summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/gensec/gensec_gssapi.c36
1 files changed, 22 insertions, 14 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 8fcada2352..86ecb604ae 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -155,7 +155,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
NTSTATUS nt_status;
OM_uint32 maj_stat, min_stat;
int ret;
- gss_buffer_desc name_token;
+ const char *principal;
struct gensec_gssapi_state *gensec_gssapi_state;
struct cli_credentials *machine_account;
@@ -179,12 +179,15 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
}
}
- name_token.value = cli_credentials_get_principal(machine_account,
- machine_account);
+ principal = cli_credentials_get_principal(machine_account,
+ machine_account);
/* This might have been explicity set to NULL, ie use what the client calls us */
- if (name_token.value) {
- name_token.length = strlen(name_token.value);
+ if (principal) {
+ gss_buffer_desc name_token;
+
+ name_token.value = discard_const_p(uint8_t, principal);
+ name_token.length = strlen(principal);
maj_stat = gss_import_name (&min_stat,
&name_token,
@@ -260,9 +263,10 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
return NT_STATUS_UNSUCCESSFUL;
}
- name_token.value = cli_credentials_get_principal(creds,
- gensec_gssapi_state);
- name_token.length = strlen(name_token.value);
+ principal = cli_credentials_get_principal(creds,
+ gensec_gssapi_state);
+ name_token.value = discard_const_p(uint8_t, principal);
+ name_token.length = strlen(principal);
maj_stat = gss_import_name (&min_stat,
&name_token,
@@ -277,14 +281,18 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
principal = gensec_get_target_principal(gensec_security);
if (principal && lp_client_use_spnego_principal()) {
- name_token.value = gensec_get_target_principal(gensec_security);
- name_token.length = strlen(name_token.value);
+ name_token.value = discard_const_p(uint8_t, principal);
+ name_token.length = strlen(principal);
+
name_type = GSS_C_NULL_OID;
} else {
- name_token.value = talloc_asprintf(gensec_gssapi_state, "%s@%s",
- gensec_get_target_service(gensec_security),
- hostname);
- name_token.length = strlen(name_token.value);
+ principal = talloc_asprintf(gensec_gssapi_state, "%s@%s",
+ gensec_get_target_service(gensec_security),
+ hostname);
+
+ name_token.value = discard_const_p(uint8_t, principal);
+ name_token.length = strlen(principal);
+
name_type = GSS_C_NT_HOSTBASED_SERVICE;
}