Author: abartlet Date: 2005-08-20 04:42:19 +0000 (Sat, 20 Aug 2005) New Revision: 9411
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9411 Log: Ensure we don't send a challenge without first getting a negotiate in NTLMSSP, unless we are in datagram mode (not fully implemented yet). Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h =================================================================== --- branches/SAMBA_4_0/source/auth/gensec/gensec.h 2005-08-20 04:40:08 UTC (rev 9410) +++ branches/SAMBA_4_0/source/auth/gensec/gensec.h 2005-08-20 04:42:19 UTC (rev 9411) @@ -40,6 +40,7 @@ #define GENSEC_FEATURE_SEAL 0x00000004 #define GENSEC_FEATURE_DCE_STYLE 0x00000008 #define GENSEC_FEATURE_ASYNC_REPLIES 0x00000010 +#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020 /* GENSEC mode */ enum gensec_role Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c =================================================================== --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c 2005-08-20 04:40:08 UTC (rev 9410) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c 2005-08-20 04:42:19 UTC (rev 9411) @@ -138,8 +138,14 @@ ntlmssp_command = NTLMSSP_INITIAL; break; case NTLMSSP_SERVER: - /* 'datagram' mode - no neg packet */ - ntlmssp_command = NTLMSSP_NEGOTIATE; + if (gensec_security->want_features & GENSEC_FEATURE_DATAGRAM_MODE) { + /* 'datagram' mode - no neg packet */ + ntlmssp_command = NTLMSSP_NEGOTIATE; + } else { + /* This is normal in SPNEGO mech negotiation fallback */ + DEBUG(2, ("Failed to parse NTLMSSP packet: zero length\n")); + return NT_STATUS_INVALID_PARAMETER; + } break; } } else {
