summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-10-31 06:24:25 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-10-31 06:24:25 +0000
commitd8f0f3a6d4c6fedf5cad364afb33d9cb92bc1336 (patch)
treefa4aa4607f65b90928778e0617375a0e84b86fdc /source3
parent6ab678d42b46eccee080de415985a8a1e3c29dc3 (diff)
downloadsamba-d8f0f3a6d4c6fedf5cad364afb33d9cb92bc1336.tar.gz
samba-d8f0f3a6d4c6fedf5cad364afb33d9cb92bc1336.tar.bz2
samba-d8f0f3a6d4c6fedf5cad364afb33d9cb92bc1336.zip
SPNEGO works perfectly well with security=domain, so don't exclude it.
(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/negprot.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index e4285cb27c..045e16a9bb 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -159,7 +159,7 @@ static int reply_lanman2(char *inbuf, char *outbuf)
/*
generate the spnego negprot reply blob. Return the number of bytes used
*/
-static int negprot_spnego(char *p, uint8 cryptkey[8])
+static int negprot_spnego(char *p)
{
DATA_BLOB blob;
extern pstring global_myname;
@@ -217,7 +217,8 @@ static int reply_nt1(char *inbuf, char *outbuf)
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
if (global_encrypted_passwords_negotiated &&
- lp_security() == SEC_USER &&
+ (lp_security() == SEC_USER ||
+ lp_security() == SEC_DOMAIN) &&
(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
negotiate_spnego = True;
capabilities |= CAP_EXTENDED_SECURITY;
@@ -285,10 +286,13 @@ static int reply_nt1(char *inbuf, char *outbuf)
if (global_encrypted_passwords_negotiated) memcpy(p, cryptkey, 8);
SSVALS(outbuf,smb_vwv16+1,8);
p += 8;
+ DEBUG(3,("not using SPNEGO\n"));
} else {
- int len = negprot_spnego(p, cryptkey);
+ int len = negprot_spnego(p);
+
SSVALS(outbuf,smb_vwv16+1,len);
p += len;
+ DEBUG(3,("using SPNEGO\n"));
}
p += srvstr_push(outbuf, p, global_myworkgroup, -1,
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);