fixed NTLMSSP with XP servers (who don't send the duplicate challenge

in the asn1 spnego structures)
(This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)

source3/libsmb/cliconnect.c

@@ -439,6 +439,10 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user,
 		return False;
 	}
 
+#if 0
+	file_save("chal.dat", blob.data, blob.length);
+#endif
+
 	/* the server gives us back two challenges */
 	if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
 		return False;
@@ -499,6 +503,10 @@ static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user,
 		goto ntlmssp;
 	}
 
+#if 0
+	file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
+#endif
+
 	/* the server sent us the first part of the SPNEGO exchange in the negprot 
 	   reply */
 	if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principle)) {

source3/libsmb/clispnego.c

@@ -241,6 +241,9 @@ BOOL spnego_parse_challenge(DATA_BLOB blob,
 	BOOL ret;
 	ASN1_DATA data;
 
+	ZERO_STRUCTP(chal1);
+	ZERO_STRUCTP(chal2);
+
 	asn1_load(&data, blob);
 	asn1_start_tag(&data,ASN1_CONTEXT(1));
 	asn1_start_tag(&data,ASN1_SEQUENCE(0));
@@ -257,9 +260,12 @@ BOOL spnego_parse_challenge(DATA_BLOB blob,
 	asn1_read_octet_string(&data, chal1);
 	asn1_end_tag(&data);
 
-	asn1_start_tag(&data,ASN1_CONTEXT(3));
-	asn1_read_octet_string(&data, chal2);
-	asn1_end_tag(&data);
+	/* the second challenge is optional (XP doesn't send it) */
+	if (asn1_tag_remaining(&data)) {
+		asn1_start_tag(&data,ASN1_CONTEXT(3));
+		asn1_read_octet_string(&data, chal2);
+		asn1_end_tag(&data);
+	}
 
 	asn1_end_tag(&data);
 	asn1_end_tag(&data);