fixed two bugs in the NTLMSSP code

 - handle servers that don't send a kerberos principle (non-member servers)
 - enable spnego without KRB5
(This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)

1 files changed, 8 insertions, 2 deletions

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 9186208d62..4a9d2fe59c 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -493,6 +493,12 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
 	int i;
 	BOOL got_kerberos_mechanism = False;
 
+	/* the server might not even do spnego */
+	if (cli->secblob.length == 16) {
+		DEBUG(3,("server didn't supply a full spnego negprot\n"));
+		goto ntlmssp;
+	}
+
 	/* the server sent us the first part of the SPNEGO exchange in the negprot 
 	   reply */
 	if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) {
@@ -519,6 +525,8 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
 
 	free(principle);
 
+ntlmssp:
+
 	return cli_session_setup_ntlmssp(cli, user, pass, workgroup);
 }
 
@@ -576,12 +584,10 @@ BOOL cli_session_setup(struct cli_state *cli,
 		return cli_session_setup_plaintext(cli, user, pass, workgroup);
 	}
 
-#if HAVE_KRB5
 	/* if the server supports extended security then use SPNEGO */
 	if (cli->capabilities & CAP_EXTENDED_SECURITY) {
 		return cli_session_setup_spnego(cli, user, pass, workgroup);
 	}
-#endif
 
 	/* otherwise do a NT1 style session setup */
 	return cli_session_setup_nt1(cli, user,