summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/cliconnect.c')
-rw-r--r--source3/libsmb/cliconnect.c33
1 files changed, 32 insertions, 1 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 77a8232ed5..36aedf2d59 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -325,8 +325,39 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
uint32 capabilities = cli_session_setup_capabilities(cli);
char *p;
DATA_BLOB blob2, negTokenTarg;
+ char *principle;
+ char *OIDs[ASN1_MAX_OIDS];
+ uint8 guid[16];
+ int i;
+ BOOL got_kerberos_mechanism = False;
+
+ /* the server sent us the first part of the SPNEGO exchange in the negprot
+ reply */
+ if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) {
+ return False;
+ }
+
+ /* make sure the server understands kerberos */
+ for (i=0;OIDs[i];i++) {
+ DEBUG(3,("got OID=%s\n", OIDs[i]));
+ if (strcmp(OIDs[i], "1 2 840 48018 1 2 2") == 0) {
+ got_kerberos_mechanism = True;
+ }
+ free(OIDs[i]);
+ }
+ DEBUG(3,("got principle=%s\n", principle));
+
+ if (!got_kerberos_mechanism) {
+ DEBUG(1,("Server didn't offer kerberos5 mechanism!?\n"));
+ return False;
+ }
+
+ /* generate the encapsulated kerberos5 ticket */
+ negTokenTarg = spnego_gen_negTokenTarg(cli, principle);
+
+ free(principle);
- negTokenTarg = spnego_gen_negTokenTarg(cli);
+ if (!negTokenTarg.data) return False;
capabilities |= CAP_EXTENDED_SECURITY;
generated by cgit (git 2.34.1) at 2024-08-05 14:12:46 +0000