sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00
Code

made smbclient cope better with arbitrary principle forms

Browse Source
This commit is contained in:
Andrew Tridgell -
parent eac164c7e6
commit d1341d74b7
3 changed files with 10 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/libsmb/cliconnect.c
View File

@ -387,6 +387,8 @@ static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principle, c
{
DATA_BLOB blob2, negTokenTarg;
d_printf("Doing kerberos session setup\n");
/* generate the encapsulated kerberos5 ticket */
negTokenTarg = spnego_gen_negTokenTarg(cli, principle);
@ -509,6 +511,8 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
int i;
BOOL got_kerberos_mechanism = False;
d_printf("Doing spnego session setup\n");
/* the server might not even do spnego */
if (cli->secblob.length == 16) {
DEBUG(3,("server didn't supply a full spnego negprot\n"));

12
source/libsmb/clikrb5.c
View File

@ -28,8 +28,7 @@
static krb5_error_code krb5_mk_req2(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
const char *service,
const char *realm,
const char *principle,
krb5_ccache ccache,
krb5_data *outbuf)
{
@ -39,10 +38,9 @@ static krb5_error_code krb5_mk_req2(krb5_context context,
krb5_creds creds;
krb5_data in_data;
retval = krb5_build_principal(context, &server, strlen(realm),
realm, service, NULL);
retval = krb5_parse_name(context, principle, &server);
if (retval) {
DEBUG(1,("Failed to build principle for %s@%s\n", service, realm));
DEBUG(1,("Failed to parse principle %s\n", principle));
return retval;
}
@ -89,7 +87,7 @@ cleanup_princ:
/*
get a kerberos5 ticket for the given service
*/
DATA_BLOB krb5_get_ticket(char *service, char *realm)
DATA_BLOB krb5_get_ticket(char *principle)
{
krb5_error_code retval;
krb5_data packet;
@ -114,7 +112,7 @@ DATA_BLOB krb5_get_ticket(char *service, char *realm)
if ((retval = krb5_mk_req2(context,
&auth_context,
0,
service, realm,
principle,
ccdef, &packet))) {
goto failed;
}

15
source/libsmb/clispnego.c
View File

@ -271,24 +271,11 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
*/
DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principle)
{
char *p;
fstring service;
char *realm;
DATA_BLOB tkt, tkt_wrapped, targ;
const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
fstrcpy(service, principle);
p = strchr_m(service, '@');
if (!p) {
DEBUG(1,("Malformed principle [%s] in spnego_gen_negTokenTarg\n",
principle));
return data_blob(NULL, 0);
}
*p = 0;
realm = p+1;
/* get a kerberos ticket for the service */
tkt = krb5_get_ticket(service, realm);
tkt = krb5_get_ticket(principle);
/* wrap that up in a nice GSS-API wrapping */
tkt_wrapped = spnego_gen_krb5_wrap(tkt);