diff options
-rw-r--r-- | source4/auth/gensec/gensec.h | 1 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 10 |
2 files changed, 9 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index a02e160259..f55e5354ad 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -40,6 +40,7 @@ struct gensec_target { #define GENSEC_FEATURE_SEAL 0x00000004 #define GENSEC_FEATURE_DCE_STYLE 0x00000008 #define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010 +#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020 /* GENSEC mode */ enum gensec_role diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 1fd7ac6756..339c219f62 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -138,8 +138,14 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, ntlmssp_command = NTLMSSP_INITIAL; break; case NTLMSSP_SERVER: - /* 'datagram' mode - no neg packet */ - ntlmssp_command = NTLMSSP_NEGOTIATE; + if (gensec_security->want_features & GENSEC_FEATURE_DATAGRAM_MODE) { + /* 'datagram' mode - no neg packet */ + ntlmssp_command = NTLMSSP_NEGOTIATE; + } else { + /* This is normal in SPNEGO mech negotiation fallback */ + DEBUG(2, ("Failed to parse NTLMSSP packet: zero length\n")); + return NT_STATUS_INVALID_PARAMETER; + } break; } } else { |