The branch, master has been updated
via de553b5 s4:gensec/spnego: only try the mechs that match the client
given ones
from 4afbda2 s4:libcli/raw: implement on top of smbXcli_conn/req
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit de553b52f2bacf54b57b56216fbb91f9108026be
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 30 15:17:05 2011 +0100
s4:gensec/spnego: only try the mechs that match the client given ones
Windows-Members of NT4/Samba3 domains, send
MechTypes:
1.3.6.1.4.1.311.2.2.10 [NTLMSSP]
1.2.840.48018.1.2.2 [krb5 broken]
1.2.840.113554.1.2.2 [krb5]
MechToken for NTLMSSP.
This patch makes sure we start NTLMSSP with the given MechToken,
instead of trying to pass the NTLMSSP MechToken to the krb5 backend
first. As that would fail the authentication with an error
instead of trying fallbacks.
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/auth/gensec/spnego.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index fd3caaa..fae32d8 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -428,6 +428,10 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct
gensec_security *gensec_
uint32_t j;
for (j=0; mechType && mechType[j]; j++) {
for (i=0; all_sec && all_sec[i].op; i++) {
+ if (strcmp(mechType[j], all_sec[i].oid) != 0) {
+ continue;
+ }
+
nt_status =
gensec_subcontext_start(spnego_state,
gensec_security,
&spnego_state->sub_sec_security);
--
Samba Shared Repository
