summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-10-30 13:54:54 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-10-30 13:54:54 +0000
commit1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7 (patch)
tree9de623172cc17ca9a5891f53c1e287f0a32fa008 /source3/smbd
parenta947591674d6baf747809464b34b03ea165d2b13 (diff)
downloadsamba-1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7.tar.gz
samba-1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7.tar.bz2
samba-1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7.zip
Spnego on the 'server' end of security=server just does not work, so set the
flags so we just do a 'normal' session setup. Also add some parinoia code to detect when sombody attempts to do a 'normal' session setup when spnego had been negoitiated. Andrew Bartlett (This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/auth_server.c3
-rw-r--r--source3/smbd/negprot.c5
-rw-r--r--source3/smbd/sesssetup.c8
3 files changed, 14 insertions, 2 deletions
diff --git a/source3/smbd/auth_server.c b/source3/smbd/auth_server.c
index 2574a52ef3..520417e3e0 100644
--- a/source3/smbd/auth_server.c
+++ b/source3/smbd/auth_server.c
@@ -51,6 +51,9 @@ struct cli_state *server_cryptkey(void)
if (!cli_initialise(cli))
return NULL;
+ /* security = server just can't function with spnego */
+ cli->use_spnego = False;
+
pserver = strdup(lp_passwordserver());
p = pserver;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 16d315f1d8..e4285cb27c 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -25,7 +25,8 @@ extern int Protocol;
extern int max_recv;
extern fstring global_myworkgroup;
extern fstring remote_machine;
-BOOL global_encrypted_passwords_negotiated;
+BOOL global_encrypted_passwords_negotiated = False;
+BOOL global_spnego_negotiated = False;
/****************************************************************************
reply for the core protocol
@@ -170,6 +171,8 @@ static int negprot_spnego(char *p, uint8 cryptkey[8])
char *principal;
int len;
+ global_spnego_negotiated = True;
+
memset(guid, 0, 16);
safe_strcpy((char *)guid, global_myname, 16);
strlower((char *)guid);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 5412cc3bad..2d9f624b80 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -480,6 +480,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
BOOL guest=False;
static BOOL done_sesssetup = False;
extern BOOL global_encrypted_passwords_negotiated;
+ extern BOOL global_spnego_negotiated;
extern uint32 global_client_caps;
extern int Protocol;
extern fstring remote_machine;
@@ -492,11 +493,16 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
/* a SPNEGO session setup has 12 command words, whereas a normal
NT1 session setup has 13. See the cifs spec. */
- if (CVAL(inbuf, smb_wct) == 12 &&
+ if (CVAL(inbuf, smb_wct) == 12 &&
(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize);
}
+ if (global_spnego_negotiated) {
+ DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego.\n"));
+ return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+ }
+
*smb_apasswd = *smb_ntpasswd = 0;
smb_bufsize = SVAL(inbuf,smb_vwv2);