diff options
author | Andrew Tridgell <tridge@samba.org> | 2001-11-27 23:41:14 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2001-11-27 23:41:14 +0000 |
commit | 5e25ba6fecfdd477fec046660bf20c90970c4e58 (patch) | |
tree | 968b8f6c84acc4a0b91d56c06922cc4ada49aa14 /source3/smbd | |
parent | 01d91a82493bd025901e819d8b2626a07bc64d31 (diff) | |
download | samba-5e25ba6fecfdd477fec046660bf20c90970c4e58.tar.gz samba-5e25ba6fecfdd477fec046660bf20c90970c4e58.tar.bz2 samba-5e25ba6fecfdd477fec046660bf20c90970c4e58.zip |
always send an OID list until we handle raw (unwrapped) NTLMSSP
packets in session setup
(This used to be commit 3b3f8a935064811906cba221d386697e699af18c)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/negprot.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 9cbe0fdb0a..9a03e1ba96 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -158,10 +158,11 @@ static int negprot_spnego(char *p) DATA_BLOB blob; extern pstring global_myname; uint8 guid[16]; - const char *OIDs[] = {OID_NTLMSSP, - OID_KERBEROS5, - OID_KERBEROS5_OLD, - NULL}; + const char *OIDs_krb5[] = {OID_NTLMSSP, + OID_KERBEROS5, + OID_KERBEROS5_OLD, + NULL}; + const char *OIDs_plain[] = {OID_NTLMSSP, NULL}; char *principal; int len; @@ -171,17 +172,25 @@ static int negprot_spnego(char *p) safe_strcpy((char *)guid, global_myname, 16); strlower((char *)guid); +#if 0 /* strangely enough, NT does not sent the single OID NTLMSSP when - not a ADS member, it sends no OIDs at all */ + not a ADS member, it sends no OIDs at all + + we can't do this until we teach our sesssion setup parser to know + about raw NTLMSSP (clients send no ASN.1 wrapping if we do this) + */ if (lp_security() != SEC_ADS) { memcpy(p, guid, 16); return 16; } +#endif /* win2000 uses host$@REALM, which we will probably use eventually, but for now this works */ asprintf(&principal, "HOST/%s@%s", guid, lp_realm()); - blob = spnego_gen_negTokenInit(guid, OIDs, principal); + blob = spnego_gen_negTokenInit(guid, + lp_security()==SEC_ADS ? OIDs_krb5 : OIDs_plain, + principal); free(principal); memcpy(p, blob.data, blob.length); |