summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-11-27 23:41:14 +0000
committerAndrew Tridgell <tridge@samba.org>2001-11-27 23:41:14 +0000
commit5e25ba6fecfdd477fec046660bf20c90970c4e58 (patch)
tree968b8f6c84acc4a0b91d56c06922cc4ada49aa14 /source3/smbd
parent01d91a82493bd025901e819d8b2626a07bc64d31 (diff)
downloadsamba-5e25ba6fecfdd477fec046660bf20c90970c4e58.tar.gz
samba-5e25ba6fecfdd477fec046660bf20c90970c4e58.tar.bz2
samba-5e25ba6fecfdd477fec046660bf20c90970c4e58.zip
always send an OID list until we handle raw (unwrapped) NTLMSSP
packets in session setup (This used to be commit 3b3f8a935064811906cba221d386697e699af18c)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/negprot.c21
1 files changed, 15 insertions, 6 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 9cbe0fdb0a..9a03e1ba96 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -158,10 +158,11 @@ static int negprot_spnego(char *p)
DATA_BLOB blob;
extern pstring global_myname;
uint8 guid[16];
- const char *OIDs[] = {OID_NTLMSSP,
- OID_KERBEROS5,
- OID_KERBEROS5_OLD,
- NULL};
+ const char *OIDs_krb5[] = {OID_NTLMSSP,
+ OID_KERBEROS5,
+ OID_KERBEROS5_OLD,
+ NULL};
+ const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
char *principal;
int len;
@@ -171,17 +172,25 @@ static int negprot_spnego(char *p)
safe_strcpy((char *)guid, global_myname, 16);
strlower((char *)guid);
+#if 0
/* strangely enough, NT does not sent the single OID NTLMSSP when
- not a ADS member, it sends no OIDs at all */
+ not a ADS member, it sends no OIDs at all
+
+ we can't do this until we teach our sesssion setup parser to know
+ about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)
+ */
if (lp_security() != SEC_ADS) {
memcpy(p, guid, 16);
return 16;
}
+#endif
/* win2000 uses host$@REALM, which we will probably use eventually,
but for now this works */
asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
- blob = spnego_gen_negTokenInit(guid, OIDs, principal);
+ blob = spnego_gen_negTokenInit(guid,
+ lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain,
+ principal);
free(principal);
memcpy(p, blob.data, blob.length);