r2307: Fix the use of 'raw' NTLMSSP to hosts that support extended security,

but do not support SPNEGO (such as XP, when not joined to a domain).

This is triggered by the presense or lack of a security blob in the
negprot reply.

Andrew Bartlett
(This used to be commit 99f7a38c077725b22475f2ba68d0955114879c24)

2 files changed, 14 insertions, 2 deletions

diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c
index a744f513dc..b7891ee53b 100644
--- a/source4/libcli/auth/gensec.c
+++ b/source4/libcli/auth/gensec.c
@@ -262,6 +262,17 @@ const char *gensec_get_name_by_authtype(uint8_t authtype)
 }
 	
 
+const char *gensec_get_name_by_oid(const char *oid) 
+{
+	const struct gensec_security_ops *ops;
+	ops = gensec_security_by_oid(oid);
+	if (ops) {
+		return ops->name;
+	}
+	return NULL;
+}
+	
+
 /** 
  * Start a GENSEC sub-mechanism by OID, used in SPNEGO
  *
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index f3ead5069d..696240f8d6 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -290,7 +290,8 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 						  null_data_blob, 
 						  unwrapped_out);
 		}
-		if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) {
+		if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) 
+		    && (!NT_STATUS_IS_OK(nt_status))) {
 			DEBUG(1, ("SPNEGO(%s) NEG_TOKEN_INIT failed: %s\n", 
 				  spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status)));
 				gensec_end(&spnego_state->sub_sec_security);
@@ -412,7 +413,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec
 
 
 static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, 
-			       const DATA_BLOB in, DATA_BLOB *out) 
+				     const DATA_BLOB in, DATA_BLOB *out) 
 {
 	struct spnego_state *spnego_state = gensec_security->private_data;
 	DATA_BLOB null_data_blob = data_blob(NULL, 0);