s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default

This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.

This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour.  It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.

Andrew Bartlett

source3/include/proto.h

@@ -3307,6 +3307,7 @@ bool lp_unix_extensions(void);
 bool lp_use_spnego(void);
 bool lp_client_use_spnego(void);
 bool lp_client_use_spnego_principal(void);
+bool lp_send_spnego_principal(void);
 bool lp_hostname_lookups(void);
 bool lp_change_notify(const struct share_params *p );
 bool lp_kernel_change_notify(const struct share_params *p );

source3/param/loadparm.c

@@ -339,6 +339,7 @@ struct global {
 	bool bClientPlaintextAuth;
 	bool bClientUseSpnego;
 	bool client_use_spnego_principal;
+	bool send_spnego_principal;
 	bool bDebugPrefixTimestamp;
 	bool bDebugHiresTimestamp;
 	bool bDebugPid;
@@ -1408,6 +1409,15 @@ static struct parm_struct parm_table[] = {
 		.enum_list	= NULL,
 		.flags		= FLAG_ADVANCED,
 	},
+	{
+		.label		= "send spnego principal",
+		.type		= P_BOOL,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.send_spnego_principal,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED,
+	},
 	{
 		.label		= "username",
 		.type		= P_STRING,
@@ -5722,6 +5732,7 @@ FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
 FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
 FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
 FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
+FN_GLOBAL_BOOL(lp_send_spnego_principal, &Globals.send_spnego_principal)
 FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
 FN_LOCAL_PARM_BOOL(lp_change_notify, bChangeNotify)
 FN_LOCAL_PARM_BOOL(lp_kernel_change_notify, bKernelChangeNotify)

source3/smbd/negprot.c

@@ -213,6 +213,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		/* Code for standalone WXP client */
 		blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
 #endif
+	} else if (!lp_send_spnego_principal()) {
+		/* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */
+		blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL);
 	} else {
 		fstring myname;
 		char *host_princ_s = NULL;