sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-04 05:18:06 +03:00
Code

only honor the first OID in the sessetup snego negotiate. Deviates

Browse Source 
from RFC but I'm smelling a client bug here.

	/* only look at the first OID for determining the mechToken --
	   accoirding to RFC2478, we should choose the one we want
	   and renegotiate, but i smell a client bug here..

	   Problem observed when connecting to a member (samba box)
	   of an AD domain as a user in a Samba domain.  Samba member
	   server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
	   client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
	   NTLMSSP mechtoken.                 --jerry              */
This commit is contained in:
Gerald Carter 0001-01-01 00:00:00 +00:00
parent 44bae9da9e
commit 731420b03d
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source/smbd/sesssetup.c
View File

@ -371,13 +371,24 @@ static int reply_spnego_negotiate(connection_struct *conn,
if (!parse_negTokenTarg(blob1, OIDs, &secblob)) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
/* only look at the first OID for determining the mechToken --
accoirding to RFC2478, we should choose the one we want
and renegotiate, but i smell a client bug here..
Problem observed when connecting to a member (samba box)
of an AD domain as a user in a Samba domain. Samba member
server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
NTLMSSP mechtoken. --jerry */
if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 ||
strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) {
got_kerberos = True;
}
for (i=0;OIDs[i];i++) {
DEBUG(3,("Got OID %s\n", OIDs[i]));
if (strcmp(OID_KERBEROS5, OIDs[i]) == 0 ||
strcmp(OID_KERBEROS5_OLD, OIDs[i]) == 0) {
got_kerberos = True;
}
free(OIDs[i]);
}
DEBUG(3,("Got secblob of size %lu\n", (unsigned long)secblob.length));