From 0da36b22ff3382f2e4a86f4090ad8097a2dd8a32 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 31 Jul 2003 19:01:22 +0000 Subject: only honor the first OID in the sessetup snego negotiate. Deviates from RFC but I'm smelling a client bug here. /* only look at the first OID for determining the mechToken -- accoirding to RFC2478, we should choose the one we want and renegotiate, but i smell a client bug here.. Problem observed when connecting to a member (samba box) of an AD domain as a user in a Samba domain. Samba member server sent back krb5/mskrb5/ntlmssp as mechtypes, but the client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an NTLMSSP mechtoken. --jerry */ (This used to be commit 731420b03dbc15977822f74047e931dc62284fc0) --- source3/smbd/sesssetup.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index ccd7214251..c585ac1e67 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -371,13 +371,24 @@ static int reply_spnego_negotiate(connection_struct *conn, if (!parse_negTokenTarg(blob1, OIDs, &secblob)) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } + + /* only look at the first OID for determining the mechToken -- + accoirding to RFC2478, we should choose the one we want + and renegotiate, but i smell a client bug here.. + + Problem observed when connecting to a member (samba box) + of an AD domain as a user in a Samba domain. Samba member + server sent back krb5/mskrb5/ntlmssp as mechtypes, but the + client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an + NTLMSSP mechtoken. --jerry */ + if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || + strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) { + got_kerberos = True; + } + for (i=0;OIDs[i];i++) { DEBUG(3,("Got OID %s\n", OIDs[i])); - if (strcmp(OID_KERBEROS5, OIDs[i]) == 0 || - strcmp(OID_KERBEROS5_OLD, OIDs[i]) == 0) { - got_kerberos = True; - } free(OIDs[i]); } DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length)); -- cgit