summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-09-16 10:22:00 +0200
committerVolker Lendecke <vl@samba.org>2010-09-16 12:02:56 -0700
commit70ab7eb5303a5ff058939541dd5bc1f81113a48e (patch)
tree6aaa1d14f45b69220d9cd492bf94b106e66f787c /source3
parentde2c143f4d540f695db5c7fe8685614c03977365 (diff)
downloadsamba-70ab7eb5303a5ff058939541dd5bc1f81113a48e.tar.gz
samba-70ab7eb5303a5ff058939541dd5bc1f81113a48e.tar.bz2
samba-70ab7eb5303a5ff058939541dd5bc1f81113a48e.zip
s3: Fall back to raw NTLMSSP for the gss-spnego protocol
This is to handle the mod_auth_ntlm_winbind protocol sending "Negotiate" to IE, which sends raw NTLMSSP instead of a SPNEGO wrapped NTLMSSP blob.
Diffstat (limited to 'source3')
-rw-r--r--source3/utils/ntlm_auth.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index aa3e384664..0370b0d64a 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1274,6 +1274,31 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
}
token = base64_decode_data_blob(buf + 3);
+
+ if ((token.length >= 7)
+ && (strncmp((char *)token.data, "NTLMSSP", 7) == 0)) {
+ char *reply;
+
+ DEBUG(10, ("Could not parse GSS-SPNEGO, trying raw "
+ "ntlmssp\n"));
+
+ manage_squid_ntlmssp_request_int(state, buf, length,
+ talloc_tos(), &reply);
+ if (reply == NULL) {
+ x_fprintf(x_stdout, "BH Out of memory\n");
+ return;
+ }
+
+ if (strncmp(reply, "AF ", 3) == 0) {
+ x_fprintf(x_stdout, "AF * %s\n", reply+3);
+ } else {
+ x_fprintf(x_stdout, "%s *\n", reply);
+ }
+
+ TALLOC_FREE(reply);
+ return;
+ }
+
len = spnego_read_data(ctx, token, &request);
data_blob_free(&token);