summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2006-10-02 12:54:49 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:15:05 -0500
commiteb00981fc363a104d43dba75a8d18cc02421bbf8 (patch)
treec530a87df54b1c89285f39b0f1e2b1728e112a51 /source3
parentc25f331cf9370a461487bf99cb661aa0148e078e (diff)
downloadsamba-eb00981fc363a104d43dba75a8d18cc02421bbf8.tar.gz
samba-eb00981fc363a104d43dba75a8d18cc02421bbf8.tar.bz2
samba-eb00981fc363a104d43dba75a8d18cc02421bbf8.zip
r19041: Make us connect to Vista RC1. Apparently metze had done the same patch some
weeks ago. We have some work before us, when in AD mode Vista sends "not_defined_in_RFC4178@please_ignore" as the principal..... Volker (This used to be commit af85d8ec02b36b765ceadf0a342c7eda2410034b)
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/cliconnect.c15
-rw-r--r--source3/libsmb/clispnego.c17
2 files changed, 24 insertions, 8 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 6e6f7a5ebe..983d9012f0 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -762,7 +762,20 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
#endif
free(OIDs[i]);
}
- DEBUG(3,("got principal=%s\n", principal));
+
+ DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
+
+ if (got_kerberos_mechanism && (principal == NULL)) {
+ /*
+ * It is WRONG to depend on the principal sent in the negprot
+ * reply, but right now we do it. So for safety (don't
+ * segfault later) disable Kerberos when no principal was
+ * sent. -- VL
+ */
+ DEBUG(1, ("Kerberos mech was offered, but no principal was sent\n"));
+ DEBUGADD(1, ("Disabling Kerberos\n"));
+ cli->use_kerberos = False;
+ }
fstrcpy(cli->user_name, user);
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index fedf7e5c6e..a01c009b6e 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -149,13 +149,16 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
asn1_end_tag(&data);
asn1_end_tag(&data);
- asn1_start_tag(&data, ASN1_CONTEXT(3));
- asn1_start_tag(&data, ASN1_SEQUENCE(0));
- asn1_start_tag(&data, ASN1_CONTEXT(0));
- asn1_read_GeneralString(&data,principal);
- asn1_end_tag(&data);
- asn1_end_tag(&data);
- asn1_end_tag(&data);
+ *principal = NULL;
+ if (asn1_tag_remaining(&data) > 0) {
+ asn1_start_tag(&data, ASN1_CONTEXT(3));
+ asn1_start_tag(&data, ASN1_SEQUENCE(0));
+ asn1_start_tag(&data, ASN1_CONTEXT(0));
+ asn1_read_GeneralString(&data,principal);
+ asn1_end_tag(&data);
+ asn1_end_tag(&data);
+ asn1_end_tag(&data);
+ }
asn1_end_tag(&data);
asn1_end_tag(&data);