s3-libsmb: Do not look up FQDN or use host/ for krb5 encrypted CIFS

This is important, as we want to use exactly the same name and ticket
that the libsmb session setup code used, so we do not hit the KDC twice.

For the session setup to have succeded using the default 'client use
spnego principal = no', the cifs/ principal must exist anyway, so
looking for host/ is pointless.  The case of 'client use spnego
principal = yes' was never supported here.

Andrew Bartlett

diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index d314c4292145544593eb9b9433c24414eb8b4de5..b02cdd5a225338ca2e18f0a693305d46923c31c1 100644 (file)
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -810,19 +810,8 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
                return NT_STATUS_NO_MEMORY;
        }
 
-       name_to_fqdn(fqdn, cli_state_remote_name(cli));
-       strlower_m(fqdn);
-
        servicename = "cifs";
-       status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
-       if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-               servicename = "host";
-               status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
-               if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-                       goto fail;
-               }
-       }
-
+       status = make_cli_gss_blob(talloc_tos(), es, servicename, cli_state_remote_name(cli), NT_STATUS_OK, blob_recv, &blob_send);
        do {
                data_blob_free(&blob_recv);
                status = enc_blob_send_receive(cli, &blob_send, &blob_recv, &param_out);