diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-03-05 23:06:37 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:52:15 -0500 |
commit | 77ffddec1911ac5de3a96a36c9476dce6e67f4f4 (patch) | |
tree | f81e06ca2b6595282d172cc001e72574176b36fb /source4 | |
parent | 4d8fe47f7fcfa1b0f479faf72d7d3fe15f799be5 (diff) | |
download | samba-77ffddec1911ac5de3a96a36c9476dce6e67f4f4.tar.gz samba-77ffddec1911ac5de3a96a36c9476dce6e67f4f4.tar.bz2 samba-77ffddec1911ac5de3a96a36c9476dce6e67f4f4.zip |
r13850: Test (and fix) not using SPNEGO at all, but instead using raw NTLMSSP.
The switch to turn off SPNEGO in the client is a bit messy, but it works.
Andrew Bartlett
(This used to be commit 085ba80cc8a954bd84ecf30e5d57a1583f54062f)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libcli/smb_composite/sesssetup.c | 38 | ||||
-rwxr-xr-x | source4/script/tests/test_session_key.sh | 1 |
2 files changed, 26 insertions, 13 deletions
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 2edeb76503..bbe6a7edfb 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -317,27 +317,39 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, if (session->transport->negotiate.secblob.length) { chosen_oid = GENSEC_OID_SPNEGO; + status = gensec_start_mech_by_oid(session->gensec, chosen_oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + chosen_oid = GENSEC_OID_NTLMSSP; + status = gensec_start_mech_by_oid(session->gensec, chosen_oid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", + gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + return status; + } + } } else { /* without a sec blob, means raw NTLMSSP */ chosen_oid = GENSEC_OID_NTLMSSP; - } - - status = gensec_start_mech_by_oid(session->gensec, chosen_oid); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); - chosen_oid = GENSEC_OID_NTLMSSP; status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", + DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); - return status; } } - - status = gensec_update(session->gensec, state, - session->transport->negotiate.secblob, - &state->setup.spnego.in.secblob); + + if (chosen_oid == GENSEC_OID_SPNEGO) { + status = gensec_update(session->gensec, state, + session->transport->negotiate.secblob, + &state->setup.spnego.in.secblob); + } else { + status = gensec_update(session->gensec, state, + data_blob(NULL, 0), + &state->setup.spnego.in.secblob); + + } + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n", diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh index 97a1634db0..74de90f479 100755 --- a/source4/script/tests/test_session_key.sh +++ b/source4/script/tests/test_session_key.sh @@ -32,6 +32,7 @@ for bindoptions in validate seal; do "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \ "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ + "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \ "-k no --option=usespnego=no" \ ; do name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions" |