svn commit: samba r13850 - in branches/SAMBA_4_0/source:
libcli/smb_composite script/tests
abartlet at samba.org
abartlet at samba.org
Sun Mar 5 23:06:38 GMT 2006
Author: abartlet
Date: 2006-03-05 23:06:37 +0000 (Sun, 05 Mar 2006)
New Revision: 13850
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13850
Log:
Test (and fix) not using SPNEGO at all, but instead using raw NTLMSSP.
The switch to turn off SPNEGO in the client is a bit messy, but it works.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c
branches/SAMBA_4_0/source/script/tests/test_session_key.sh
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-03-05 20:45:18 UTC (rev 13849)
+++ branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-03-05 23:06:37 UTC (rev 13850)
@@ -317,27 +317,39 @@
if (session->transport->negotiate.secblob.length) {
chosen_oid = GENSEC_OID_SPNEGO;
+ status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
+ gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ chosen_oid = GENSEC_OID_NTLMSSP;
+ status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
+ gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
+ return status;
+ }
+ }
} else {
/* without a sec blob, means raw NTLMSSP */
chosen_oid = GENSEC_OID_NTLMSSP;
- }
-
- status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
- gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
- chosen_oid = GENSEC_OID_NTLMSSP;
status = gensec_start_mech_by_oid(session->gensec, chosen_oid);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n",
+ DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n",
gensec_get_name_by_oid(chosen_oid), nt_errstr(status)));
- return status;
}
}
-
- status = gensec_update(session->gensec, state,
- session->transport->negotiate.secblob,
- &state->setup.spnego.in.secblob);
+
+ if (chosen_oid == GENSEC_OID_SPNEGO) {
+ status = gensec_update(session->gensec, state,
+ session->transport->negotiate.secblob,
+ &state->setup.spnego.in.secblob);
+ } else {
+ status = gensec_update(session->gensec, state,
+ data_blob(NULL, 0),
+ &state->setup.spnego.in.secblob);
+
+ }
+
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n",
Modified: branches/SAMBA_4_0/source/script/tests/test_session_key.sh
===================================================================
--- branches/SAMBA_4_0/source/script/tests/test_session_key.sh 2006-03-05 20:45:18 UTC (rev 13849)
+++ branches/SAMBA_4_0/source/script/tests/test_session_key.sh 2006-03-05 23:06:37 UTC (rev 13850)
@@ -32,6 +32,7 @@
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no" \
"-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \
"-k no --option=usespnego=no --option=clientntlmv2auth=yes" \
+ "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \
"-k no --option=usespnego=no" \
; do
name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions"
More information about the samba-cvs
mailing list