From f13404e27b00f826a11684e69cff82ae0023fc91 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 10 Dec 2010 07:57:59 +1100 Subject: [PATCH] s3-libsmb Don't ever ask for machine$ principals as a target. It is never correct to ask for a machine$ principal as the target of a kerberos connection. You should always connect via the servicePrincipalName. This current code appears to have built up from a series of minimal changes, as the codebase adapted the to lack of a SPNEGO principal from Windows 2008. Andrew Bartlett --- source3/libsmb/cliconnect.c | 36 ++++++------------------------------ 1 file changed, 6 insertions(+), 30 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index c66314891d0..65f6924a688 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1290,24 +1290,11 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, !strequal(STAR_SMBSERVER, cli->desthost)) { char *realm = NULL; - char *machine = NULL; char *host = NULL; - DEBUG(3,("cli_session_setup_spnego: got a " - "bad server principal, trying to guess ...\n")); + DEBUG(3,("cli_session_setup_spnego: using target " + "hostname not SPNEGO principal\n")); host = strchr_m(cli->desthost, '.'); - if (host) { - /* We had a '.' in the name. */ - machine = SMB_STRNDUP(cli->desthost, - host - cli->desthost); - } else { - machine = SMB_STRDUP(cli->desthost); - } - if (machine == NULL) { - TALLOC_FREE(principal); - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - if (dest_realm) { realm = SMB_STRDUP(dest_realm); strupper_m(realm); @@ -1322,21 +1309,11 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, } if (realm && *realm) { - if (host) { - /* DNS name. */ - principal = talloc_asprintf(talloc_tos(), - "cifs/%s@%s", - cli->desthost, - realm); - } else { - /* NetBIOS name, use machine account. */ - principal = talloc_asprintf(talloc_tos(), - "%s$@%s", - machine, - realm); - } + principal = talloc_asprintf(talloc_tos(), + "cifs/%s@%s", + cli->desthost, + realm); if (!principal) { - SAFE_FREE(machine); SAFE_FREE(realm); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -1344,7 +1321,6 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, "server principal=%s\n", principal ? principal : "")); } - SAFE_FREE(machine); SAFE_FREE(realm); } -- 2.34.1