summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-03-05 23:06:37 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:52:15 -0500
commit77ffddec1911ac5de3a96a36c9476dce6e67f4f4 (patch)
treef81e06ca2b6595282d172cc001e72574176b36fb /source4
parent4d8fe47f7fcfa1b0f479faf72d7d3fe15f799be5 (diff)
downloadsamba-77ffddec1911ac5de3a96a36c9476dce6e67f4f4.tar.gz
samba-77ffddec1911ac5de3a96a36c9476dce6e67f4f4.tar.bz2
samba-77ffddec1911ac5de3a96a36c9476dce6e67f4f4.zip
r13850: Test (and fix) not using SPNEGO at all, but instead using raw NTLMSSP.
The switch to turn off SPNEGO in the client is a bit messy, but it works. Andrew Bartlett (This used to be commit 085ba80cc8a954bd84ecf30e5d57a1583f54062f)
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/smb_composite/sesssetup.c38
-rwxr-xr-xsource4/script/tests/test_session_key.sh1
2 files changed, 26 insertions, 13 deletions
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
index 2edeb76503..bbe6a7edfb 100644
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -317,27 +317,39 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
if (session->transport->negotiate.secblob.length) {
chosen_oid = GENSEC_OID_SPNEGO;
+ status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
+ gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ chosen_oid = GENSEC_OID_NTLMSSP;
+ status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
+ gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ return status;
+ }
+ }
} else {
/* without a sec blob, means raw NTLMSSP */
chosen_oid = GENSEC_OID_NTLMSSP;
- }
-
- status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
- chosen_oid = GENSEC_OID_NTLMSSP;
status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
+ DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
- return status;
}
}
-
- status = gensec_update(session->gensec, state,
- session->transport->negotiate.secblob,
- &state->setup.spnego.in.secblob);
+
+ if (chosen_oid == GENSEC_OID_SPNEGO) {
+ status = gensec_update(session->gensec, state,
+ session->transport->negotiate.secblob,
+ &state->setup.spnego.in.secblob);
+ } else {
+ status = gensec_update(session->gensec, state,
+ data_blob(NULL, 0),
+ &state->setup.spnego.in.secblob);
+
+ }
+
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh
index 97a1634db0..74de90f479 100755
--- a/source4/script/tests/test_session_key.sh
+++ b/source4/script/tests/test_session_key.sh
@@ -32,6 +32,7 @@ for bindoptions in validate seal; do
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
"-k no --option=usespnego=no --option=clientntlmv2auth=yes" \
+ "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \
"-k no --option=usespnego=no" \
; do
name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions"