From 759bda2962fbde173a750fb8c9ce0a6d5f9e0f23 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Dec 2005 05:06:52 +0000 Subject: r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP standalone), and use only NTLMSSP. (But doing so would break Samba3's client). Andrew Bartlett (This used to be commit e74ca624e74ed82788817e302a516208dc1421bd) --- source4/smb_server/smb/negprot.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) (limited to 'source4/smb_server') diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index a9cc05e251..6cdf889843 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -368,24 +368,33 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status))); - smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n"); - return; - } - - nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); - - if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); - smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); - return; + if (NT_STATUS_IS_OK(nt_status)) { + /* Get and push the proposed OID list into the packets */ + nt_status = gensec_update(gensec_security, req, null_data_blob, &blob); + + if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n"); + return; + } + } else { + DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status))); + nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status))); + smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO and NTLMSSP\n"); + return; + } + /* NTLMSSP is a client-first exchange */ + blob = data_blob(NULL, 0); } req->smb_conn->negotiate.spnego_negotiated = True; req_grow_data(req, blob.length + 16); - /* a NOT very random guid */ + /* a NOT very random guid, perhaps we should get it + * from the credentials (kitchen sink...) */ memset(req->out.ptr, '\0', 16); req->out.ptr += 16; -- cgit