diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-11-30 15:17:05 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-11-30 17:03:29 +0100 |
commit | de553b52f2bacf54b57b56216fbb91f9108026be (patch) | |
tree | e8f7a96a46d7f5621da8c30dbbfe8f0018de56b4 /source4 | |
parent | 4afbda221c20ffa36a1d1e37ef11f86073a49da6 (diff) | |
download | samba-de553b52f2bacf54b57b56216fbb91f9108026be.tar.gz samba-de553b52f2bacf54b57b56216fbb91f9108026be.tar.bz2 samba-de553b52f2bacf54b57b56216fbb91f9108026be.zip |
s4:gensec/spnego: only try the mechs that match the client given ones
Windows-Members of NT4/Samba3 domains, send
MechTypes:
1.3.6.1.4.1.311.2.2.10 [NTLMSSP]
1.2.840.48018.1.2.2 [krb5 broken]
1.2.840.113554.1.2.2 [krb5]
MechToken for NTLMSSP.
This patch makes sure we start NTLMSSP with the given MechToken,
instead of trying to pass the NTLMSSP MechToken to the krb5 backend
first. As that would fail the authentication with an error
instead of trying fallbacks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/gensec/spnego.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index fd3caaad87..fae32d8ade 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -428,6 +428,10 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ uint32_t j; for (j=0; mechType && mechType[j]; j++) { for (i=0; all_sec && all_sec[i].op; i++) { + if (strcmp(mechType[j], all_sec[i].oid) != 0) { + continue; + } + nt_status = gensec_subcontext_start(spnego_state, gensec_security, &spnego_state->sub_sec_security); |