summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-12-11 16:36:30 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:29:07 -0500
commitae9f7857d505d171bb1fdbca56529565ae6b2e98 (patch)
tree18ebf0e6f270c659e43820f1df6e518f1912db59 /source4/auth/gensec
parent2cd08c14a014a9326c6f42b83b4f2187bd2165b2 (diff)
downloadsamba-ae9f7857d505d171bb1fdbca56529565ae6b2e98.tar.gz
samba-ae9f7857d505d171bb1fdbca56529565ae6b2e98.tar.bz2
samba-ae9f7857d505d171bb1fdbca56529565ae6b2e98.zip
r20107: don't segfault when the server didn't send a supportedMech in a negTokenTarg
this happens because we send 1.2.840.113554.1.2.2 before 1.2.840.48018.1.2.2 in the negTokenInit. And w2k's spnego code redirects us to use 1.2.840.48018.1.2.2 and then we start the our spnego engine with 1.2.840.48018.1.2.2 and in the then following negTokenTarg w2k don't send the supportedMech (which means it aggrees in what we've choosen) metze (This used to be commit 5af5488593991ab4a2a8e17d38501ad9ec539020)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r--source4/auth/gensec/spnego.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index c647ba5333..945b6d94dc 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -904,6 +904,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
/* Server didn't like our choice of mech, and chose something else */
if ((spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_INCOMPLETE) &&
+ spnego.negTokenTarg.supportedMech &&
strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) {
DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n",
gensec_get_name_by_oid(spnego.negTokenTarg.supportedMech),