sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-26 01:49:31 +03:00
Code Activity

s4:gensec/spnego: only try the mechs that match the client given ones

Browse Source 
Windows-Members of NT4/Samba3 domains, send

MechTypes:
1.3.6.1.4.1.311.2.2.10 [NTLMSSP]
1.2.840.48018.1.2.2    [krb5 broken]
1.2.840.113554.1.2.2   [krb5]

MechToken for NTLMSSP.

This patch makes sure we start NTLMSSP with the given MechToken,
instead of trying to pass the NTLMSSP MechToken to the krb5 backend
first. As that would fail the authentication with an error
instead of trying fallbacks.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
This commit is contained in:
Stefan Metzmacher
2011-11-30 15:17:05 +01:00
parent 4afbda221c
commit de553b52f2
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source4/auth/gensec/spnego.c
View File

@ -428,6 +428,10 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
uint32_t j;
for (j=0; mechType && mechType[j]; j++) {
for (i=0; all_sec && all_sec[i].op; i++) {
if (strcmp(mechType[j], all_sec[i].oid) != 0) {
continue;
}
nt_status = gensec_subcontext_start(spnego_state,
gensec_security,
&spnego_state->sub_sec_security);