From ae9f7857d505d171bb1fdbca56529565ae6b2e98 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 11 Dec 2006 16:36:30 +0000 Subject: r20107: don't segfault when the server didn't send a supportedMech in a negTokenTarg this happens because we send 1.2.840.113554.1.2.2 before 1.2.840.48018.1.2.2 in the negTokenInit. And w2k's spnego code redirects us to use 1.2.840.48018.1.2.2 and then we start the our spnego engine with 1.2.840.48018.1.2.2 and in the then following negTokenTarg w2k don't send the supportedMech (which means it aggrees in what we've choosen) metze (This used to be commit 5af5488593991ab4a2a8e17d38501ad9ec539020) --- source4/auth/gensec/spnego.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4') diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index c647ba5333..945b6d94dc 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -904,6 +904,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA /* Server didn't like our choice of mech, and chose something else */ if ((spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_INCOMPLETE) && + spnego.negTokenTarg.supportedMech && strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) { DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n", gensec_get_name_by_oid(spnego.negTokenTarg.supportedMech), -- cgit