svn commit: samba r11992 - in
branches/SAMBA_4_0/source/smb_server/smb: .
abartlet at samba.org
abartlet at samba.org
Thu Dec 1 05:06:53 GMT 2005
Author: abartlet
Date: 2005-12-01 05:06:52 +0000 (Thu, 01 Dec 2005)
New Revision: 11992
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11992
Log:
Potentially allow SPNEGO to be disabled (as occours on WinXP
standalone), and use only NTLMSSP.
(But doing so would break Samba3's client).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/smb_server/smb/negprot.c
Changeset:
Modified: branches/SAMBA_4_0/source/smb_server/smb/negprot.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/smb/negprot.c 2005-12-01 04:58:15 UTC (rev 11991)
+++ branches/SAMBA_4_0/source/smb_server/smb/negprot.c 2005-12-01 05:06:52 UTC (rev 11992)
@@ -368,24 +368,33 @@
nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("Failed to start SPNEGO: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO\n");
- return;
- }
+ if (NT_STATUS_IS_OK(nt_status)) {
+ /* Get and push the proposed OID list into the packets */
+ nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
- nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
-
- if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
- smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
- return;
+ if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
+ return;
+ }
+ } else {
+ DEBUG(5, ("Failed to start SPNEGO, falling back to NTLMSSP only: %s\n", nt_errstr(nt_status)));
+ nt_status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Failed to start SPNEGO as well as NTLMSSP fallback: %s\n", nt_errstr(nt_status)));
+ smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO and NTLMSSP\n");
+ return;
+ }
+ /* NTLMSSP is a client-first exchange */
+ blob = data_blob(NULL, 0);
}
req->smb_conn->negotiate.spnego_negotiated = True;
req_grow_data(req, blob.length + 16);
- /* a NOT very random guid */
+ /* a NOT very random guid, perhaps we should get it
+ * from the credentials (kitchen sink...) */
memset(req->out.ptr, '\0', 16);
req->out.ptr += 16;
More information about the samba-cvs
mailing list