svn commit: samba r9411 - in branches/SAMBA_4_0/source/auth: gensec
ntlmssp
abartlet at samba.org
abartlet at samba.org
Sat Aug 20 04:42:20 GMT 2005
Author: abartlet
Date: 2005-08-20 04:42:19 +0000 (Sat, 20 Aug 2005)
New Revision: 9411
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9411
Log:
Ensure we don't send a challenge without first getting a negotiate in
NTLMSSP, unless we are in datagram mode (not fully implemented yet).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec.h
branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec.h 2005-08-20 04:40:08 UTC (rev 9410)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec.h 2005-08-20 04:42:19 UTC (rev 9411)
@@ -40,6 +40,7 @@
#define GENSEC_FEATURE_SEAL 0x00000004
#define GENSEC_FEATURE_DCE_STYLE 0x00000008
#define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010
+#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
/* GENSEC mode */
enum gensec_role
Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c
===================================================================
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c 2005-08-20 04:40:08 UTC (rev 9410)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c 2005-08-20 04:42:19 UTC (rev 9411)
@@ -138,8 +138,14 @@
ntlmssp_command = NTLMSSP_INITIAL;
break;
case NTLMSSP_SERVER:
- /* 'datagram' mode - no neg packet */
- ntlmssp_command = NTLMSSP_NEGOTIATE;
+ if (gensec_security->want_features & GENSEC_FEATURE_DATAGRAM_MODE) {
+ /* 'datagram' mode - no neg packet */
+ ntlmssp_command = NTLMSSP_NEGOTIATE;
+ } else {
+ /* This is normal in SPNEGO mech negotiation fallback */
+ DEBUG(2, ("Failed to parse NTLMSSP packet: zero length\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
break;
}
} else {
More information about the samba-cvs
mailing list