From 81756ba7440e255f750d13858e1147d3976e70e2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 14 Oct 2001 05:42:28 +0000 Subject: fixed two bugs in the NTLMSSP code - handle servers that don't send a kerberos principle (non-member servers) - enable spnego without KRB5 (This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e) --- source3/libsmb/cliconnect.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 9186208d62..4a9d2fe59c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -493,6 +493,12 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, int i; BOOL got_kerberos_mechanism = False; + /* the server might not even do spnego */ + if (cli->secblob.length == 16) { + DEBUG(3,("server didn't supply a full spnego negprot\n")); + goto ntlmssp; + } + /* the server sent us the first part of the SPNEGO exchange in the negprot reply */ if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) { @@ -519,6 +525,8 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, free(principle); +ntlmssp: + return cli_session_setup_ntlmssp(cli, user, pass, workgroup); } @@ -576,12 +584,10 @@ BOOL cli_session_setup(struct cli_state *cli, return cli_session_setup_plaintext(cli, user, pass, workgroup); } -#if HAVE_KRB5 /* if the server supports extended security then use SPNEGO */ if (cli->capabilities & CAP_EXTENDED_SECURITY) { return cli_session_setup_spnego(cli, user, pass, workgroup); } -#endif /* otherwise do a NT1 style session setup */ return cli_session_setup_nt1(cli, user, -- cgit