git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s4:gensec_gssapi: make use of gensec_kerberos_possible()
[samba.git] / source4 / auth / gensec / gensec_gssapi.c
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index e96ee4d7983550035eebeb043a564b59b1235d52..997d073d7e1c9a89948c5aff99872cd44aeb34e0 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -383,41 +383,25 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
        struct gensec_gssapi_state *gensec_gssapi_state;
        struct cli_credentials *creds = gensec_get_credentials(gensec_security);
        NTSTATUS nt_status;
-       const char *target_principal = NULL;
-       const char *hostname = gensec_get_target_hostname(gensec_security);
-       const char *service = gensec_get_target_service(gensec_security);
-       const char *realm = cli_credentials_get_realm(creds);
 
-       target_principal = gensec_get_target_principal(gensec_security);
-       if (target_principal != NULL) {
-               goto do_start;
-       }
+       nt_status = gensec_kerberos_possible(gensec_security);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               char *target_name = NULL;
+               char *cred_name = NULL;
 
-       if (!hostname) {
-               DEBUG(3, ("No hostname for target computer passed in, cannot use kerberos for this connection\n"));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
-       if (is_ipaddress(hostname)) {
-               DEBUG(2, ("Cannot do GSSAPI to an IP address\n"));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
-       if (strcmp(hostname, "localhost") == 0) {
-               DEBUG(2, ("GSSAPI to 'localhost' does not make sense\n"));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
+               target_name = gensec_get_unparsed_target_principal(gensec_security,
+                                                                  gensec_security);
+               cred_name = cli_credentials_get_unparsed_name(creds,
+                                                             gensec_security);
+
+               DBG_NOTICE("Not using kerberos to %s as %s: %s\n",
+                          target_name, cred_name, nt_errstr(nt_status));
 
-       if (realm == NULL) {
-               char *cred_name = cli_credentials_get_unparsed_name(creds,
-                                                               gensec_security);
-               DEBUG(3, ("cli_credentials(%s) without realm, "
-                         "cannot use kerberos for this connection %s/%s\n",
-                         cred_name, service, hostname));
+               TALLOC_FREE(target_name);
                TALLOC_FREE(cred_name);
-               return NT_STATUS_INVALID_PARAMETER;
+               return nt_status;
        }
 
-do_start:
-
        nt_status = gensec_gssapi_start(gensec_security);
        if (!NT_STATUS_IS_OK(nt_status)) {
                return nt_status;
Samba Shared Repository