mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:gensec expose gensec_set_target_principal for use outside GENSEC
This allows for the rare case where the caller knows the target principal. The check for lp_client_use_spnego_principal() is moved to the spengo code to make this work. Andrew Bartlett
This commit is contained in:
parent
8da50c8da1
commit
b5dc394962
@ -1302,7 +1302,7 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s
|
||||
*
|
||||
*/
|
||||
|
||||
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
|
||||
_PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
|
||||
{
|
||||
gensec_security->target.principal = talloc_strdup(gensec_security, principal);
|
||||
if (!gensec_security->target.principal) {
|
||||
|
@ -311,4 +311,6 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
|
||||
int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
|
||||
bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
|
||||
|
||||
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
|
||||
|
||||
#endif /* __GENSEC_H__ */
|
||||
|
@ -299,7 +299,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
|
||||
}
|
||||
in_data.length = 0;
|
||||
|
||||
if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
|
||||
if (principal) {
|
||||
krb5_principal target_principal;
|
||||
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
|
||||
&target_principal);
|
||||
|
@ -28,6 +28,7 @@
|
||||
#include "auth/credentials/credentials.h"
|
||||
#include "auth/gensec/gensec.h"
|
||||
#include "auth/gensec/gensec_proto.h"
|
||||
#include "param/param.h"
|
||||
|
||||
enum spnego_state_position {
|
||||
SPNEGO_SERVER_START,
|
||||
@ -826,7 +827,9 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
|
||||
if (spnego.negTokenInit.targetPrincipal) {
|
||||
DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal));
|
||||
gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
|
||||
if (lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
|
||||
gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
|
||||
}
|
||||
}
|
||||
|
||||
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
|
||||
|
Loading…
Reference in New Issue
Block a user