summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-11-30 15:17:05 +0100
committerStefan Metzmacher <metze@samba.org>2011-11-30 17:03:29 +0100
commitde553b52f2bacf54b57b56216fbb91f9108026be (patch)
treee8f7a96a46d7f5621da8c30dbbfe8f0018de56b4 /source4
parent4afbda221c20ffa36a1d1e37ef11f86073a49da6 (diff)
downloadsamba-de553b52f2bacf54b57b56216fbb91f9108026be.tar.gz
samba-de553b52f2bacf54b57b56216fbb91f9108026be.tar.bz2
samba-de553b52f2bacf54b57b56216fbb91f9108026be.zip
s4:gensec/spnego: only try the mechs that match the client given ones
Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/spnego.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index fd3caaad87..fae32d8ade 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -428,6 +428,10 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
uint32_t j;
for (j=0; mechType && mechType[j]; j++) {
for (i=0; all_sec && all_sec[i].op; i++) {
+ if (strcmp(mechType[j], all_sec[i].oid) != 0) {
+ continue;
+ }
+
nt_status = gensec_subcontext_start(spnego_state,
gensec_security,
&spnego_state->sub_sec_security);