diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-12-01 05:06:52 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:46:56 -0500 |
commit | 759bda2962fbde173a750fb8c9ce0a6d5f9e0f23 (patch) | |
tree | d2d912f5c9a84653c264dac4d344a5e377564aa0 /source4/smb_server | |
parent | 759e40fb4a7dd721f4b7485e5191b5063f72345a (diff) | |
download | samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.tar.gz samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.tar.bz2 samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.zip |
r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
standalone), and use only NTLMSSP.
(But doing so would break Samba3's client).
Andrew Bartlett
(This used to be commit e74ca624e74ed82788817e302a516208dc1421bd)
Diffstat (limited to 'source4/smb_server')
-rw-r--r-- | source4/smb_server/smb/negprot.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index a9cc05e251..6cdf889843 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -368,24 +368,33 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status))); - smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n"); - return; - } - - nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); - - if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); - smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); - return; + if (NT_STATUS_IS_OK(nt_status)) { + /* Get and push the proposed OID list into the packets */ + nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); + + if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); + return; + } + } else { + DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status))); + nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO and NTLMSSP\n"); + return; + } + /* NTLMSSP is a client-first exchange */ + blob = data_blob(NULL, 0); } req->smb_conn->negotiate.spnego_negotiated = True; req_grow_data(req, blob.length + 16); - /* a NOT very random guid */ + /* a NOT very random guid, perhaps we should get it + * from the credentials (kitchen sink...) */ memset(req->out.ptr, '\0', 16); req->out.ptr += 16; |