r4692: Make the client SPNEGO code bail out in a couple more cases.

Andrew Bartlett (This used to be commit a062ac122c402fb2cf31eb8e76f4077b1f33b8eb)
author: Andrew Bartlett <abartlet@samba.org> 2005-01-11 20:20:27 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:08:44 -0500
commit: 899f610fb49f78a5c147f263926d6be3f889e328 (patch)
tree: 72b247876e0226b11270ebe0420d97fd128a77bd
parent: 52e90022bf95f215c35b66c8177437b9f70873bd (diff)
download: samba-899f610fb49f78a5c147f263926d6be3f889e328.tar.gz
samba-899f610fb49f78a5c147f263926d6be3f889e328.tar.bz2
samba-899f610fb49f78a5c147f263926d6be3f889e328.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index 84bd7ce42c..f7221b7458 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -686,7 +686,10 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 
 		if (spnego_state->no_response_expected) {
 			if (spnego.negTokenTarg.negResult != SPNEGO_ACCEPT_COMPLETED) {
-				DEBUG(1,("gensec_update ok but not accepted\n"));
+				DEBUG(3,("GENSEC SPNEGO: client GENSEC accepted, but server rejected (bad password?)\n"));
+				nt_status = NT_STATUS_INVALID_PARAMETER;
+			} else if (spnego.negTokenTarg.responseToken.length) {
+				DEBUG(2,("GENSEC SPNEGO: client GENSEC accepted, but server continued negotiation!\n"));
 				nt_status = NT_STATUS_INVALID_PARAMETER;
 			} else {
 				nt_status = NT_STATUS_OK;
author	Andrew Bartlett <abartlet@samba.org>	2005-01-11 20:20:27 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:08:44 -0500
commit	899f610fb49f78a5c147f263926d6be3f889e328 (patch)
tree	72b247876e0226b11270ebe0420d97fd128a77bd
parent	52e90022bf95f215c35b66c8177437b9f70873bd (diff)
download	samba-899f610fb49f78a5c147f263926d6be3f889e328.tar.gz samba-899f610fb49f78a5c147f263926d6be3f889e328.tar.bz2 samba-899f610fb49f78a5c147f263926d6be3f889e328.zip