From 860ad734ba77238d187520f72afcbdc1c73d94ef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 4 Jan 2012 11:39:38 +1100 Subject: s3-libads Factor out a new routine kerberos_get_principal_from_service_hostname() This is now used in the GSE GSSAPI client, so that when we connect to a target server at the CIFS level, we use the same name to connect at the DCE/RPC level. Andrew Bartlett Signed-off-by: Stefan Metzmacher --- source3/librpc/crypto/gse.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'source3/librpc') diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index b4e59da475..0f97978256 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -21,6 +21,7 @@ #include "includes.h" #include "gse.h" +#include "libads/kerberos_proto.h" #if defined(HAVE_KRB5) && defined(HAVE_GSS_WRAP_IOV) @@ -247,15 +248,22 @@ NTSTATUS gse_init_client(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - name_buffer.value = talloc_asprintf(gse_ctx, - "%s@%s", service, server); + /* Guess the realm based on the supplied service, and avoid the GSS libs + doing DNS lookups which may fail. + + TODO: Loop with the KDC on some more combinations (local + realm in particular), possibly falling back to + GSS_C_NT_HOSTBASED_SERVICE + */ + name_buffer.value = kerberos_get_principal_from_service_hostname(gse_ctx, + service, server); if (!name_buffer.value) { status = NT_STATUS_NO_MEMORY; goto err_out; } name_buffer.length = strlen((char *)name_buffer.value); gss_maj = gss_import_name(&gss_min, &name_buffer, - GSS_C_NT_HOSTBASED_SERVICE, + GSS_C_NT_USER_NAME, &gse_ctx->server_name); if (gss_maj) { DEBUG(0, ("gss_import_name failed for %s, with [%s]\n", -- cgit