diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-08 08:54:57 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-08-08 10:11:05 -0400 |
| commit | d52868a17b098378762692429d52b4d19380b4c1 (patch) | |
| tree | 13847cbd47fc3628a5e163c8f8e5bc67f01ed08a | |
| parent | 500b252270f2e99ccd9a0888556fe64567edd2d9 (diff) | |
| download | gss-ntlmssp-d52868a17b098378762692429d52b4d19380b4c1.tar.gz gss-ntlmssp-d52868a17b098378762692429d52b4d19380b4c1.tar.xz gss-ntlmssp-d52868a17b098378762692429d52b4d19380b4c1.zip | |
Set the domain name only when available.
If we cannot source the domain name do not try to fake it up, just
leave it empty and omit it from the negotiation.
| -rw-r--r-- | src/gss_names.c | 10 | ||||
| -rw-r--r-- | src/gss_ntlmssp.h | 4 | ||||
| -rw-r--r-- | src/gss_sec_ctx.c | 18 | ||||
| -rw-r--r-- | src/winbind.c | 10 |
4 files changed, 14 insertions, 28 deletions
diff --git a/src/gss_names.c b/src/gss_names.c index e25c707..3c6f5a2 100644 --- a/src/gss_names.c +++ b/src/gss_names.c @@ -558,7 +558,7 @@ uint32_t netbios_get_names(char *computer_name, } if (!nb_computer_name || !nb_domain_name) { - /* fetch only missing ones */ + /* fetch only mising ones */ ret = external_netbios_get_names( nb_computer_name ? NULL : &nb_computer_name, nb_domain_name ? NULL : &nb_domain_name); @@ -587,14 +587,6 @@ uint32_t netbios_get_names(char *computer_name, } } - if (!nb_domain_name) { - nb_domain_name = strdup("WORKGROUP"); - if (!nb_domain_name) { - ret = ENOMEM; - goto done; - } - } - ret = 0; done: diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h index b382e47..efae6c7 100644 --- a/src/gss_ntlmssp.h +++ b/src/gss_ntlmssp.h @@ -43,14 +43,12 @@ NTLMSSP_REQUEST_TARGET | \ NTLMSSP_NEGOTIATE_UNICODE) -#define NTLMSSP_DEFAULT_ALLOWED_SERVER_FLAGS ( \ +#define NTLMSSP_DEFAULT_SERVER_FLAGS ( \ NTLMSSP_NEGOTIATE_ALWAYS_SIGN | \ NTLMSSP_NEGOTIATE_56 | \ NTLMSSP_NEGOTIATE_KEY_EXCH | \ NTLMSSP_NEGOTIATE_128 | \ NTLMSSP_NEGOTIATE_VERSION | \ - NTLMSSP_TARGET_TYPE_SERVER | \ - NTLMSSP_TARGET_TYPE_DOMAIN | \ NTLMSSP_NEGOTIATE_ALWAYS_SIGN | \ NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED | \ NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED | \ diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 098d6eb..d79670b 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -603,7 +603,7 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, goto done; } - ctx->neg_flags = NTLMSSP_DEFAULT_ALLOWED_SERVER_FLAGS; + ctx->neg_flags = NTLMSSP_DEFAULT_SERVER_FLAGS; /* Fixme: How do we allow anonymous negotition ? */ if (gssntlm_sec_lm_ok(ctx)) { @@ -669,12 +669,6 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, ctx->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; } - /* TODO: support Domain type */ - if (true) { - ctx->neg_flags |= NTLMSSP_TARGET_TYPE_SERVER; - ctx->neg_flags &= ~NTLMSSP_TARGET_TYPE_DOMAIN; - } - if (ctx->neg_flags & NTLMSSP_REQUEST_TARGET) { ctx->neg_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO; } @@ -753,14 +747,12 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, goto done; } - switch (ctx->role) { - case GSSNTLM_DOMAIN_SERVER: - case GSSNTLM_DOMAIN_CONTROLLER: + if (nb_domain_name) { chal_target_name = nb_domain_name; - break; - default: + ctx->neg_flags |= NTLMSSP_TARGET_TYPE_DOMAIN; + } else { chal_target_name = nb_computer_name; - break; + ctx->neg_flags |= NTLMSSP_TARGET_TYPE_SERVER; } retmin = ntlm_encode_chal_msg(ctx->ntlm, ctx->neg_flags, diff --git a/src/winbind.c b/src/winbind.c index b2f82d0..d731fd8 100644 --- a/src/winbind.c +++ b/src/winbind.c @@ -19,7 +19,9 @@ uint32_t winbind_get_names(char **computer, char **domain) wbc_status = wbcInterfaceDetails(&details); if (!WBC_ERROR_IS_OK(wbc_status)) goto done; - if (computer) { + if (computer && + details->netbios_name && + (details->netbios_name[0] != 0)) { *computer = strdup(details->netbios_name); if (!*computer) { ret = ENOMEM; @@ -27,7 +29,9 @@ uint32_t winbind_get_names(char **computer, char **domain) } } - if (domain) { + if (domain && + details->netbios_domain && + (details->netbios_domain[0] != 0)) { *domain = strdup(details->netbios_domain); if (!*domain) { ret = ENOMEM; @@ -39,7 +43,7 @@ uint32_t winbind_get_names(char **computer, char **domain) done: if (ret) { - if (computer) free(*computer); + if (computer) safefree(*computer); } wbcFreeMemory(details); return ret; |