Changeset 745 for trunk/server/source4/auth/gensec/spnego.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source4/auth/gensec/spnego.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/auth/gensec/spnego.c
r414 r745 29 29 #include "auth/gensec/gensec.h" 30 30 #include "auth/gensec/gensec_proto.h" 31 #include "param/param.h" 31 32 32 33 enum spnego_state_position { … … 420 421 421 422 if (spnego_state->state_position == SPNEGO_SERVER_START) { 422 for (i=0; all_sec && all_sec[i].op; i++) {423 /* optomisitic token */424 if (strcmp(all_sec[i].oid, mechType[0]) == 0) {423 uint32_t j; 424 for (j=0; mechType && mechType[j]; j++) { 425 for (i=0; all_sec && all_sec[i].op; i++) { 425 426 nt_status = gensec_subcontext_start(spnego_state, 426 427 gensec_security, … … 437 438 break; 438 439 } 439 440 441 if (j > 0) { 442 /* no optimistic token */ 443 spnego_state->neg_oid = all_sec[i].oid; 444 *unwrapped_out = data_blob_null; 445 nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED; 446 break; 447 } 448 440 449 nt_status = gensec_update(spnego_state->sub_sec_security, 441 450 out_mem_ctx, … … 456 465 break; 457 466 } 458 } 459 } 460 461 /* Having tried any optomisitc token from the client (if we 467 if (spnego_state->sub_sec_security) { 468 break; 469 } 470 } 471 472 if (!spnego_state->sub_sec_security) { 473 DEBUG(1, ("SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT\n")); 474 return NT_STATUS_INVALID_PARAMETER; 475 } 476 } 477 478 /* Having tried any optimistic token from the client (if we 462 479 * were the server), if we didn't get anywhere, walk our list 463 480 * in our preference order */ … … 495 512 if (spnego_state->state_position != SPNEGO_SERVER_START) { 496 513 if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || 514 NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS) || 515 NT_STATUS_EQUAL(nt_status, NT_STATUS_TIME_DIFFERENCE_AT_DC) || 497 516 NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { 498 517 /* Pretend we never started it (lets the first run find some incompatible demand) */ … … 566 585 DATA_BLOB unwrapped_out = data_blob(NULL, 0); 567 586 const struct gensec_security_ops_wrapper *all_sec; 568 const char *principal = NULL;569 587 570 588 mechTypes = gensec_security_oids(gensec_security, … … 633 651 634 652 if (spnego_state->state_position == SPNEGO_SERVER_START) { 635 /* server credentials */636 struct cli_credentials *creds = gensec_get_credentials(gensec_security);637 if (creds) {638 principal = cli_credentials_get_principal(creds, out_mem_ctx);639 }640 }641 if (principal) {642 653 spnego_out.negTokenInit.mechListMIC 643 = data_blob_string_const( principal);654 = data_blob_string_const(ADS_IGNORE_PRINCIPAL); 644 655 } else { 645 656 spnego_out.negTokenInit.mechListMIC = null_data_blob; … … 825 836 } 826 837 827 if (spnego.negTokenInit.targetPrincipal) { 838 if (spnego.negTokenInit.targetPrincipal 839 && strcmp(spnego.negTokenInit.targetPrincipal, ADS_IGNORE_PRINCIPAL) != 0) { 828 840 DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal)); 829 gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); 841 if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { 842 gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal); 843 } 830 844 } 831 845
Note:
See TracChangeset
for help on using the changeset viewer.
