diff options
author | Stefan Metzmacher <metze@samba.org> | 2006-12-11 16:36:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:29:07 -0500 |
commit | ae9f7857d505d171bb1fdbca56529565ae6b2e98 (patch) | |
tree | 18ebf0e6f270c659e43820f1df6e518f1912db59 | |
parent | 2cd08c14a014a9326c6f42b83b4f2187bd2165b2 (diff) | |
download | samba-ae9f7857d505d171bb1fdbca56529565ae6b2e98.tar.gz samba-ae9f7857d505d171bb1fdbca56529565ae6b2e98.tar.bz2 samba-ae9f7857d505d171bb1fdbca56529565ae6b2e98.zip |
r20107: don't segfault when the server didn't send a supportedMech in a negTokenTarg
this happens because we send 1.2.840.113554.1.2.2 before 1.2.840.48018.1.2.2
in the negTokenInit. And w2k's spnego code redirects us to use 1.2.840.48018.1.2.2
and then we start the our spnego engine with 1.2.840.48018.1.2.2 and in the then following
negTokenTarg w2k don't send the supportedMech (which means it aggrees in what we've choosen)
metze
(This used to be commit 5af5488593991ab4a2a8e17d38501ad9ec539020)
-rw-r--r-- | source4/auth/gensec/spnego.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index c647ba5333..945b6d94dc 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -904,6 +904,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA /* Server didn't like our choice of mech, and chose something else */ if ((spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_INCOMPLETE) && + spnego.negTokenTarg.supportedMech && strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) { DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n", gensec_get_name_by_oid(spnego.negTokenTarg.supportedMech), |