summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-01-11 20:20:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:44 -0500
commit899f610fb49f78a5c147f263926d6be3f889e328 (patch)
tree72b247876e0226b11270ebe0420d97fd128a77bd
parent52e90022bf95f215c35b66c8177437b9f70873bd (diff)
downloadsamba-899f610fb49f78a5c147f263926d6be3f889e328.tar.gz
samba-899f610fb49f78a5c147f263926d6be3f889e328.tar.bz2
samba-899f610fb49f78a5c147f263926d6be3f889e328.zip
r4692: Make the client SPNEGO code bail out in a couple more cases.
Andrew Bartlett (This used to be commit a062ac122c402fb2cf31eb8e76f4077b1f33b8eb)
-rw-r--r--source4/libcli/auth/spnego.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index 84bd7ce42c..f7221b7458 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -686,7 +686,10 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (spnego_state->no_response_expected) {
if (spnego.negTokenTarg.negResult != SPNEGO_ACCEPT_COMPLETED) {
- DEBUG(1,("gensec_update ok but not accepted\n"));
+ DEBUG(3,("GENSEC SPNEGO: client GENSEC accepted, but server rejected (bad password?)\n"));
+ nt_status = NT_STATUS_INVALID_PARAMETER;
+ } else if (spnego.negTokenTarg.responseToken.length) {
+ DEBUG(2,("GENSEC SPNEGO: client GENSEC accepted, but server continued negotiation!\n"));
nt_status = NT_STATUS_INVALID_PARAMETER;
} else {
nt_status = NT_STATUS_OK;