diff options
| author | Jeff Layton <jlayton@redhat.com> | 2009-10-14 11:04:56 -0400 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2010-01-13 14:00:50 +0100 |
| commit | 41f47df8c811b04657b20a75e5d6868e92b7632b (patch) | |
| tree | c704d8e61a3521e2930e1dc4dc061f6a5016594e /source/client/cifs.upcall.c | |
| parent | 2f4d681e867e4ee1a3f9d0357045eb4f0e0ae686 (diff) | |
| download | samba-41f47df8c811b04657b20a75e5d6868e92b7632b.tar.gz | |
cifs.upcall: try getting a "cifs/" principal and fall back to "host/"
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(cherry picked from commit e919c3ac1229eae35614b92a9daebc71e770ca1b)
Diffstat (limited to 'source/client/cifs.upcall.c')
| -rw-r--r-- | source/client/cifs.upcall.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c index b8102bb4f85..732b2a090b7 100644 --- a/source/client/cifs.upcall.c +++ b/source/client/cifs.upcall.c @@ -30,7 +30,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k #include "cifs_spnego.h" -const char *CIFSSPNEGO_VERSION = "1.2"; +const char *CIFSSPNEGO_VERSION = "1.3"; static const char *prog = "cifs.upcall"; typedef enum _sectype { NONE = 0, @@ -291,8 +291,8 @@ cifs_resolver(const key_serial_t key, const char *key_descr) static void usage(void) { - syslog(LOG_INFO, "Usage: %s [-c] [-v] key_serial", prog); - fprintf(stderr, "Usage: %s [-c] [-v] key_serial\n", prog); + syslog(LOG_INFO, "Usage: %s [-v] key_serial", prog); + fprintf(stderr, "Usage: %s [-v] key_serial\n", prog); } int main(const int argc, char *const argv[]) @@ -303,7 +303,7 @@ int main(const int argc, char *const argv[]) key_serial_t key = 0; size_t datalen; long rc = 1; - int c, use_cifs_service_prefix = 0; + int c; char *buf, *princ, *ccname = NULL; struct decoded_args arg = { }; const char *oid; @@ -313,7 +313,7 @@ int main(const int argc, char *const argv[]) while ((c = getopt(argc, argv, "cv")) != -1) { switch (c) { case 'c': - use_cifs_service_prefix = 1; + /* legacy option -- skip it */ break; case 'v': printf("version: %s\n", CIFSSPNEGO_VERSION); @@ -395,19 +395,23 @@ int main(const int argc, char *const argv[]) break; } - if (use_cifs_service_prefix) - strlcpy(princ, "cifs/", datalen); - else - strlcpy(princ, "host/", datalen); - - strlcpy(princ + 5, arg.hostname, datalen - 5); - if (arg.sec == MS_KRB5) oid = OID_KERBEROS5_OLD; else oid = OID_KERBEROS5; + /* + * try getting a cifs/ principal first and then fall back to + * getting a host/ principal if that doesn't work. + */ + strlcpy(princ, "cifs/", datalen); + strlcpy(princ + 5, arg.hostname, datalen - 5); rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, ccname); + if (rc) { + memcpy(princ, "host/", 5); + rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, + ccname); + } SAFE_FREE(princ); break; default: |