From a21cb5a0a11c63f7746a483dca845c12dcfdf1b2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 4 Dec 2010 15:23:44 +1100 Subject: libcli/auth bring ADS_IGNORE_PRINCIPAL in common --- libcli/auth/spnego.h | 2 ++ source3/include/smb_krb5.h | 2 -- source4/auth/gensec/spnego.c | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libcli/auth/spnego.h b/libcli/auth/spnego.h index 6aed765492..9a93f2ed52 100644 --- a/libcli/auth/spnego.h +++ b/libcli/auth/spnego.h @@ -25,6 +25,8 @@ #define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2" #define OID_KERBEROS5 "1.2.840.113554.1.2.2" +#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" + #define SPNEGO_DELEG_FLAG 0x01 #define SPNEGO_MUTUAL_FLAG 0x02 #define SPNEGO_REPLAY_FLAG 0x04 diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index 0a6ba79038..64c5136acb 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -4,8 +4,6 @@ #define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ /* this file uses DEPRECATED interfaces! */ -#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" - #if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) #define KRB5_DEPRECATED 1 #else diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 813bf0a730..898dad1e92 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -827,7 +827,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } - if (spnego.negTokenInit.targetPrincipal) { + if (spnego.negTokenInit.targetPrincipal + && strcmp(spnego.negTokenInit.targetPrincipal, ADS_IGNORE_PRINCIPAL) != 0) { DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal)); if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); -- cgit