summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-10-14 05:42:28 +0000
committerAndrew Tridgell <tridge@samba.org>2001-10-14 05:42:28 +0000
commit81756ba7440e255f750d13858e1147d3976e70e2 (patch)
treeedd941455d88fb482fec9001aae83a052b6ad6d1
parentb7bd7ea153bfd692a54e4eb7135c3ca33292f636 (diff)
downloadsamba-81756ba7440e255f750d13858e1147d3976e70e2.tar.gz
samba-81756ba7440e255f750d13858e1147d3976e70e2.tar.bz2
samba-81756ba7440e255f750d13858e1147d3976e70e2.zip
fixed two bugs in the NTLMSSP code
- handle servers that don't send a kerberos principle (non-member servers) - enable spnego without KRB5 (This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
-rw-r--r--source3/libsmb/cliconnect.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 9186208d62..4a9d2fe59c 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -493,6 +493,12 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
int i;
BOOL got_kerberos_mechanism = False;
+ /* the server might not even do spnego */
+ if (cli->secblob.length == 16) {
+ DEBUG(3,("server didn't supply a full spnego negprot\n"));
+ goto ntlmssp;
+ }
+
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) {
@@ -519,6 +525,8 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
free(principle);
+ntlmssp:
+
return cli_session_setup_ntlmssp(cli, user, pass, workgroup);
}
@@ -576,12 +584,10 @@ BOOL cli_session_setup(struct cli_state *cli,
return cli_session_setup_plaintext(cli, user, pass, workgroup);
}
-#if HAVE_KRB5
/* if the server supports extended security then use SPNEGO */
if (cli->capabilities & CAP_EXTENDED_SECURITY) {
return cli_session_setup_spnego(cli, user, pass, workgroup);
}
-#endif
/* otherwise do a NT1 style session setup */
return cli_session_setup_nt1(cli, user,