diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-12-08 02:12:17 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-12-08 02:12:17 +0000 |
commit | 9220fd730c67352e2d0789f298e6e42063ca9e3c (patch) | |
tree | 21880a29ab3e40ec7af2a197c93e0d0793dd8a8d /source3/smbd | |
parent | 70b32ba01d2af256d706ffb658f2d05ace2b1016 (diff) | |
download | samba-9220fd730c67352e2d0789f298e6e42063ca9e3c.tar.gz samba-9220fd730c67352e2d0789f298e6e42063ca9e3c.tar.bz2 samba-9220fd730c67352e2d0789f298e6e42063ca9e3c.zip |
Ensure that 'use spnego' restricts, rather than just advises our clients.
This means that if a hole is found in the spnego code, we can tell people
to just set 'use spengo' in their config file while we sort it out.
Other than that, preventing 'unusual' behaviour is always a good thing.
Andrew Bartlett
(This used to be commit a8a53c08f7d607268a3959486a850a2df50ca7a2)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/sesssetup.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 7190caa35b..4c26bda4db 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -502,11 +502,16 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, ZERO_STRUCT(plaintext_password); DEBUG(3,("wct=%d flg2=0x%x\n", CVAL(inbuf, smb_wct), SVAL(inbuf, smb_flg2))); - + /* a SPNEGO session setup has 12 command words, whereas a normal NT1 session setup has 13. See the cifs spec. */ if (CVAL(inbuf, smb_wct) == 12 && (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) { + if (!global_spnego_negotiated) { + DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at SPNEGO session setup when it was not negoitiated.\n")); + return ERROR_NT(NT_STATUS_UNSUCCESSFUL); + } + return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize); } |