sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3:libsmb: let cli_session_creds_prepare_krb5() update the canonicalized principal to cli_credentials

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2019-09-17 08:49:13 +02:00 committed by Günther Deschner
parent 361fb0efab
commit 6ed18c12c5
1 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
source3/libsmb/cliconnect.c
View File

@ -229,6 +229,8 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
const char *user_account = NULL;
const char *user_domain = NULL;
const char *pass = NULL;
char *canon_principal = NULL;
char *canon_realm = NULL;
const char *target_hostname = NULL;
const DATA_BLOB *server_blob = NULL;
bool got_kerberos_mechanism = false;
@ -237,6 +239,7 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
bool need_kinit = false;
bool auth_requested = true;
int ret;
bool ok;
target_hostname = smbXcli_conn_remote_name(cli->conn);
server_blob = smbXcli_conn_server_gss_blob(cli->conn);
@ -245,7 +248,6 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
if (server_blob != NULL && server_blob->length != 0) {
char *OIDs[ASN1_MAX_OIDS] = { NULL, };
size_t i;
bool ok;
/*
* The server sent us the first part of the SPNEGO exchange in the
@ -354,9 +356,19 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
* only if required!
*/
setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
ret = kerberos_kinit_password(user_principal, pass,
0 /* no time correction for now */,
NULL);
ret = kerberos_kinit_password_ext(user_principal,
pass,
0,
0,
0,
NULL,
false,
false,
0,
frame,
&canon_principal,
&canon_realm,
NULL);
if (ret != 0) {
int dbglvl = DBGLVL_NOTICE;
@ -379,9 +391,26 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
return NT_STATUS_OK;
}
DBG_DEBUG("Successfully authenticated as %s to access %s using "
ok = cli_credentials_set_principal(creds,
canon_principal,
CRED_SPECIFIED);
if (!ok) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
ok = cli_credentials_set_realm(creds,
canon_realm,
CRED_SPECIFIED);
if (!ok) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
DBG_DEBUG("Successfully authenticated as %s (%s) to access %s using "
"Kerberos\n",
user_principal,
canon_principal,
target_hostname);
TALLOC_FREE(frame);