sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3:libsmb: Always use GENSEC_OID_SPNEGO in cli_smb1_setup_encryption_send()

Browse Source 
Also old servers should be able to handle NTLMSSP via SPNEGO.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 21 22:21:08 CET 2016 on sn-devel-144
This commit is contained in:
Stefan Metzmacher 2016-12-08 12:25:22 +01:00 committed by Andreas Schneider
parent f595031cb8
commit f7d249da4e
1 changed files with 9 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
source3/libsmb/cliconnect.c
View File

@ -2975,8 +2975,6 @@ static struct tevent_req *cli_smb1_setup_encryption_send(TALLOC_CTX *mem_ctx,
struct auth_generic_state *ags = NULL;
const DATA_BLOB *b = NULL;
bool auth_requested = false;
enum credentials_use_kerberos krb5_state;
const char *mech_oid = NULL;
const char *target_service = NULL;
const char *target_hostname = NULL;
NTSTATUS status;
@ -2998,30 +2996,9 @@ static struct tevent_req *cli_smb1_setup_encryption_send(TALLOC_CTX *mem_ctx,
target_service = "cifs";
target_hostname = smbXcli_conn_remote_name(cli->conn);
krb5_state = cli_credentials_get_kerberos_state(creds);
if (krb5_state == CRED_MUST_USE_KERBEROS) {
mech_oid = GENSEC_OID_SPNEGO;
b = smbXcli_conn_server_gss_blob(state->cli->conn);
if (b != NULL) {
state->blob_in = *b;
}
status = cli_session_creds_prepare_krb5(cli, creds);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
}
} else {
/*
* Be compatible with the <= 4.5 client code,
* which used raw NTLMSSP unless kerberos
* was forced.
*
* We need to check with the oldest server implementation
* if we can remove this and always use
* GENSEC_OID_SPNEGO.
*/
mech_oid = GENSEC_OID_NTLMSSP;
status = cli_session_creds_prepare_krb5(cli, creds);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
}
state->es = talloc_zero(state, struct smb_trans_enc_state);
@ -3063,7 +3040,12 @@ static struct tevent_req *cli_smb1_setup_encryption_send(TALLOC_CTX *mem_ctx,
gensec_set_max_update_size(ags->gensec_security,
CLI_BUFFER_SIZE);
status = auth_generic_client_start(ags, mech_oid);
b = smbXcli_conn_server_gss_blob(state->cli->conn);
if (b != NULL) {
state->blob_in = *b;
}
status = auth_generic_client_start(ags, GENSEC_OID_SPNEGO);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
}