diff options
author | Andrew Tridgell <tridge@samba.org> | 2001-10-14 05:42:28 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2001-10-14 05:42:28 +0000 |
commit | 81756ba7440e255f750d13858e1147d3976e70e2 (patch) | |
tree | edd941455d88fb482fec9001aae83a052b6ad6d1 | |
parent | b7bd7ea153bfd692a54e4eb7135c3ca33292f636 (diff) | |
download | samba-81756ba7440e255f750d13858e1147d3976e70e2.tar.gz samba-81756ba7440e255f750d13858e1147d3976e70e2.tar.bz2 samba-81756ba7440e255f750d13858e1147d3976e70e2.zip |
fixed two bugs in the NTLMSSP code
- handle servers that don't send a kerberos principle (non-member servers)
- enable spnego without KRB5
(This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
-rw-r--r-- | source3/libsmb/cliconnect.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 9186208d62..4a9d2fe59c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -493,6 +493,12 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, int i; BOOL got_kerberos_mechanism = False; + /* the server might not even do spnego */ + if (cli->secblob.length == 16) { + DEBUG(3,("server didn't supply a full spnego negprot\n")); + goto ntlmssp; + } + /* the server sent us the first part of the SPNEGO exchange in the negprot reply */ if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) { @@ -519,6 +525,8 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, free(principle); +ntlmssp: + return cli_session_setup_ntlmssp(cli, user, pass, workgroup); } @@ -576,12 +584,10 @@ BOOL cli_session_setup(struct cli_state *cli, return cli_session_setup_plaintext(cli, user, pass, workgroup); } -#if HAVE_KRB5 /* if the server supports extended security then use SPNEGO */ if (cli->capabilities & CAP_EXTENDED_SECURITY) { return cli_session_setup_spnego(cli, user, pass, workgroup); } -#endif /* otherwise do a NT1 style session setup */ return cli_session_setup_nt1(cli, user, |