From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 4 Sep 2019 13:31:21 +0000 (+0300)
Subject: spnego: add client option to omit sending an optimistic token
X-Git-Tag: samba-4.9.14~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16b10d1a433936009e1c4d3f156f41e430479d26;p=thirdparty%2Fsamba.git

spnego: add client option to omit sending an optimistic token

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0b3fbdce7ac..6bb5c8b6417 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -136,6 +136,7 @@ struct spnego_state {
 	bool done_mic_check;
 
 	bool simulate_w2k;
+	bool no_optimistic;
 
 	/*
 	 * The following is used to implement
@@ -187,6 +188,10 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi
 
 	spnego_state->simulate_w2k = gensec_setting_bool(gensec_security->settings,
 						"spnego", "simulate_w2k", false);
+	spnego_state->no_optimistic = gensec_setting_bool(gensec_security->settings,
+							  "spnego",
+							  "client_no_optimistic",
+							  false);
 
 	gensec_security->private_data = spnego_state;
 	return NT_STATUS_OK;
@@ -1923,6 +1928,12 @@ static void gensec_spnego_update_pre(struct tevent_req *req)
 		 * blob and NT_STATUS_OK.
 		 */
 		state->sub.status = NT_STATUS_OK;
+	} else if (spnego_state->state_position == SPNEGO_CLIENT_START &&
+		   spnego_state->no_optimistic) {
+		/*
+		 * Skip optimistic token per conf.
+		 */
+		state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
 	} else {
 		/*
 		 * MORE_PROCESSING_REQUIRED =>