sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s3:libads: let ads_sasl_spnego_bind() use cli_credentials_get_unparsed_name()

Browse Source 
We should only operate on the creds structure and
avoid using ads->auth.{user_name,realm}.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-04-27 12:45:04 +02:00
parent 4d42574c54
commit be771670eb
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
source3/libads/sasl.c
View File

@ -642,6 +642,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
NTSTATUS nt_status;
ADS_STATUS status;
const char *mech = NULL;
const char *debug_username = NULL;
enum credentials_use_kerberos krb5_state;
status = ads_generate_service_principal(ads, &p);
@ -655,6 +656,12 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
goto done;
}
debug_username = cli_credentials_get_unparsed_name(creds, frame);
if (debug_username == NULL) {
status = ADS_ERROR_SYSTEM(errno);
goto done;
}
krb5_state = cli_credentials_get_kerberos_state(creds);
#ifdef HAVE_KRB5
@ -692,10 +699,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
if (!ADS_ERR_OK(status)) {
DBG_ERR("kinit succeeded but "
"SPNEGO bind with Kerberos failed "
"for %s/%s - user[%s], realm[%s]: %s\n",
"for %s/%s - user[%s]: %s\n",
p.service, p.hostname,
ads->auth.user_name,
ads->auth.realm,
debug_username,
ads_errstr(status));
}
}
@ -707,11 +713,10 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
}
DBG_WARNING("SASL bind with Kerberos failed "
"for %s/%s - user[%s], realm[%s]: %s, "
"for %s/%s - user[%s]: %s, "
"try to fallback to NTLMSSP\n",
p.service, p.hostname,
ads->auth.user_name,
ads->auth.realm,
debug_username,
ads_errstr(status));
}
#endif
@ -744,10 +749,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
done:
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_sasl_spnego_gensec_bind(%s) failed "
"for %s/%s with user[%s] realm=[%s]: %s\n", mech,
"for %s/%s with user[%s]: %s\n", mech,
p.service, p.hostname,
ads->auth.user_name,
ads->auth.realm,
debug_username,
ads_errstr(status)));
}
ads_free_service_principal(&p);