diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-12-01 05:06:52 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:46:56 -0500 |
| commit | 759bda2962fbde173a750fb8c9ce0a6d5f9e0f23 (patch) | |
| tree | d2d912f5c9a84653c264dac4d344a5e377564aa0 | |
| parent | 759e40fb4a7dd721f4b7485e5191b5063f72345a (diff) | |
| download | samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.tar.gz samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.tar.bz2 samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.zip | |
r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
standalone), and use only NTLMSSP.
(But doing so would break Samba3's client).
Andrew Bartlett
(This used to be commit e74ca624e74ed82788817e302a516208dc1421bd)
| -rw-r--r-- | source4/smb_server/smb/negprot.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index a9cc05e251..6cdf889843 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -368,24 +368,33 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status))); - smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n"); - return; - } - - nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); - - if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); - smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); - return; + if (NT_STATUS_IS_OK(nt_status)) { + /* Get and push the proposed OID list into the packets */ + nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); + + if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); + return; + } + } else { + DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status))); + nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO and NTLMSSP\n"); + return; + } + /* NTLMSSP is a client-first exchange */ + blob = data_blob(NULL, 0); } req->smb_conn->negotiate.spnego_negotiated = True; req_grow_data(req, blob.length + 16); - /* a NOT very random guid */ + /* a NOT very random guid, perhaps we should get it + * from the credentials (kitchen sink...) */ memset(req->out.ptr, '\0', 16); req->out.ptr += 16; |