diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2008-03-05 19:42:15 +0100 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2008-03-05 19:42:15 +0100 |
commit | 63036a6f3380652c0cb54627bdeabcd212fa2f8c (patch) | |
tree | 90194f23cb1e6ca483e7773233c326a9b705f85f /source3/smbd/seal.c | |
parent | d41d580c600e3228ff8fee5c16c47580f661a240 (diff) | |
parent | 932c287a406048759fa1ac4bf86e29d96991ded1 (diff) | |
download | samba-63036a6f3380652c0cb54627bdeabcd212fa2f8c.tar.gz samba-63036a6f3380652c0cb54627bdeabcd212fa2f8c.tar.bz2 samba-63036a6f3380652c0cb54627bdeabcd212fa2f8c.zip |
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 3482cd9b0e81bbc801f1cec33fca82fc45a3ddef)
Diffstat (limited to 'source3/smbd/seal.c')
-rw-r--r-- | source3/smbd/seal.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index ea017e08d8..d4394e5bca 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -496,12 +496,15 @@ static NTSTATUS srv_enc_spnego_negotiate(connection_struct *conn, srv_free_encryption_context(&partial_srv_trans_enc_ctx); + if (got_kerberos_mechanism) { #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) - if (got_kerberos_mechanism && lp_use_kerberos_keytab() ) { status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob); - } else +#else + /* Currently we don't SPNEGO negotiate + * back to NTLMSSP as we do in sessionsetupX. We should... */ + return NT_STATUS_LOGON_FAILURE; #endif - { + } else { status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true); } @@ -558,7 +561,16 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply); data_blob_free(&auth); - response = spnego_gen_auth_response(&auth_reply, status, OID_NTLMSSP); + /* From RFC4178. + * + * supportedMech + * + * This field SHALL only be present in the first reply from the + * target. + * So set mechOID to NULL here. + */ + + response = spnego_gen_auth_response(&auth_reply, status, NULL); data_blob_free(&auth_reply); if (NT_STATUS_IS_OK(status)) { |