From: Andrew Bartlett Date: Fri, 26 Jun 2015 07:14:13 +0000 (+1200) Subject: gensec: Add an option emulating another mode a client building GSSAPI/krb5 manually... X-Git-Tag: talloc-2.1.4~449 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6224ac9cf4b04aa64fa2ee13267b76598319b042;p=thirdparty%2Fsamba.git gensec: Add an option emulating another mode a client building GSSAPI/krb5 manually uses This was seen in the wild, with a Huawei Unified Storage System S5500 V3 against the AD DC BUG: https://bugzilla.samba.org/show_bug.cgi?id=11425 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index b1ecd18304a..56513c9e5d2 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -286,8 +286,15 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s const char *principal; const char *hostname; krb5_data in_data; + krb5_data *in_data_p = NULL; struct tevent_context *previous_ev; + if (lpcfg_parm_bool(gensec_security->settings->lp_ctx, + NULL, "gensec_krb5", "send_authenticator_checksum", true)) { + in_data.length = 0; + in_data_p = &in_data; + } + gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; principal = gensec_get_target_principal(gensec_security); @@ -313,7 +320,6 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s DEBUG(1, ("gensec_krb5_start: Aquiring initiator credentials failed: %s\n", error_string)); return NT_STATUS_UNSUCCESSFUL; } - in_data.length = 0; /* Do this every time, in case we have weird recursive issues here */ ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev); @@ -330,7 +336,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s &gensec_krb5_state->auth_context, gensec_krb5_state->ap_req_options, target_principal, - &in_data, ccache_container->ccache, + in_data_p, ccache_container->ccache, &gensec_krb5_state->enc_ticket); krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, target_principal); @@ -341,7 +347,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s gensec_krb5_state->ap_req_options, gensec_get_target_service(gensec_security), hostname, - &in_data, ccache_container->ccache, + in_data_p, ccache_container->ccache, &gensec_krb5_state->enc_ticket); }