1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:gensec expose gensec_set_target_principal for use outside GENSEC

This allows for the rare case where the caller knows the target
principal.  The check for lp_client_use_spnego_principal() is moved to
the spengo code to make this work.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2010-05-13 07:59:41 +10:00
parent 8da50c8da1
commit b5dc394962
4 changed files with 8 additions and 3 deletions

View File

@ -1302,7 +1302,7 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s
*
*/
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
_PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
{
gensec_security->target.principal = talloc_strdup(gensec_security, principal);
if (!gensec_security->target.principal) {

View File

@ -311,4 +311,6 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
#endif /* __GENSEC_H__ */

View File

@ -299,7 +299,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
}
in_data.length = 0;
if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
if (principal) {
krb5_principal target_principal;
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
&target_principal);

View File

@ -28,6 +28,7 @@
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "param/param.h"
enum spnego_state_position {
SPNEGO_SERVER_START,
@ -826,7 +827,9 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (spnego.negTokenInit.targetPrincipal) {
DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal));
gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
if (lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
}
}
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,