name is a "principal", not a principle. English majors will complain :-).
Jeremy.
make_unicodemap
masktest
msgtest
+net
nmbd
nmblookup
pdbedit
/****************************************************************************
do a spnego/kerberos encrypted session setup
****************************************************************************/
-static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principle, char *workgroup)
+static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, char *workgroup)
{
DATA_BLOB blob2, negTokenTarg;
d_printf("Doing kerberos session setup\n");
/* generate the encapsulated kerberos5 ticket */
- negTokenTarg = spnego_gen_negTokenTarg(cli, principle);
+ negTokenTarg = spnego_gen_negTokenTarg(cli, principal);
if (!negTokenTarg.data) return False;
static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
char *pass, char *workgroup)
{
- char *principle;
+ char *principal;
char *OIDs[ASN1_MAX_OIDS];
uint8 guid[16];
int i;
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
- if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) {
+ if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principal)) {
return False;
}
}
free(OIDs[i]);
}
- DEBUG(3,("got principle=%s\n", principle));
+ DEBUG(3,("got principal=%s\n", principal));
fstrcpy(cli->user_name, user);
#if HAVE_KRB5
if (got_kerberos_mechanism && cli->use_kerberos) {
- return cli_session_setup_kerberos(cli, principle, workgroup);
+ return cli_session_setup_kerberos(cli, principal, workgroup);
}
#endif
- free(principle);
+ free(principal);
ntlmssp:
static krb5_error_code krb5_mk_req2(krb5_context context,
krb5_auth_context *auth_context,
const krb5_flags ap_req_options,
- const char *principle,
+ const char *principal,
krb5_ccache ccache,
krb5_data *outbuf)
{
krb5_creds creds;
krb5_data in_data;
- retval = krb5_parse_name(context, principle, &server);
+ retval = krb5_parse_name(context, principal, &server);
if (retval) {
- DEBUG(1,("Failed to parse principle %s\n", principle));
+ DEBUG(1,("Failed to parse principal %s\n", principal));
return retval;
}
/*
get a kerberos5 ticket for the given service
*/
-DATA_BLOB krb5_get_ticket(char *principle)
+DATA_BLOB krb5_get_ticket(char *principal)
{
krb5_error_code retval;
krb5_data packet;
if ((retval = krb5_mk_req2(context,
&auth_context,
0,
- principle,
+ principal,
ccdef, &packet))) {
goto failed;
}
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
- DATA_BLOB krb5_get_ticket(char *principle)
+ DATA_BLOB krb5_get_ticket(char *principal)
{
DEBUG(0,("NO KERBEROS SUPPORT\n"));
return data_blob(NULL, 0);
/*
generate a negTokenInit packet given a GUID, a list of supported
- OIDs (the mechanisms) and a principle name string
+ OIDs (the mechanisms) and a principal name string
*/
DATA_BLOB spnego_gen_negTokenInit(uint8 guid[16],
const char *OIDs[],
- const char *principle)
+ const char *principal)
{
int i;
ASN1_DATA data;
asn1_push_tag(&data, ASN1_CONTEXT(3));
asn1_push_tag(&data, ASN1_SEQUENCE(0));
asn1_push_tag(&data, ASN1_CONTEXT(0));
- asn1_write_GeneralString(&data,principle);
+ asn1_write_GeneralString(&data,principal);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
asn1_pop_tag(&data);
/*
parse a negTokenInit packet giving a GUID, a list of supported
- OIDs (the mechanisms) and a principle name string
+ OIDs (the mechanisms) and a principal name string
*/
BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
uint8 guid[16],
char *OIDs[ASN1_MAX_OIDS],
- char **principle)
+ char **principal)
{
int i;
BOOL ret;
asn1_start_tag(&data, ASN1_CONTEXT(3));
asn1_start_tag(&data, ASN1_SEQUENCE(0));
asn1_start_tag(&data, ASN1_CONTEXT(0));
- asn1_read_GeneralString(&data,principle);
+ asn1_read_GeneralString(&data,principal);
asn1_end_tag(&data);
asn1_end_tag(&data);
asn1_end_tag(&data);
generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY
kerberos session setup
*/
-DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principle)
+DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principal)
{
DATA_BLOB tkt, tkt_wrapped, targ;
const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
/* get a kerberos ticket for the service */
- tkt = krb5_get_ticket(principle);
+ tkt = krb5_get_ticket(principal);
/* wrap that up in a nice GSS-API wrapping */
tkt_wrapped = spnego_gen_krb5_wrap(tkt);
const char *OIDs[] = {OID_NTLMSSP,
OID_KERBEROS5,
NULL};
- char *principle;
+ char *principal;
int len;
memset(guid, 0, 16);
/* win2000 uses host$@REALM, which we will probably use eventually,
but for now this works */
- asprintf(&principle, "HOST/%s@%s", guid, lp_realm());
- blob = spnego_gen_negTokenInit(guid, OIDs, principle);
- free(principle);
+ asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
+ blob = spnego_gen_negTokenInit(guid, OIDs, principal);
+ free(principal);
memcpy(p, blob.data, blob.length);
len = blob.length;
int ret;
char *realm, *client, *p;
fstring hostname;
- char *principle;
+ char *principal;
extern pstring global_myname;
const struct passwd *pw;
char *user;
fstrcpy(hostname, global_myname);
strlower(hostname);
- asprintf(&principle, "HOST/%s@%s", hostname, realm);
+ asprintf(&principal, "HOST/%s@%s", hostname, realm);
ret = krb5_init_context(&context);
if (ret) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- ret = krb5_parse_name(context, principle, &server);
+ ret = krb5_parse_name(context, principal, &server);
if (ret) {
DEBUG(1,("krb5_parse_name(%s) failed (%s)\n",
- principle, error_message(ret)));
+ principal, error_message(ret)));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- free(principle);
+ free(principal);
packet.length = ticket.length;
packet.data = (krb5_pointer)ticket.data;
p = strchr_m(client, '@');
if (!p) {
- DEBUG(3,("Doesn't look like a valid principle\n"));
+ DEBUG(3,("Doesn't look like a valid principal\n"));
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}