From 8f7643bd8345de0be03b59db2e9490ee5e0ca85f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Thu, 21 Sep 2006 01:49:18 +0000
Subject: r18761: Even if only offering NTLMSSP Windows (tested with Vista &
 XP) sends 0 as the key length in the case of extended security. It does make
 sense because with SPNEGO our beloved ASN1 structure gives us the length.

Next test I did to verify this: I modified the server to put in random
garbage, and W2kwks, XP, Vista and W2k3srv still talked to us.

Volker
(This used to be commit f19bd479cee57f064f63659c533ae108885d54a2)
---
 source3/smbd/negprot.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 4362bb5467..b984558fb4 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -230,11 +230,8 @@ static int negprot_spnego(char *p, uint8 *pkeylen)
 	}
 	data_blob_free(&blob);
 
-	if (lp_security() != SEC_ADS && !lp_use_kerberos_keytab()) {
-		*pkeylen = 0;
-	} else {
-		*pkeylen = len;
-	}
+	*pkeylen = 0;
+
 	return len;
 }
 
-- 
cgit