[SCM] Samba Shared Repository - branch master updated

Thu, 03 Jun 2010 11:18:56 -0700 

The branch, master has been updated
       via  e47d778... Found by Guenther - fix up our fallback paths from krb5 
to NTLMSSP when using SMB2.
      from  e65164f... s4-smbtorture: convert RPC-SPOOLSS into a torture suite.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e47d77832b70b539ce3e898da458227dd0b853b6
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Jun 3 11:18:11 2010 -0700

    Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when 
using SMB2.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb2_sesssetup.c |   37 +++++++++++++++++++++++++++++--------
 1 files changed, 29 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 88454c1..757618e 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -553,15 +553,25 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct 
smbd_smb2_session *session,
        }
 #endif
 
-       /* Fall back to NTLMSSP. */
-       status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
+       if (kerb_mech) {
+               /* The mechtoken is a krb5 ticket, but
+                * we need to fall back to NTLM. */
 
-       status = auth_ntlmssp_update(session->auth_ntlmssp_state,
-                                    secblob_in,
-                                    &chal_out);
+               DEBUG(3,("smb2: Got krb5 ticket in SPNEGO "
+                       "but set to downgrade to NTLMSSP\n"));
+
+               status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+       } else {
+               /* Fall back to NTLMSSP. */
+               status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto out;
+               }
+
+               status = auth_ntlmssp_update(session->auth_ntlmssp_state,
+                                            secblob_in,
+                                            &chal_out);
+       }
 
        if (!NT_STATUS_IS_OK(status) &&
                        !NT_STATUS_EQUAL(status,
@@ -744,6 +754,17 @@ static NTSTATUS smbd_smb2_spnego_auth(struct 
smbd_smb2_session *session,
                        SAFE_FREE(kerb_mech);
                        return NT_STATUS_LOGON_FAILURE;
                }
+
+               data_blob_free(&secblob_in);
+       }
+
+       if (session->auth_ntlmssp_state == NULL) {
+               status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
+               if (!NT_STATUS_IS_OK(status)) {
+                       data_blob_free(&auth);
+                       TALLOC_FREE(session);
+                       return status;
+               }
        }
 
        status = auth_ntlmssp_update(session->auth_ntlmssp_state,


-- 
Samba Shared Repository

Reply via email to