Do not send domain/workstation name in nego_msg

Modern Windows OSs also completely ignore sending any of this stuff,
so just stop sending it ourselves, it's generally ignored anyway.

diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 3b06d18457eb294ff27dc97831ee9706ff53b0c4..9f1e989d65dadc6f1c0900cb90bce3baa7ebd636 100644 (file)
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -44,7 +44,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
     char *nb_computer_name = NULL;
     char *nb_domain_name = NULL;
     struct gssntlm_name *client_name = NULL;
-    const char *domain = NULL;
     uint32_t in_flags;
     uint32_t msg_type;
     char *trgt_name = NULL;
@@ -162,12 +161,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
                               NTLMSSP_NEGOTIATE_KEY_EXCH;
         }
 
-        if (cred->type == GSSNTLM_CRED_USER &&
-            cred->cred.user.user.data.user.domain) {
-            ctx->neg_flags |= NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED;
-            domain = cred->cred.user.user.data.user.domain;
-        }
-
         /* acquire our own name */
         if (!client_name) {
             gss_buffer_desc tmpbuf;
@@ -204,8 +197,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
 
         gssntlm_set_role(ctx, GSSNTLM_CLIENT, nb_domain_name);
 
-        ctx->neg_flags |= NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED;
-
         lm_compat_lvl = gssntlm_get_lm_compatibility_level();
         ctx->sec_req = gssntlm_required_security(lm_compat_lvl, ctx);
         if (ctx->sec_req == 0xff) {
@@ -252,7 +243,7 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
             }
 
             retmin = ntlm_encode_neg_msg(ctx->ntlm, ctx->neg_flags,
-                                         domain, ctx->workstation, &ctx->nego_msg);
+                                         NULL, NULL, &ctx->nego_msg);
             if (retmin) {
                 retmaj = GSS_S_FAILURE;
                 goto done;