bool lp_unix_extensions(void);
bool lp_use_spnego(void);
bool lp_client_use_spnego(void);
+bool lp_client_use_spnego_principal(void);
bool lp_hostname_lookups(void);
bool lp_change_notify(const struct share_params *p );
bool lp_kernel_change_notify(const struct share_params *p );
the principal name back in the first round of
the SASL bind reply. So we guess based on server
name and realm. --jerry */
- /* Also try best guess when we get the w2k8 ignore
- principal back - gd */
+ /* Also try best guess when we get the w2k8 ignore principal
+ back, or when we are configured to ignore it - gd,
+ abartlet */
- if (!given_principal ||
+ if (!lp_client_use_spnego_principal() ||
+ !given_principal ||
strequal(given_principal, ADS_IGNORE_PRINCIPAL)) {
status = ads_guess_service_principal(ads, &p->string);
}
}
- /* If we get a bad principal, try to guess it if
- we have a valid host NetBIOS name.
+ /* We may not be allowed to use the server-supplied SPNEGO principal, or it may not have been supplied to us
*/
- if (strequal(principal, ADS_IGNORE_PRINCIPAL)) {
+ if (!lp_client_use_spnego_principal() || strequal(principal, ADS_IGNORE_PRINCIPAL)) {
TALLOC_FREE(principal);
}
bool bClientNTLMv2Auth;
bool bClientPlaintextAuth;
bool bClientUseSpnego;
+ bool client_use_spnego_principal;
bool bDebugPrefixTimestamp;
bool bDebugHiresTimestamp;
bool bDebugPid;
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "client use spnego principal",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.client_use_spnego_principal,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "username",
.type = P_STRING,
FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
+FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
FN_LOCAL_PARM_BOOL(lp_change_notify, bChangeNotify)
FN_LOCAL_PARM_BOOL(lp_kernel_change_notify, bKernelChangeNotify)