s3-smbd Remove unused code now we always have SPNEGO via gensec

This was previously needed because SPNEGO was only available in the AD DC.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 24c17cae9f1ab7398d22aab843f942935adb64e8..9a5823de3e1dd84a72bbe881ce48b8af87ca6a56 100644 (file)
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -466,9 +466,6 @@ struct smbd_server_connection {
        unsigned long file_gen_counter;
        int first_file;
 
-       /* Try GENSEC hook */
-       bool use_gensec_hook;
-
        /* number of open connections (tcons) */
        int num_tcons_open;
 

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 473b98a8a2b79d635e835ea1cc890c9606aa9deb..717000a4327cb41d5df8c14fc251ca6b6262b845 100644 (file)
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -193,16 +193,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 #ifdef DEVELOPER
        size_t slen;
 #endif
-       const char *OIDs_krb5[] = {OID_KERBEROS5,
-                                  OID_KERBEROS5_OLD,
-                                  OID_NTLMSSP,
-                                  NULL};
-       const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
        struct gensec_security *gensec_security;
 
-       sconn->use_gensec_hook = false;
-
-       /* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */
+       /* See if we can get an SPNEGO blob */
        status = auth_generic_prepare(talloc_tos(),
                                      sconn->remote_address,
                                      &gensec_security);
@@ -213,8 +206,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
                                               NULL, data_blob_null, &blob);
                        /* If we get the list of OIDs, the 'OK' answer
                         * is NT_STATUS_MORE_PROCESSING_REQUIRED */
-                       if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-                               sconn->use_gensec_hook = true;
+                       if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+                               DEBUG(0, ("Failed to start SPNEGO handler for negprot OID list!\n"));
+                               blob = data_blob_null;
                        }
                }
                TALLOC_FREE(gensec_security);
@@ -235,32 +229,6 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 
        */
 
-       if (sconn->use_gensec_hook) {
-               /* blob initialised above */
-       } else if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) {
-#if 0
-               /* Code for PocketPC client */
-               blob = data_blob(guid, 16);
-#else
-               /* Code for standalone WXP client */
-               blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
-#endif
-       } else if (!lp_send_spnego_principal()) {
-               /* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */
-               blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL);
-       } else {
-               fstring myname;
-               char *host_princ_s = NULL;
-               name_to_fqdn(myname, lp_netbios_name());
-               strlower_m(myname);
-               if (asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm())
-                   == -1) {
-                       return data_blob_null;
-               }
-               blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
-               SAFE_FREE(host_princ_s);
-       }
-
        if (blob.length == 0 || blob.data == NULL) {
                return data_blob_null;
        }

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index c93ab7904edb887e3347717ff4d8d8a637d53c90..1741f4ff9069ca13406332565159952b3d3b5a54 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -228,12 +228,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_SESSION_KEY);
                gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_UNIX_TOKEN);
 
-               if (sconn->use_gensec_hook) {
-                       status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO);
-               } else {
-                       status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_NTLMSSP);
-               }
+               status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO);
                if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(0, ("Failed to start SPNEGO handler!\n"));
                        /* Kill the intermediate vuid */
                        invalidate_vuid(sconn, vuid);
                        reply_nterror(req, nt_status_squash(status));

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 1a6f7697ffff4d2ca12d4aad879848919697461c..c94d016c0fc4f201149a7a65e5f9729a997fff1d 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -235,11 +235,7 @@ static NTSTATUS smbd_smb2_auth_generic(struct smbd_smb2_session *session,
                gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY);
                gensec_want_feature(session->gensec_security, GENSEC_FEATURE_UNIX_TOKEN);
 
-               if (session->sconn->use_gensec_hook) {
-                       status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO);
-               } else {
-                       status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_NTLMSSP);
-               }
+               status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO);
                if (!NT_STATUS_IS_OK(status)) {
                        TALLOC_FREE(session);
                        return status;