summaryrefslogtreecommitdiff
path: root/source3/libsmb/spnego.c
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-08-15 02:57:59 +0000
committerVolker Lendecke <vlendec@samba.org>2003-08-15 02:57:59 +0000
commit4ad85bf48e9a48835b081b966e49ddc7160f4567 (patch)
treec4927f7379352955e6148f991baeebb855f317f8 /source3/libsmb/spnego.c
parent4fab137d10b064ba44a68c10b41227a7539bb869 (diff)
downloadsamba-4ad85bf48e9a48835b081b966e49ddc7160f4567.tar.gz
samba-4ad85bf48e9a48835b081b966e49ddc7160f4567.tar.bz2
samba-4ad85bf48e9a48835b081b966e49ddc7160f4567.zip
Add the gss-spnego kerberos server side to ntml_auth. This uses the
same ads_verify_ticket routine that smbd uses, so in the current state we have to be have the host password in secrets.tdb instead of the keytab. This means we have to be an ADS member, but it's a start. Volker (This used to be commit dc2d2ad467927affbd1461df75f77f07ddfbc3b1)
Diffstat (limited to 'source3/libsmb/spnego.c')
-rw-r--r--source3/libsmb/spnego.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/source3/libsmb/spnego.c b/source3/libsmb/spnego.c
index 0b2dec7ef8..50caf7b4c0 100644
--- a/source3/libsmb/spnego.c
+++ b/source3/libsmb/spnego.c
@@ -140,8 +140,22 @@ static BOOL write_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token)
/* write mechListMIC */
if (token->mechListMIC.data) {
asn1_push_tag(asn1, ASN1_CONTEXT(3));
+#if 0
+ /* This is what RFC 2478 says ... */
asn1_write_OctetString(asn1, token->mechListMIC.data,
token->mechListMIC.length);
+#else
+ /* ... but unfortunately this is what Windows
+ sends/expects */
+ asn1_push_tag(asn1, ASN1_SEQUENCE(0));
+ asn1_push_tag(asn1, ASN1_CONTEXT(0));
+ asn1_push_tag(asn1, ASN1_GENERAL_STRING);
+ asn1_write(asn1, token->mechListMIC.data,
+ token->mechListMIC.length);
+ asn1_pop_tag(asn1);
+ asn1_pop_tag(asn1);
+ asn1_pop_tag(asn1);
+#endif
asn1_pop_tag(asn1);
}
generated by cgit (git 2.34.1) at 2024-07-08 05:07:34 +0000