s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default

author Andrew Bartlett <abartlet@samba.org>

Sat, 4 Dec 2010 03:11:57 +0000 (14:11 +1100)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 10 Dec 2010 05:08:30 +0000 (16:08 +1100)
author Andrew Bartlett <abartlet@samba.org>
Sat, 4 Dec 2010 03:11:57 +0000 (14:11 +1100)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 10 Dec 2010 05:08:30 +0000 (16:08 +1100)
diff --git a/source3/include/proto.h b/source3/include/proto.h

index 94196b41d1de5a8a07e6fab460aa7461e3c16c54..3ef12158b84a057338b601105d1ab109568187eb 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3307,6 +3307,7 @@ bool lp_unix_extensions(void);
  bool lp_use_spnego(void);
  bool lp_client_use_spnego(void);
  bool lp_client_use_spnego_principal(void);
+bool lp_send_spnego_principal(void);
  bool lp_hostname_lookups(void);
  bool lp_change_notify(const struct share_params *p );
  bool lp_kernel_change_notify(const struct share_params *p );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c

index 05958b47d202c7d783bfa39a1b3791d8d8e77e7f..b7f6a99f49da1d59f919816b419cc29ba78b3657 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -339,6 +339,7 @@ struct global {
         bool bClientPlaintextAuth;
         bool bClientUseSpnego;
         bool client_use_spnego_principal;
+       bool send_spnego_principal;
         bool bDebugPrefixTimestamp;
         bool bDebugHiresTimestamp;
         bool bDebugPid;
@@ -1408,6 +1409,15 @@ static struct parm_struct parm_table[] = {
                 .enum_list      = NULL,
                 .flags          = FLAG_ADVANCED,
         },
+       {
+               .label          = "send spnego principal",
+               .type           = P_BOOL,
+               .p_class        = P_GLOBAL,
+               .ptr            = &Globals.send_spnego_principal,
+               .special        = NULL,
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
+       },
         {
                 .label          = "username",
                 .type           = P_STRING,
@@ -5722,6 +5732,7 @@ FN_GLOBAL_BOOL(lp_unix_extensions, &Globals.bUnixExtensions)
  FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
  FN_GLOBAL_BOOL(lp_client_use_spnego, &Globals.bClientUseSpnego)
  FN_GLOBAL_BOOL(lp_client_use_spnego_principal, &Globals.client_use_spnego_principal)
+FN_GLOBAL_BOOL(lp_send_spnego_principal, &Globals.send_spnego_principal)
  FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
  FN_LOCAL_PARM_BOOL(lp_change_notify, bChangeNotify)
  FN_LOCAL_PARM_BOOL(lp_kernel_change_notify, bKernelChangeNotify)
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c

index a0c1d2594fd5a256ea7a671d493b5bc1ab94d47c..443fac4b4b833892b5d2c2e888a5d5c8553548c3 100644 (file)
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -213,6 +213,9 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
                 /* Code for standalone WXP client */
                 blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
  #endif
+       } else if (!lp_send_spnego_principal()) {
+               /* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */
+               blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL);
         } else {
                 fstring myname;
                 char *host_princ_s = NULL;
author	Andrew Bartlett <abartlet@samba.org>
	Sat, 4 Dec 2010 03:11:57 +0000 (14:11 +1100)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 10 Dec 2010 05:08:30 +0000 (16:08 +1100)
source3/include/proto.h		patch \| blob \| history
source3/param/loadparm.c		patch \| blob \| history
source3/smbd/negprot.c		patch \| blob \| history