summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/gensec/gensec.h1
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c10
2 files changed, 9 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index a02e160259..f55e5354ad 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -40,6 +40,7 @@ struct gensec_target {
#define GENSEC_FEATURE_SEAL 0x00000004
#define GENSEC_FEATURE_DCE_STYLE 0x00000008
#define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010
+#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
/* GENSEC mode */
enum gensec_role
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 1fd7ac6756..339c219f62 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -138,8 +138,14 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
ntlmssp_command = NTLMSSP_INITIAL;
break;
case NTLMSSP_SERVER:
- /* 'datagram' mode - no neg packet */
- ntlmssp_command = NTLMSSP_NEGOTIATE;
+ if (gensec_security->want_features & GENSEC_FEATURE_DATAGRAM_MODE) {
+ /* 'datagram' mode - no neg packet */
+ ntlmssp_command = NTLMSSP_NEGOTIATE;
+ } else {
+ /* This is normal in SPNEGO mech negotiation fallback */
+ DEBUG(2, ("Failed to parse NTLMSSP packet: zero length\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
break;
}
} else {