[SCM] Samba Shared Repository - branch v3-0-test updated -
release-3-0-28-126-g99c5baf
Jeremy Allison
jra at samba.org
Thu Feb 14 03:21:56 GMT 2008
The branch, v3-0-test has been updated
via 99c5baf380c05a3852b6df6bb1eddf1ae080ccdf (commit)
from 3eb2d427a9319199e862e6f6af5db32de6330b34 (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 99c5baf380c05a3852b6df6bb1eddf1ae080ccdf
Author: Jeremy Allison <jra at samba.org>
Date: Wed Feb 13 19:21:12 2008 -0800
Fix obscure bug where if client sends us the krb5 part
of a SPNEGO packet we could drop into the NTLMSSP
part of the processing. This fix only for 3.0.28a,
I have a proper SPNEGO negotiate fix for 3.2.
Jeremy
-----------------------------------------------------------------------
Summary of changes:
source/smbd/sesssetup.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index d9a5262..4fe3ac3 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -710,6 +710,15 @@ static int reply_spnego_negotiate(connection_struct *conn,
}
#endif
+ if (got_kerberos_mechanism) {
+ invalidate_intermediate_vuid(vuid);
+ DEBUG(3,("reply_spnego_negotiate: network "
+ "misconfiguration, client sent us a "
+ "krb5 ticket and kerberos security "
+ "not enabled"));
+ return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ }
+
if (*auth_ntlmssp_state) {
auth_ntlmssp_end(auth_ntlmssp_state);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list