const char *sasl,
enum credentials_use_kerberos krb5_state,
const char *target_service,
- const char *target_hostname,
- const DATA_BLOB server_blob)
+ const char *target_hostname)
{
DATA_BLOB blob_in = data_blob_null;
DATA_BLOB blob_out = data_blob_null;
NTSTATUS nt_status;
ADS_STATUS status;
struct auth_generic_state *auth_generic_state;
- bool use_spnego_principal = lp_client_use_spnego_principal();
const char *sasl_list[] = { sasl, NULL };
NTTIME end_nt_time;
struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
return ADS_ERROR_NT(nt_status);
}
- if (server_blob.length == 0) {
- use_spnego_principal = false;
- }
-
- if (krb5_state == CRED_USE_KERBEROS_DISABLED) {
- use_spnego_principal = false;
- }
-
cli_credentials_set_kerberos_state(auth_generic_state->credentials,
krb5_state,
CRED_SPECIFIED);
}
}
- if (target_service != NULL && target_hostname != NULL) {
- use_spnego_principal = false;
- }
-
switch (wrap->wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
}
rc = LDAP_SASL_BIND_IN_PROGRESS;
- if (use_spnego_principal) {
- blob_in = data_blob_dup_talloc(talloc_tos(), server_blob);
- if (blob_in.length == 0) {
- TALLOC_FREE(auth_generic_state);
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
- } else {
- blob_in = data_blob_null;
- }
+ blob_in = data_blob_null;
blob_out = data_blob_null;
while (true) {
TALLOC_CTX *frame = talloc_stackframe();
struct ads_service_principal p = {0};
ADS_STATUS status;
- DATA_BLOB blob = data_blob_null;
const char *mech = NULL;
status = ads_generate_service_principal(ads, &p);
status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
CRED_USE_KERBEROS_REQUIRED,
- p.service, p.hostname,
- blob);
+ p.service, p.hostname);
if (ADS_ERR_OK(status)) {
ads_free_service_principal(&p);
goto done;
if (ADS_ERR_OK(status)) {
status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
CRED_USE_KERBEROS_REQUIRED,
- p.service, p.hostname,
- blob);
+ p.service, p.hostname);
if (!ADS_ERR_OK(status)) {
DBG_ERR("kinit succeeded but "
"SPNEGO bind with Kerberos failed "
status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
CRED_USE_KERBEROS_DISABLED,
- p.service, p.hostname,
- data_blob_null);
+ p.service, p.hostname);
done:
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_sasl_spnego_gensec_bind(%s) failed "
}
ads_free_service_principal(&p);
TALLOC_FREE(frame);
- if (blob.data != NULL) {
- data_blob_free(&blob);
- }
return status;
}