summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/negprot.c5
-rw-r--r--source3/smbd/server.c4
-rw-r--r--source3/smbd/sesssetup.c14
3 files changed, 18 insertions, 5 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index d8aea624be..1d79cbd5d0 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -200,14 +200,11 @@ static int negprot_spnego(char *p)
if (lp_security() != SEC_ADS) {
blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
} else {
- ADS_STRUCT *ads;
- ads = ads_init_simple();
/* win2000 uses host$@REALM, which we will probably use eventually,
but for now this works */
- asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
+ asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
free(principal);
- ads_destroy(&ads);
}
memcpy(p, blob.data, blob.length);
len = blob.length;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 1eef3d98e8..d173fec00e 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -364,6 +364,10 @@ static BOOL open_sockets_smbd(BOOL is_daemon,const char *smb_ports)
set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
set_socket_options(smbd_server_fd(),user_socket_options);
+ /* this is needed so that we get decent entries
+ in smbstatus for port 445 connects */
+ fstrcpy(remote_machine, get_socket_addr(smbd_server_fd()));
+
/* Reset global variables in util.c so
that client substitutions will be
done correctly in the process. */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index a00554e638..2e9e54b8d9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -122,6 +122,12 @@ static int reply_spnego_kerberos(connection_struct *conn,
ads = ads_init_simple();
+ if (!ads) {
+ return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ }
+
+ ads->auth.realm = strdup(lp_realm());
+
ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(1,("Failed to verify incoming ticket!\n"));
@@ -139,7 +145,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
}
*p = 0;
- if (strcasecmp(p+1, ads->realm) != 0) {
+ if (strcasecmp(p+1, ads->auth.realm) != 0) {
DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
if (!lp_allow_trusted_domains()) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
@@ -379,6 +385,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
uint32 auth_flags = AUTH_FLAG_NONE;
auth_usersupplied_info *user_info = NULL;
auth_serversupplied_info *server_info = NULL;
+ extern fstring remote_machine;
/* we must have setup the auth context by now */
if (!ntlmssp_auth_context) {
@@ -413,6 +420,11 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
DEBUG(3,("Got user=[%s] workgroup=[%s] machine=[%s] len1=%d len2=%d\n",
user, workgroup, machine, lmhash.length, nthash.length));
+ /* the client has given us its machine name (which we otherwise would not get on port 445).
+ we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
+ fstrcpy(remote_machine, machine);
+ reload_services(True);
+
#if 0
file_save("nthash1.dat", nthash.data, nthash.length);
file_save("lmhash1.dat", lmhash.data, lmhash.length);