diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/globals.h | 3 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 40 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 7 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 6 |
4 files changed, 7 insertions, 49 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 24c17cae9f..9a5823de3e 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -466,9 +466,6 @@ struct smbd_server_connection { unsigned long file_gen_counter; int first_file; - /* Try GENSEC hook */ - bool use_gensec_hook; - /* number of open connections (tcons) */ int num_tcons_open; diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 473b98a8a2..717000a432 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -193,16 +193,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) #ifdef DEVELOPER size_t slen; #endif - const char *OIDs_krb5[] = {OID_KERBEROS5, - OID_KERBEROS5_OLD, - OID_NTLMSSP, - NULL}; - const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL}; struct gensec_security *gensec_security; - sconn->use_gensec_hook = false; - - /* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */ + /* See if we can get an SPNEGO blob */ status = auth_generic_prepare(talloc_tos(), sconn->remote_address, &gensec_security); @@ -213,8 +206,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) NULL, data_blob_null, &blob); /* If we get the list of OIDs, the 'OK' answer * is NT_STATUS_MORE_PROCESSING_REQUIRED */ - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - sconn->use_gensec_hook = true; + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n")); + blob = data_blob_null; } } TALLOC_FREE(gensec_security); @@ -235,32 +229,6 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) */ - if (sconn->use_gensec_hook) { - /* blob initialised above */ - } else if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) { -#if 0 - /* Code for PocketPC client */ - blob = data_blob(guid, 16); -#else - /* Code for standalone WXP client */ - blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE"); -#endif - } else if (!lp_send_spnego_principal()) { - /* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */ - blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL); - } else { - fstring myname; - char *host_princ_s = NULL; - name_to_fqdn(myname, lp_netbios_name()); - strlower_m(myname); - if (asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm()) - == -1) { - return data_blob_null; - } - blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s); - SAFE_FREE(host_princ_s); - } - if (blob.length == 0 || blob.data == NULL) { return data_blob_null; } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index c93ab7904e..1741f4ff90 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -228,12 +228,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_SESSION_KEY); gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_UNIX_TOKEN); - if (sconn->use_gensec_hook) { - status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO); - } else { - status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_NTLMSSP); - } + status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO); if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to start SPNEGO handler!\n")); /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); reply_nterror(req, nt_status_squash(status)); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 1a6f7697ff..c94d016c0f 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -235,11 +235,7 @@ static NTSTATUS smbd_smb2_auth_generic(struct smbd_smb2_session *session, gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY); gensec_want_feature(session->gensec_security, GENSEC_FEATURE_UNIX_TOKEN); - if (session->sconn->use_gensec_hook) { - status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO); - } else { - status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_NTLMSSP); - } + status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(session); return status; |