sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

gensec: Add an option emulating another mode a client building GSSAPI/krb5 manually uses

Browse Source 
This was seen in the wild, with a Huawei Unified Storage System S5500 V3 against the AD DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11425
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2015-06-26 19:14:13 +12:00
parent 78075cfcda
commit 6224ac9cf4
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source4/auth/gensec/gensec_krb5.c
View File

@ -286,8 +286,15 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
const char *principal;
const char *hostname;
krb5_data in_data;
krb5_data *in_data_p = NULL;
struct tevent_context *previous_ev;
if (lpcfg_parm_bool(gensec_security->settings->lp_ctx,
NULL, "gensec_krb5", "send_authenticator_checksum", true)) {
in_data.length = 0;
in_data_p = &in_data;
}
gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
principal = gensec_get_target_principal(gensec_security);
@ -313,7 +320,6 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_string));
return NT_STATUS_UNSUCCESSFUL;
}
in_data.length = 0;
/* Do this every time, in case we have weird recursive issues here */
ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
@ -330,7 +336,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
&gensec_krb5_state->auth_context,
gensec_krb5_state->ap_req_options,
target_principal,
&in_data, ccache_container->ccache,
in_data_p, ccache_container->ccache,
&gensec_krb5_state->enc_ticket);
krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
target_principal);
@ -341,7 +347,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
gensec_krb5_state->ap_req_options,
gensec_get_target_service(gensec_security),
hostname,
&in_data, ccache_container->ccache,
in_data_p, ccache_container->ccache,
&gensec_krb5_state->enc_ticket);
}