summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/sesssetup.c40
1 files changed, 18 insertions, 22 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 3cac6f338b..7f9a09c79b 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -40,7 +40,8 @@ static int reply_spnego_kerberos(connection_struct *conn,
krb5_ticket *tkt = NULL;
int ret;
char *realm, *client, *p;
- fstring service;
+ fstring hostname;
+ char *principle;
extern pstring global_myname;
const struct passwd *pw;
char *user;
@@ -55,35 +56,24 @@ static int reply_spnego_kerberos(connection_struct *conn,
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- /* the service is the wins name lowercase with $ tacked on */
- fstrcpy(service, global_myname);
- strlower(service);
- fstrcat(service, "$");
-
+ fstrcpy(hostname, global_myname);
+ strlower(hostname);
+ asprintf(&principle, "HOST/%s@%s", hostname, realm);
+
ret = krb5_init_context(&context);
if (ret) {
DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
-#if 0
- ret = krb5_build_principal(context, &server, strlen(realm),
- realm, "HOST", "blu", NULL);
-#else
- ret = krb5_build_principal(context, &server, strlen(realm),
- realm, service, NULL);
-#endif
- krb5_princ_type(context, server) = KRB5_NT_PRINCIPAL;
-
+ ret = krb5_parse_name(context, principle, &server);
if (ret) {
- DEBUG(1,("krb5_build_principal failed (%s)\n", error_message(ret)));
+ DEBUG(1,("krb5_parse_name(%s) failed (%s)\n",
+ principle, error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
-#if 0
- chdir("/home/tridge");
- file_save("ticket.dat", ticket.data, ticket.length);
-#endif
+ free(principle);
packet.length = ticket.length;
packet.data = (krb5_pointer)ticket.data;
@@ -437,6 +427,8 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,cha
extern uint32 global_client_caps;
int ret;
+ DEBUG(3,("Doing spego session setup\n"));
+
if (global_client_caps == 0) {
global_client_caps = IVAL(inbuf,smb_vwv10);
}
@@ -509,9 +501,13 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
extern int max_send;
BOOL doencrypt = global_encrypted_passwords_negotiated;
START_PROFILE(SMBsesssetupX);
+
+ DEBUG(3,("wct=%d flg2=0x%x\n", CVAL(inbuf, smb_wct), SVAL(inbuf, smb_flg2)));
- if (SVAL(inbuf, smb_wct) == 12) {
- /* it's a SPNEGO session setup */
+ /* a SPNEGO session setup has 12 command words, whereas a normal
+ NT1 session setup has 13. See the cifs spec. */
+ if (CVAL(inbuf, smb_wct) == 12 &&
+ (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize);
}