mirror of
https://github.com/samba-team/samba.git
synced 2025-07-31 20:22:15 +03:00
r4970: Fix for bug 2092, allowing fallback after kerberos and allow
gnome vfs to prevent auto-anonymous logon. Jeremy.
This commit is contained in:
Jeremy Allison
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
78975ab9a9
commit
843e85bcd9
@ -144,6 +144,7 @@ struct cli_state {
|
|||||||
uint16 max_recv_frag;
|
uint16 max_recv_frag;
|
||||||
|
|
||||||
BOOL use_kerberos;
|
BOOL use_kerberos;
|
||||||
|
BOOL fallback_after_kerberos;
|
||||||
BOOL use_spnego;
|
BOOL use_spnego;
|
||||||
|
|
||||||
BOOL use_oplocks; /* should we use oplocks? */
|
BOOL use_oplocks; /* should we use oplocks? */
|
||||||
|
|||||||
@ -455,9 +455,15 @@ struct _SMBCCTX {
|
|||||||
* do _NOT_ touch this from your program !
|
* do _NOT_ touch this from your program !
|
||||||
*/
|
*/
|
||||||
struct smbc_internal_data * internal;
|
struct smbc_internal_data * internal;
|
||||||
|
|
||||||
|
int flags;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* Flags for SMBCCTX->flags */
|
||||||
|
#define SMB_CTX_FLAG_USE_KERBEROS (1 << 0)
|
||||||
|
#define SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS (1 << 1)
|
||||||
|
#define SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON (1 << 2) /* don't try to do automatic anon login */
|
||||||
|
|
||||||
/**@ingroup misc
|
/**@ingroup misc
|
||||||
* Create a new SBMCCTX (a context).
|
* Create a new SBMCCTX (a context).
|
||||||
|
|||||||
@ -757,13 +757,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
|
|||||||
if (ret){
|
if (ret){
|
||||||
SAFE_FREE(principal);
|
SAFE_FREE(principal);
|
||||||
DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
|
DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
|
||||||
|
if (cli->fallback_after_kerberos)
|
||||||
|
goto ntlmssp;
|
||||||
return ADS_ERROR_KRB5(ret);
|
return ADS_ERROR_KRB5(ret);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = cli_session_setup_kerberos(cli, principal, domain);
|
rc = cli_session_setup_kerberos(cli, principal, domain);
|
||||||
SAFE_FREE(principal);
|
if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
|
||||||
return rc;
|
SAFE_FREE(principal);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -584,6 +584,13 @@ SMBCSRV *smbc_server(SMBCCTX *context,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (context->flags & SMB_CTX_FLAG_USE_KERBEROS) {
|
||||||
|
c.use_kerberos = True;
|
||||||
|
}
|
||||||
|
if (context->flags & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS) {
|
||||||
|
c.fallback_after_kerberos = True;
|
||||||
|
}
|
||||||
|
|
||||||
c.timeout = context->timeout;
|
c.timeout = context->timeout;
|
||||||
|
|
||||||
/* Force use of port 139 for first try, so browse lists can work */
|
/* Force use of port 139 for first try, so browse lists can work */
|
||||||
@ -648,8 +655,9 @@ SMBCSRV *smbc_server(SMBCCTX *context,
|
|||||||
password, strlen(password),
|
password, strlen(password),
|
||||||
password, strlen(password),
|
password, strlen(password),
|
||||||
workgroup) &&
|
workgroup) &&
|
||||||
/* try an anonymous login if it failed */
|
/* Try an anonymous login if it failed and this was allowed by flags. */
|
||||||
!cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {
|
((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
|
||||||
|
!cli_session_setup(&c, "", "", 1,"", 0, workgroup))) {
|
||||||
cli_shutdown(&c);
|
cli_shutdown(&c);
|
||||||
errno = EPERM;
|
errno = EPERM;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
Reference in New Issue
Block a user