From 76cdf68ee9f4982f1b847023818641cf4603dfd1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 29 Dec 2006 09:18:06 +0000 Subject: [PATCH] r20403: Cleaning out my Samba 3.0 tree: As discussed with jerry at the CIFS conf: overriding the administrator's wishes from the krb5.conf has only every given me segfaults. We suggest leaving this up to the defaults from the libraries anyway. Andrew Bartlett (This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca) --- source3/libads/sasl.c | 11 ----------- source3/libsmb/clikrb5.c | 42 ---------------------------------------- 2 files changed, 53 deletions(-) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 7d1fd0d1a83..d1699dbab78 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -42,7 +42,6 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) { return ADS_ERROR_NT(nt_status); } - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN; if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) { return ADS_ERROR_NT(nt_status); @@ -283,12 +282,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) ADS_STATUS status; krb5_principal principal; krb5_context ctx = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_NULL}; gss_OID_desc nt_principal = {10, CONST_DISCARD(char *, "\052\206\110\206\367\022\001\002\002\002")}; @@ -301,10 +294,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) if (!ADS_ERR_OK(status)) { return status; } - status = ADS_ERROR_KRB5(krb5_set_default_tgs_ktypes(ctx, enc_types)); - if (!ADS_ERR_OK(status)) { - return status; - } status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, &principal)); if (!ADS_ERR_OK(status)) { return status; diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 4092b4b2b90..0df45f1b4d5 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -130,35 +130,6 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context, } #endif -#if !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES) - -#if defined(HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES) - -/* With MIT kerberos, we should use krb5_set_default_tgs_enctypes in preference - * to krb5_set_default_tgs_ktypes. See - * http://lists.samba.org/archive/samba-technical/2006-July/048271.html - * - * If the MIT libraries are not exporting internal symbols, we will end up in - * this branch, which is correct. Otherwise we will continue to use the - * internal symbol - */ - krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) -{ - return krb5_set_default_tgs_enctypes(ctx, enc); -} - -#elif defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) - -/* Heimdal */ - krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) -{ - return krb5_set_default_in_tkt_etypes(ctx, enc); -} - -#endif /* HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES */ - -#endif /* HAVE_KRB5_SET_DEFAULT_TGS_KTYPES */ - #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* HEIMDAL */ void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr) @@ -641,13 +612,6 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, krb5_context context = NULL; krb5_ccache ccdef = NULL; krb5_auth_context auth_context = NULL; - krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC - ENCTYPE_ARCFOUR_HMAC, -#endif - ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES_CBC_CRC, - ENCTYPE_NULL}; initialize_krb5_error_table(); retval = krb5_init_context(&context); @@ -668,12 +632,6 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, goto failed; } - if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) { - DEBUG(1,("cli_krb5_get_ticket: krb5_set_default_tgs_ktypes failed (%s)\n", - error_message(retval))); - goto failed; - } - if ((retval = ads_krb5_mk_req(context, &auth_context, AP_OPTS_USE_SUBKEY | (krb5_flags)extra_ap_opts, -- 2.34.1