summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-07-31 19:01:22 +0000
committerGerald Carter <jerry@samba.org>2003-07-31 19:01:22 +0000
commit0da36b22ff3382f2e4a86f4090ad8097a2dd8a32 (patch)
treebb332db7a3aad230b5eb8779ee3336ed42016074
parentf86708be990b237b2196b91bd99b88e946b42c40 (diff)
downloadsamba-0da36b22ff3382f2e4a86f4090ad8097a2dd8a32.tar.gz
samba-0da36b22ff3382f2e4a86f4090ad8097a2dd8a32.tar.bz2
samba-0da36b22ff3382f2e4a86f4090ad8097a2dd8a32.zip
only honor the first OID in the sessetup snego negotiate. Deviates
from RFC but I'm smelling a client bug here. /* only look at the first OID for determining the mechToken -- accoirding to RFC2478, we should choose the one we want and renegotiate, but i smell a client bug here.. Problem observed when connecting to a member (samba box) of an AD domain as a user in a Samba domain. Samba member server sent back krb5/mskrb5/ntlmssp as mechtypes, but the client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an NTLMSSP mechtoken. --jerry */ (This used to be commit 731420b03dbc15977822f74047e931dc62284fc0)
-rw-r--r--source3/smbd/sesssetup.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index ccd7214251..c585ac1e67 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -371,13 +371,24 @@ static int reply_spnego_negotiate(connection_struct *conn,
if (!parse_negTokenTarg(blob1, OIDs, &secblob)) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
+
+ /* only look at the first OID for determining the mechToken --
+ accoirding to RFC2478, we should choose the one we want
+ and renegotiate, but i smell a client bug here..
+
+ Problem observed when connecting to a member (samba box)
+ of an AD domain as a user in a Samba domain. Samba member
+ server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
+ client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
+ NTLMSSP mechtoken. --jerry */
+ if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 ||
+ strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) {
+ got_kerberos = True;
+ }
+
for (i=0;OIDs[i];i++) {
DEBUG(3,("Got OID %s\n", OIDs[i]));
- if (strcmp(OID_KERBEROS5, OIDs[i]) == 0 ||
- strcmp(OID_KERBEROS5_OLD, OIDs[i]) == 0) {
- got_kerberos = True;
- }
free(OIDs[i]);
}
DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length));