sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-23 09:57:40 +03:00
Code

r4970: Fix for bug 2092, allowing fallback after kerberos and allow

Browse Source 
gnome vfs to prevent auto-anonymous logon.
Jeremy.
(This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
This commit is contained in:
Jeremy Allison 2005-01-24 20:21:15 +00:00 committed by Gerald (Jerry) Carter
parent d1b7d109fa
commit c24c328a9e
4 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source3/include/client.h
View File

@ -144,6 +144,7 @@ struct cli_state {
uint16 max_recv_frag;
BOOL use_kerberos;
BOOL fallback_after_kerberos;
BOOL use_spnego;
BOOL use_oplocks; /* should we use oplocks? */

6
source3/include/libsmbclient.h
View File

@ -455,9 +455,15 @@ struct _SMBCCTX {
* do _NOT_ touch this from your program !
*/
struct smbc_internal_data * internal;
int flags;
};
/* Flags for SMBCCTX->flags */
#define SMB_CTX_FLAG_USE_KERBEROS (1 << 0)
#define SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS (1 << 1)
#define SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON (1 << 2) /* don't try to do automatic anon login */
/**@ingroup misc
* Create a new SBMCCTX (a context).

8
source3/libsmb/cliconnect.c
View File

@ -757,13 +757,17 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
if (ret){
SAFE_FREE(principal);
DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
if (cli->fallback_after_kerberos)
goto ntlmssp;
return ADS_ERROR_KRB5(ret);
}
}
rc = cli_session_setup_kerberos(cli, principal, domain);
SAFE_FREE(principal);
return rc;
if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) {
SAFE_FREE(principal);
return rc;
}
}
#endif

12
source3/libsmb/libsmbclient.c
View File

@ -584,6 +584,13 @@ SMBCSRV *smbc_server(SMBCCTX *context,
return NULL;
}
if (context->flags & SMB_CTX_FLAG_USE_KERBEROS) {
c.use_kerberos = True;
}
if (context->flags & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS) {
c.fallback_after_kerberos = True;
}
c.timeout = context->timeout;
/* Force use of port 139 for first try, so browse lists can work */
@ -648,8 +655,9 @@ SMBCSRV *smbc_server(SMBCCTX *context,
password, strlen(password),
password, strlen(password),
workgroup) &&
/* try an anonymous login if it failed */
!cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {
/* Try an anonymous login if it failed and this was allowed by flags. */
((context->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON) ||
!cli_session_setup(&c, "", "", 1,"", 0, workgroup))) {
cli_shutdown(&c);
errno = EPERM;
return NULL;