diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-09-22 01:50:58 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:38:39 -0500 |
commit | 51cbc188df03f9ee38599fe5a87ec2608117a845 (patch) | |
tree | e446c68879a08f5c30de72d6029f6d7e2a32880b /source4/lib/credentials.c | |
parent | 3b7f8ddd9a7c0d372a0585790913ac95c9eb3324 (diff) | |
download | samba-51cbc188df03f9ee38599fe5a87ec2608117a845.tar.gz samba-51cbc188df03f9ee38599fe5a87ec2608117a845.tar.bz2 samba-51cbc188df03f9ee38599fe5a87ec2608117a845.zip |
r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
(This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
Diffstat (limited to 'source4/lib/credentials.c')
-rw-r--r-- | source4/lib/credentials.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c index 4650fee1af..045047d358 100644 --- a/source4/lib/credentials.c +++ b/source4/lib/credentials.c @@ -58,23 +58,18 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) * @retval The username set on this context. * @note Return value will never be NULL except by programmer error. */ -const char *cli_credentials_get_username(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) +const char *cli_credentials_get_username(struct cli_credentials *cred) { if (cred->machine_account_pending) { cli_credentials_set_machine_account(cred); } - /* If we have a principal set on this, we want to login with "" domain and user@realm */ - if (cred->username_obtained < cred->principal_obtained) { - return cli_credentials_get_principal(cred, mem_ctx); - } - if (cred->username_obtained == CRED_CALLBACK) { cred->username = cred->username_cb(cred); cred->username_obtained = CRED_SPECIFIED; } - return talloc_reference(mem_ctx, cred->username); + return cred->username; } BOOL cli_credentials_set_username(struct cli_credentials *cred, @@ -122,10 +117,12 @@ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_C if (cred->principal_obtained < cred->username_obtained) { if (cred->domain_obtained > cred->realm_obtained) { - return NULL; + return talloc_asprintf(mem_ctx, "%s@%s", + cli_credentials_get_username(cred), + cli_credentials_get_domain(cred)); } else { return talloc_asprintf(mem_ctx, "%s@%s", - cli_credentials_get_username(cred, mem_ctx), + cli_credentials_get_username(cred), cli_credentials_get_realm(cred)); } } @@ -283,7 +280,6 @@ int cli_credentials_set_from_ccache(struct cli_credentials *cred, realm = krb5_princ_realm(cred->ccache->smb_krb5_context->krb5_context, princ); - cli_credentials_set_realm(cred, *realm, obtained); cli_credentials_set_principal(cred, name, obtained); free(name); @@ -466,11 +462,6 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred) cli_credentials_set_machine_account(cred); } - /* If we have a principal set on this, we want to login with "" domain and user@realm */ - if (cred->domain_obtained < cred->principal_obtained) { - return ""; - } - if (cred->domain_obtained == CRED_CALLBACK) { cred->domain = cred->domain_cb(cred); cred->domain_obtained = CRED_SPECIFIED; @@ -505,6 +496,19 @@ BOOL cli_credentials_set_domain_callback(struct cli_credentials *cred, return False; } +void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, + const char **username, + const char **domain) +{ + if (cred->principal_obtained > cred->username_obtained) { + *domain = talloc_strdup(mem_ctx, ""); + *username = cli_credentials_get_principal(cred, mem_ctx); + } else { + *domain = cli_credentials_get_domain(cred); + *username = cli_credentials_get_username(cred); + } +} + /** * Obtain the Kerberos realm for this credentials context. * @param cred credentials context @@ -1028,7 +1032,7 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred) BOOL cli_credentials_is_anonymous(struct cli_credentials *cred) { TALLOC_CTX *tmp_ctx = talloc_new(cred); - const char *username = cli_credentials_get_username(cred, tmp_ctx); + const char *username = cli_credentials_get_username(cred); /* Yes, it is deliberate that we die if we have a NULL pointer * here - anonymous is "", not NULL, which is 'never specified, |