diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-10-30 13:54:54 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-10-30 13:54:54 +0000 |
commit | 1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7 (patch) | |
tree | 9de623172cc17ca9a5891f53c1e287f0a32fa008 /source3/smbd/sesssetup.c | |
parent | a947591674d6baf747809464b34b03ea165d2b13 (diff) | |
download | samba-1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7.tar.gz samba-1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7.tar.bz2 samba-1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7.zip |
Spnego on the 'server' end of security=server just does not work, so set the
flags so we just do a 'normal' session setup.
Also add some parinoia code to detect when sombody attempts to do a 'normal'
session setup when spnego had been negoitiated.
Andrew Bartlett
(This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
Diffstat (limited to 'source3/smbd/sesssetup.c')
-rw-r--r-- | source3/smbd/sesssetup.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 5412cc3bad..2d9f624b80 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -480,6 +480,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, BOOL guest=False; static BOOL done_sesssetup = False; extern BOOL global_encrypted_passwords_negotiated; + extern BOOL global_spnego_negotiated; extern uint32 global_client_caps; extern int Protocol; extern fstring remote_machine; @@ -492,11 +493,16 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, /* a SPNEGO session setup has 12 command words, whereas a normal NT1 session setup has 13. See the cifs spec. */ - if (CVAL(inbuf, smb_wct) == 12 && + if (CVAL(inbuf, smb_wct) == 12 && (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) { return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize); } + if (global_spnego_negotiated) { + DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego.\n")); + return ERROR_NT(NT_STATUS_UNSUCCESSFUL); + } + *smb_apasswd = *smb_ntpasswd = 0; smb_bufsize = SVAL(inbuf,smb_vwv2); |