summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-12-08 02:12:17 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-12-08 02:12:17 +0000
commit9220fd730c67352e2d0789f298e6e42063ca9e3c (patch)
tree21880a29ab3e40ec7af2a197c93e0d0793dd8a8d /source3/smbd
parent70b32ba01d2af256d706ffb658f2d05ace2b1016 (diff)
downloadsamba-9220fd730c67352e2d0789f298e6e42063ca9e3c.tar.gz
samba-9220fd730c67352e2d0789f298e6e42063ca9e3c.tar.bz2
samba-9220fd730c67352e2d0789f298e6e42063ca9e3c.zip
Ensure that 'use spnego' restricts, rather than just advises our clients.
This means that if a hole is found in the spnego code, we can tell people to just set 'use spengo' in their config file while we sort it out. Other than that, preventing 'unusual' behaviour is always a good thing. Andrew Bartlett (This used to be commit a8a53c08f7d607268a3959486a850a2df50ca7a2)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/sesssetup.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 7190caa35b..4c26bda4db 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -502,11 +502,16 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
ZERO_STRUCT(plaintext_password);
DEBUG(3,("wct=%d flg2=0x%x\n", CVAL(inbuf, smb_wct), SVAL(inbuf, smb_flg2)));
-
+
/* a SPNEGO session setup has 12 command words, whereas a normal
NT1 session setup has 13. See the cifs spec. */
if (CVAL(inbuf, smb_wct) == 12 &&
(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
+ if (!global_spnego_negotiated) {
+ DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at SPNEGO session setup when it was not negoitiated.\n"));
+ return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+ }
+
return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize);
}