summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-12-01 05:06:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:46:56 -0500
commit759bda2962fbde173a750fb8c9ce0a6d5f9e0f23 (patch)
treed2d912f5c9a84653c264dac4d344a5e377564aa0 /source4/smb_server
parent759e40fb4a7dd721f4b7485e5191b5063f72345a (diff)
downloadsamba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.tar.gz
samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.tar.bz2
samba-759bda2962fbde173a750fb8c9ce0a6d5f9e0f23.zip
r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
standalone), and use only NTLMSSP. (But doing so would break Samba3's client). Andrew Bartlett (This used to be commit e74ca624e74ed82788817e302a516208dc1421bd)
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/smb/negprot.c35
1 files changed, 22 insertions, 13 deletions
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index a9cc05e251..6cdf889843 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -368,24 +368,33 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n");
- return;
- }
-
- nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
-
- if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
- return;
+ if (NT_STATUS_IS_OK(nt_status)) {
+ /* Get and push the proposed OID list into the packets */
+ nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
+
+ if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
+ return;
+ }
+ } else {
+ DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status)));
+ nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO and NTLMSSP\n");
+ return;
+ }
+ /* NTLMSSP is a client-first exchange */
+ blob = data_blob(NULL, 0);
}
req->smb_conn->negotiate.spnego_negotiated = True;
req_grow_data(req, blob.length + 16);
- /* a NOT very random guid */
+ /* a NOT very random guid, perhaps we should get it
+ * from the credentials (kitchen sink...) */
memset(req->out.ptr, '\0', 16);
req->out.ptr += 16;