diff options
author | Volker Lendecke <vl@samba.org> | 2010-09-16 10:22:00 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-09-16 12:02:56 -0700 |
commit | 70ab7eb5303a5ff058939541dd5bc1f81113a48e (patch) | |
tree | 6aaa1d14f45b69220d9cd492bf94b106e66f787c /source3 | |
parent | de2c143f4d540f695db5c7fe8685614c03977365 (diff) | |
download | samba-70ab7eb5303a5ff058939541dd5bc1f81113a48e.tar.gz samba-70ab7eb5303a5ff058939541dd5bc1f81113a48e.tar.bz2 samba-70ab7eb5303a5ff058939541dd5bc1f81113a48e.zip |
s3: Fall back to raw NTLMSSP for the gss-spnego protocol
This is to handle the mod_auth_ntlm_winbind protocol
sending "Negotiate" to IE, which sends raw NTLMSSP
instead of a SPNEGO wrapped NTLMSSP blob.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/utils/ntlm_auth.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index aa3e384664..0370b0d64a 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1274,6 +1274,31 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, } token = base64_decode_data_blob(buf + 3); + + if ((token.length >= 7) + && (strncmp((char *)token.data, "NTLMSSP", 7) == 0)) { + char *reply; + + DEBUG(10, ("Could not parse GSS-SPNEGO, trying raw " + "ntlmssp\n")); + + manage_squid_ntlmssp_request_int(state, buf, length, + talloc_tos(), &reply); + if (reply == NULL) { + x_fprintf(x_stdout, "BH Out of memory\n"); + return; + } + + if (strncmp(reply, "AF ", 3) == 0) { + x_fprintf(x_stdout, "AF * %s\n", reply+3); + } else { + x_fprintf(x_stdout, "%s *\n", reply); + } + + TALLOC_FREE(reply); + return; + } + len = spnego_read_data(ctx, token, &request); data_blob_free(&token); |