From d8f0f3a6d4c6fedf5cad364afb33d9cb92bc1336 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Oct 2001 06:24:25 +0000 Subject: SPNEGO works perfectly well with security=domain, so don't exclude it. (This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6) --- source3/smbd/negprot.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index e4285cb27c..045e16a9bb 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -159,7 +159,7 @@ static int reply_lanman2(char *inbuf, char *outbuf) /* generate the spnego negprot reply blob. Return the number of bytes used */ -static int negprot_spnego(char *p, uint8 cryptkey[8]) +static int negprot_spnego(char *p) { DATA_BLOB blob; extern pstring global_myname; @@ -217,7 +217,8 @@ static int reply_nt1(char *inbuf, char *outbuf) /* do spnego in user level security if the client supports it and we can do encrypted passwords */ if (global_encrypted_passwords_negotiated && - lp_security() == SEC_USER && + (lp_security() == SEC_USER || + lp_security() == SEC_DOMAIN) && (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = True; capabilities |= CAP_EXTENDED_SECURITY; @@ -285,10 +286,13 @@ static int reply_nt1(char *inbuf, char *outbuf) if (global_encrypted_passwords_negotiated) memcpy(p, cryptkey, 8); SSVALS(outbuf,smb_vwv16+1,8); p += 8; + DEBUG(3,("not using SPNEGO\n")); } else { - int len = negprot_spnego(p, cryptkey); + int len = negprot_spnego(p); + SSVALS(outbuf,smb_vwv16+1,len); p += len; + DEBUG(3,("using SPNEGO\n")); } p += srvstr_push(outbuf, p, global_myworkgroup, -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); -- cgit