len; global_spnego_negotiated = True; @@ -211,12 +210,16 @@ static int negprot_spnego(char *p) return 16; } #endif - if (lp_security() != SEC_ADS) { + if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) { blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE"); } else { - asprintf(&principal, "%s$@%s", guid, lp_realm()); - blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal); - free(principal); + fstring myname; + char *host_princ_s = NULL; + name_to_fqdn(myname, global_myname()); + strlower_m(myname); + asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm()); + blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s); + SAFE_FREE(host_princ_s); } memcpy(p, blob.data, blob.length); len = blob.length; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 5808de9788..3b33db24e8 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -468,7 +468,7 @@ static int reply_spnego_negotiate(connection_struct *conn, DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length)); #ifdef HAVE_KRB5 - if (got_kerberos_mechanism && (SEC_ADS == lp_security())) { + if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || lp_use_kerberos_keytab()) ) { int ret = reply_spnego_kerberos(conn, inbuf, outbuf, length, bufsize, &secblob); data_blob_free(&secblob); |