diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index a4e4828895e..97d0352dac9 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1267,147 +1267,6 @@ static void use_in_memory_ccache(void) { setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1); } -/**************************************************************************** - Do a spnego/kerberos encrypted session setup. -****************************************************************************/ -#if 0 -struct cli_session_setup_kerberos_state { - struct cli_state *cli; - DATA_BLOB negTokenTarg; - DATA_BLOB session_key_krb5; - ADS_STATUS ads_status; -}; - -static void cli_session_setup_kerberos_done(struct tevent_req *subreq); - -static struct tevent_req *cli_session_setup_kerberos_send( - TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli, - const char *principal) -{ - struct tevent_req *req, *subreq; - struct cli_session_setup_kerberos_state *state; - int rc; - - DEBUG(2,("Doing kerberos session setup\n")); - - req = tevent_req_create(mem_ctx, &state, - struct cli_session_setup_kerberos_state); - if (req == NULL) { - return NULL; - } - state->cli = cli; - state->ads_status = ADS_SUCCESS; - - /* - * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if - * we have to acquire a ticket. To be fixed later :-) - */ - rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg, - &state->session_key_krb5, 0, NULL, NULL); - if (rc) { - NTSTATUS status; - - state->ads_status = ADS_ERROR_KRB5(rc); - status = ads_ntstatus(state->ads_status); - if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) { - status = NT_STATUS_LOGON_FAILURE; - state->ads_status = ADS_ERROR_NT(status); - } - DEBUG(1, ("cli_session_setup_kerberos: " - "spnego_gen_krb5_negTokenInit failed: %s - %s\n", - error_message(rc), nt_errstr(status))); - tevent_req_nterror(req, status); - return tevent_req_post(req, ev); - } - -#if 0 - file_save("negTokenTarg.dat", state->negTokenTarg.data, - state->negTokenTarg.length); -#endif - - if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) { - state->cli->smb2.session = smbXcli_session_create(cli, - cli->conn); - if (tevent_req_nomem(state->cli->smb2.session, req)) { - return tevent_req_post(req, ev); - } - } - - subreq = cli_sesssetup_blob_send(state, ev, cli, state->negTokenTarg); - if (tevent_req_nomem(subreq, req)) { - return tevent_req_post(req, ev); - } - tevent_req_set_callback(subreq, cli_session_setup_kerberos_done, req); - return req; -} - -static void cli_session_setup_kerberos_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data( - subreq, struct tevent_req); - struct cli_session_setup_kerberos_state *state = tevent_req_data( - req, struct cli_session_setup_kerberos_state); - uint8_t *inbuf = NULL; - struct iovec *recv_iov = NULL; - NTSTATUS status; - - status = cli_sesssetup_blob_recv(subreq, state, - NULL, &inbuf, &recv_iov); - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - tevent_req_nterror(req, status); - return; - } - - if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) { - struct smbXcli_session *session = state->cli->smb2.session; - status = smb2cli_session_set_session_key(session, - state->session_key_krb5, - recv_iov); - if (tevent_req_nterror(req, status)) { - return; - } - } else { - struct smbXcli_session *session = state->cli->smb1.session; - - status = smb1cli_session_set_session_key(session, - state->session_key_krb5); - if (tevent_req_nterror(req, status)) { - return; - } - - if (smb1cli_conn_activate_signing(state->cli->conn, state->session_key_krb5, - data_blob_null) - && !smb1cli_conn_check_signing(state->cli->conn, inbuf, 1)) { - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return; - } - } - - tevent_req_done(req); -} - -static ADS_STATUS cli_session_setup_kerberos_recv(struct tevent_req *req) -{ - struct cli_session_setup_kerberos_state *state = tevent_req_data( - req, struct cli_session_setup_kerberos_state); - NTSTATUS status; - - if (tevent_req_is_nterror(req, &status)) { - ADS_STATUS ads = state->ads_status; - - if (!ADS_ERR_OK(state->ads_status)) { - ads = state->ads_status; - } else { - ads = ADS_ERROR_NT(status); - } - tevent_req_received(req); - return ads; - } - tevent_req_received(req); - return ADS_SUCCESS; -} -#endif #endif /* HAVE_KRB5 */ /****************************************************************************