summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/globals.h3
-rw-r--r--source3/smbd/negprot.c40
-rw-r--r--source3/smbd/sesssetup.c7
-rw-r--r--source3/smbd/smb2_sesssetup.c6
4 files changed, 7 insertions, 49 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 24c17cae9f..9a5823de3e 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -466,9 +466,6 @@ struct smbd_server_connection {
unsigned long file_gen_counter;
int first_file;
- /* Try GENSEC hook */
- bool use_gensec_hook;
-
/* number of open connections (tcons) */
int num_tcons_open;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 473b98a8a2..717000a432 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -193,16 +193,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
#ifdef DEVELOPER
size_t slen;
#endif
- const char *OIDs_krb5[] = {OID_KERBEROS5,
- OID_KERBEROS5_OLD,
- OID_NTLMSSP,
- NULL};
- const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
struct gensec_security *gensec_security;
- sconn->use_gensec_hook = false;
-
- /* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */
+ /* See if we can get an SPNEGO blob */
status = auth_generic_prepare(talloc_tos(),
sconn->remote_address,
&gensec_security);
@@ -213,8 +206,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
NULL, data_blob_null, &blob);
/* If we get the list of OIDs, the 'OK' answer
* is NT_STATUS_MORE_PROCESSING_REQUIRED */
- if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- sconn->use_gensec_hook = true;
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
+ blob = data_blob_null;
}
}
TALLOC_FREE(gensec_security);
@@ -235,32 +229,6 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
*/
- if (sconn->use_gensec_hook) {
- /* blob initialised above */
- } else if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) {
-#if 0
- /* Code for PocketPC client */
- blob = data_blob(guid, 16);
-#else
- /* Code for standalone WXP client */
- blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
-#endif
- } else if (!lp_send_spnego_principal()) {
- /* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */
- blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL);
- } else {
- fstring myname;
- char *host_princ_s = NULL;
- name_to_fqdn(myname, lp_netbios_name());
- strlower_m(myname);
- if (asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm())
- == -1) {
- return data_blob_null;
- }
- blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
- SAFE_FREE(host_princ_s);
- }
-
if (blob.length == 0 || blob.data == NULL) {
return data_blob_null;
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index c93ab7904e..1741f4ff90 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -228,12 +228,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_UNIX_TOKEN);
- if (sconn->use_gensec_hook) {
- status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO);
- } else {
- status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_NTLMSSP);
- }
+ status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to start SPNEGO handler!\n"));
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
reply_nterror(req, nt_status_squash(status));
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 1a6f7697ff..c94d016c0f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -235,11 +235,7 @@ static NTSTATUS smbd_smb2_auth_generic(struct smbd_smb2_session *session,
gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY);
gensec_want_feature(session->gensec_security, GENSEC_FEATURE_UNIX_TOKEN);
- if (session->sconn->use_gensec_hook) {
- status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO);
- } else {
- status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_NTLMSSP);
- }
+ status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;