summaryrefslogtreecommitdiff
path: root/source4/lib/credentials.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-09-22 01:50:58 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:38:39 -0500
commit51cbc188df03f9ee38599fe5a87ec2608117a845 (patch)
treee446c68879a08f5c30de72d6029f6d7e2a32880b /source4/lib/credentials.c
parent3b7f8ddd9a7c0d372a0585790913ac95c9eb3324 (diff)
downloadsamba-51cbc188df03f9ee38599fe5a87ec2608117a845.tar.gz
samba-51cbc188df03f9ee38599fe5a87ec2608117a845.tar.bz2
samba-51cbc188df03f9ee38599fe5a87ec2608117a845.zip
r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
Diffstat (limited to 'source4/lib/credentials.c')
-rw-r--r--source4/lib/credentials.c36
1 files changed, 20 insertions, 16 deletions
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index 4650fee1af..045047d358 100644
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -58,23 +58,18 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
* @retval The username set on this context.
* @note Return value will never be NULL except by programmer error.
*/
-const char *cli_credentials_get_username(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
+const char *cli_credentials_get_username(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred);
}
- /* If we have a principal set on this, we want to login with "" domain and user@realm */
- if (cred->username_obtained < cred->principal_obtained) {
- return cli_credentials_get_principal(cred, mem_ctx);
- }
-
if (cred->username_obtained == CRED_CALLBACK) {
cred->username = cred->username_cb(cred);
cred->username_obtained = CRED_SPECIFIED;
}
- return talloc_reference(mem_ctx, cred->username);
+ return cred->username;
}
BOOL cli_credentials_set_username(struct cli_credentials *cred,
@@ -122,10 +117,12 @@ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_C
if (cred->principal_obtained < cred->username_obtained) {
if (cred->domain_obtained > cred->realm_obtained) {
- return NULL;
+ return talloc_asprintf(mem_ctx, "%s@%s",
+ cli_credentials_get_username(cred),
+ cli_credentials_get_domain(cred));
} else {
return talloc_asprintf(mem_ctx, "%s@%s",
- cli_credentials_get_username(cred, mem_ctx),
+ cli_credentials_get_username(cred),
cli_credentials_get_realm(cred));
}
}
@@ -283,7 +280,6 @@ int cli_credentials_set_from_ccache(struct cli_credentials *cred,
realm = krb5_princ_realm(cred->ccache->smb_krb5_context->krb5_context, princ);
- cli_credentials_set_realm(cred, *realm, obtained);
cli_credentials_set_principal(cred, name, obtained);
free(name);
@@ -466,11 +462,6 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred)
cli_credentials_set_machine_account(cred);
}
- /* If we have a principal set on this, we want to login with "" domain and user@realm */
- if (cred->domain_obtained < cred->principal_obtained) {
- return "";
- }
-
if (cred->domain_obtained == CRED_CALLBACK) {
cred->domain = cred->domain_cb(cred);
cred->domain_obtained = CRED_SPECIFIED;
@@ -505,6 +496,19 @@ BOOL cli_credentials_set_domain_callback(struct cli_credentials *cred,
return False;
}
+void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
+ const char **username,
+ const char **domain)
+{
+ if (cred->principal_obtained > cred->username_obtained) {
+ *domain = talloc_strdup(mem_ctx, "");
+ *username = cli_credentials_get_principal(cred, mem_ctx);
+ } else {
+ *domain = cli_credentials_get_domain(cred);
+ *username = cli_credentials_get_username(cred);
+ }
+}
+
/**
* Obtain the Kerberos realm for this credentials context.
* @param cred credentials context
@@ -1028,7 +1032,7 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred)
BOOL cli_credentials_is_anonymous(struct cli_credentials *cred)
{
TALLOC_CTX *tmp_ctx = talloc_new(cred);
- const char *username = cli_credentials_get_username(cred, tmp_ctx);
+ const char *username = cli_credentials_get_username(cred);
/* Yes, it is deliberate that we die if we have a NULL pointer
* here - anonymous is "", not NULL, which is 'never specified,