diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-09-17 09:46:20 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:38:13 -0500 |
commit | f281d7782451efe4211e6e18435ed367c137ea06 (patch) | |
tree | 2a9786a8d3b36046412fe3a6eb5a2a5eacd91fa9 /source4/auth/gensec/gensec.c | |
parent | 7f08aa1dd516dfe0e8a79575ed736e1e09a10f9d (diff) | |
download | samba-f281d7782451efe4211e6e18435ed367c137ea06.tar.gz samba-f281d7782451efe4211e6e18435ed367c137ea06.tar.bz2 samba-f281d7782451efe4211e6e18435ed367c137ea06.zip |
r10291: The patch optionally (off by default, not available in all cases) allows
Samba to use the target principal name supplied in the mechTokenMIC of
an SPNEGO negTokenInit.
This isn't a great idea for security reasons, but is how Samba3 behaves,
and allows kerberos to function more often in some environments. It is
only available for CIFS session setups, due to the ordering of the
exchange.
Andrew Bartlett
(This used to be commit f6a645644127ae695a9f7288e0a469f2eb7f3066)
Diffstat (limited to 'source4/auth/gensec/gensec.c')
-rw-r--r-- | source4/auth/gensec/gensec.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index f0256b9668..21e70e1c0e 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -707,6 +707,15 @@ NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, cons return NT_STATUS_OK; } +const char *gensec_get_target_service(struct gensec_security *gensec_security) +{ + if (gensec_security->target.service) { + return gensec_security->target.service; + } + + return "host"; +} + /** * Set the target hostname (suitable for kerberos resolutation) on a GENSEC context - ensures it is talloc()ed * @@ -731,13 +740,28 @@ const char *gensec_get_target_hostname(struct gensec_security *gensec_security) return NULL; } -const char *gensec_get_target_service(struct gensec_security *gensec_security) +/** + * Set the target principal (assuming it it known, say from the SPNEGO reply) + * - ensures it is talloc()ed + * + */ + +NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) { - if (gensec_security->target.service) { - return gensec_security->target.service; + gensec_security->target.principal = talloc_strdup(gensec_security, principal); + if (!gensec_security->target.principal) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +const char *gensec_get_target_principal(struct gensec_security *gensec_security) +{ + if (gensec_security->target.principal) { + return gensec_security->target.principal; } - return "host"; + return NULL; } /* |