summaryrefslogtreecommitdiff
path: root/source3/smbd/smb2_sesssetup.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/smb2_sesssetup.c')
-rw-r--r--source3/smbd/smb2_sesssetup.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index a3283117b4..d1022cd2cf 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -25,6 +25,7 @@
#include "../libcli/smb/smb_common.h"
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
+#include "../auth/gensec/gensec.h"
#include "ntlmssp_wrap.h"
#include "../librpc/gen_ndr/krb5pac.h"
#include "libads/kerberos_proto.h"
@@ -649,7 +650,11 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
- status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+ if (session->sconn->use_gensec_hook) {
+ status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_SPNEGO);
+ } else {
+ status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+ }
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;
@@ -742,24 +747,30 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
return NT_STATUS_REQUEST_NOT_ACCEPTED;
}
- if (in_security_buffer.data[0] == ASN1_APPLICATION(0)) {
- return smbd_smb2_spnego_negotiate(session,
+ /* Handle either raw NTLMSSP or hand off the whole blob to
+ * GENSEC. The processing at this layer is essentially
+ * identical regardless. In particular, both rely only on the
+ * status code (not the contents of the packet) and do not
+ * wrap the result */
+ if (session->sconn->use_gensec_hook
+ || (in_security_buffer.length > 7 && strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) == 0)) {
+ return smbd_smb2_raw_ntlmssp_auth(session,
smb2req,
in_security_mode,
in_security_buffer,
out_session_flags,
out_security_buffer,
out_session_id);
- } else if (in_security_buffer.data[0] == ASN1_CONTEXT(1)) {
- return smbd_smb2_spnego_auth(session,
+ } else if (in_security_buffer.data[0] == ASN1_APPLICATION(0)) {
+ return smbd_smb2_spnego_negotiate(session,
smb2req,
in_security_mode,
in_security_buffer,
out_session_flags,
out_security_buffer,
out_session_id);
- } else if (in_security_buffer.length > 7 && strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) == 0) {
- return smbd_smb2_raw_ntlmssp_auth(session,
+ } else if (in_security_buffer.data[0] == ASN1_CONTEXT(1)) {
+ return smbd_smb2_spnego_auth(session,
smb2req,
in_security_mode,
in_security_buffer,