]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e7603aa)
spnego: fix server handling of no optimistic exchange
authorIsaac Boukris <iboukris@gmail.com>
Wed, 4 Sep 2019 14:04:12 +0000 (17:04 +0300)
committerKarolin Seeger <kseeger@samba.org>
Wed, 16 Oct 2019 16:47:13 +0000 (16:47 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184

Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Wed Oct 16 16:47:14 UTC 2019 on sn-devel-144

auth/gensec/spnego.c patch | blob | blame | history
selftest/knownfail.d/spnego_no_optimistic [deleted file] patch | blob | blame | history

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 6bb5c8b6417d96f9d628a51891a131c7da19f2ba..5f78267281de0a0ed572c78471fe055a5a4fb5c6 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1300,6 +1300,10 @@ static NTSTATUS gensec_spnego_server_negTokenInit_step(
                        spnego_state->mic_requested = true;
                }
 
+               if (sub_in.length == 0) {
+                       spnego_state->no_optimistic = true;
+               }
+
                /*
                 * Note that 'cur_sec' is temporary memory, but
                 * cur_sec->oid points to a const string in the
@@ -1934,6 +1938,15 @@ static void gensec_spnego_update_pre(struct tevent_req *req)
                 * Skip optimistic token per conf.
                 */
                state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+       } else if (spnego_state->state_position == SPNEGO_SERVER_START &&
+                  state->sub.in.length == 0 && spnego_state->no_optimistic) {
+               /*
+                * If we didn't like the mechanism for which the client sent us
+                * an optimistic token, or if he didn't send any, don't call
+                * the sub mechanism just yet.
+                */
+               state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+               spnego_state->no_optimistic = false;
        } else {
                /*
                 * MORE_PROCESSING_REQUIRED =>
diff --git a/selftest/knownfail.d/spnego_no_optimistic b/selftest/knownfail.d/spnego_no_optimistic
deleted file mode 100644 (file)
index 54f5144..0000000
--- a/selftest/knownfail.d/spnego_no_optimistic
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.smb.spnego.*.no_optimistic
Mirror of https://github.com/samba-team/samba.git