Changeset 140 for branches/samba-3.0/source/libsmb/cliconnect.c
- Timestamp:
- 07/11/08 01:13:42 (5 months ago)
- Files:
-
- 1 modified
-
branches/samba-3.0/source/libsmb/cliconnect.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/libsmb/cliconnect.c
r134 r140 788 788 /**************************************************************************** 789 789 Do a spnego encrypted session setup. 790 791 user_domain: The shortname of the domain the user/machine is a member of. 792 dest_realm: The realm we're connecting to, if NULL we use our default realm. 790 793 ****************************************************************************/ 791 794 792 795 ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, 793 const char *pass, const char *domain) 794 { 795 char *principal; 796 const char *pass, const char *user_domain, 797 const char * dest_realm) 798 { 799 char *principal = NULL; 796 800 char *OIDs[ASN1_MAX_OIDS]; 797 801 int i; … … 814 818 blob = data_blob(cli->secblob.data+16, cli->secblob.length-16); 815 819 816 /* the server sent us the first part of the SPNEGO exchange in the negprot 817 reply */ 820 /* The server sent us the first part of the SPNEGO exchange in the 821 * negprot reply. It is WRONG to depend on the principal sent in the 822 * negprot reply, but right now we do it. If we don't receive one, 823 * we try to best guess, then fall back to NTLM. */ 818 824 if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) { 819 825 data_blob_free(&blob); … … 833 839 834 840 DEBUG(3,("got principal=%s\n", principal ? principal : "<null>")); 835 836 if (got_kerberos_mechanism && (principal == NULL)) {837 /*838 * It is WRONG to depend on the principal sent in the negprot839 * reply, but right now we do it. So for safety (don't840 * segfault later) disable Kerberos when no principal was841 * sent. -- VL842 */843 DEBUG(1, ("Kerberos mech was offered, but no principal was "844 "sent, disabling Kerberos\n"));845 cli->use_kerberos = False;846 }847 841 848 842 fstrcpy(cli->user_name, user); … … 897 891 } 898 892 899 realm = kerberos_get_default_realm_from_ccache(); 893 if (dest_realm) { 894 realm = SMB_STRDUP(dest_realm); 895 strupper_m(realm); 896 } else { 897 realm = kerberos_get_default_realm_from_ccache(); 898 } 900 899 if (realm && *realm) { 901 900 if (asprintf(&principal, "%s$@%s", … … 914 913 915 914 if (principal) { 916 rc = cli_session_setup_kerberos(cli, principal, domain); 915 rc = cli_session_setup_kerberos(cli, principal, 916 dest_realm); 917 917 if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) { 918 918 SAFE_FREE(principal); … … 927 927 ntlmssp: 928 928 929 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, domain)); 929 return ADS_ERROR_NT(cli_session_setup_ntlmssp(cli, user, pass, 930 user_domain)); 930 931 } 931 932 … … 1010 1011 1011 1012 if (cli->capabilities & CAP_EXTENDED_SECURITY) { 1012 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup); 1013 ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, 1014 workgroup, NULL); 1013 1015 if (!ADS_ERR_OK(status)) { 1014 1016 DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status))); … … 1329 1331 SAFE_FREE(cli->outbuf); 1330 1332 SAFE_FREE(cli->inbuf); 1331 cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+ SAFETY_MARGIN);1332 cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+ SAFETY_MARGIN);1333 cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE ;1333 cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN); 1334 cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN); 1335 cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE; 1334 1336 } 1335 1337
