diff options
-rw-r--r-- | source3/libads/sasl.c | 11 | ||||
-rw-r--r-- | source3/libsmb/clikrb5.c | 42 |
2 files changed, 0 insertions, 53 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 7d1fd0d1a8..d1699dbab7 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -42,7 +42,6 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) { return ADS_ERROR_NT(nt_status); } - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) { return ADS_ERROR_NT(nt_status); @@ -283,12 +282,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) ADS_STATUS status; krb5_principal principal; krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; gss_OID_desc nt_principal = {10, CONST_DISCARD(char *, "\052\206\110\206\367\022\001\002\002\002")}; @@ -301,10 +294,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) if (!ADS_ERR_OK(status)) { return status; } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - return status; - } status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, &principal)); if (!ADS_ERR_OK(status)) { return status; diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 4092b4b2b9..0df45f1b4d 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -130,35 +130,6 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context, } #endif -#if !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES) - -#if defined(HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES) - -/* With MIT kerberos, we should use krb5_set_default_tgs_enctypes in preference - * to krb5_set_default_tgs_ktypes. See - * http://lists.samba.org/archive/samba-technical/2006-July/048271.html - * - * If the MIT libraries are not exporting internal symbols, we will end up in - * this branch, which is correct. Otherwise we will continue to use the - * internal symbol - */ - krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) -{ - return krb5_set_default_tgs_enctypes(ctx, enc); -} - -#elif defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) - -/* Heimdal */ - krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) -{ - return krb5_set_default_in_tkt_etypes(ctx, enc); -} - -#endif /* HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES */ - -#endif /* HAVE_KRB5_SET_DEFAULT_TGS_KTYPES */ - #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* HEIMDAL */ void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr) @@ -641,13 +612,6 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, krb5_context context = NULL; krb5_ccache ccdef = NULL; krb5_auth_context auth_context = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES_CBC_CRC, - ENCTYPE_NULL}; initialize_krb5_error_table(); retval = krb5_init_context(&context); @@ -668,12 +632,6 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, goto failed; } - if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) { - DEBUG(1,("cli_krb5_get_ticket: krb5_set_default_tgs_ktypes failed (%s)\n", - error_message(retval))); - goto failed; - } - if ((retval = ads_krb5_mk_req(context, &auth_context, AP_OPTS_USE_SUBKEY | (krb5_flags)extra_ap_opts, |