diff options
| author | Stefan Metzmacher <metze@samba.org> | 2009-01-12 12:32:46 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2009-01-13 10:47:53 +0100 |
| commit | 3c33ea39119e8e045ec99d18098b3d22ca5c5ee6 (patch) | |
| tree | 6768ece640e29afd8c9def9fc35a67e05e07243a /pcp | |
| parent | 3bf646e5f87f55c4b3f19dc58d80192ccdf0c72f (diff) | |
| download | samba-3c33ea39119e8e045ec99d18098b3d22ca5c5ee6.tar.gz samba-3c33ea39119e8e045ec99d18098b3d22ca5c5ee6.tar.xz samba-3c33ea39119e8e045ec99d18098b3d22ca5c5ee6.zip | |
s3:libsmb: handle the smb signing states the same in the krb5 and ntlmssp cases
SMB signing works the same regardless of the used auth mech.
We need to start with the temp signing ("BSRSPYL ")
and the session setup response with NT_STATUS_OK
is the first signed packet.
Now we set the krb5 session key if we got the NT_STATUS_OK
from the server and then recheck the packet.
All this is needed to make the fallback from krb5 to
ntlmssp possible. This commit also resets the cli->vuid
value to 0, if the krb5 auth didn't succeed. Otherwise
the server handles NTLMSSP packets as krb5 packets.
The restructuring of the SMB signing code is needed to
make sure the krb5 code only starts the signing engine
on success. Otherwise the NTLMSSP fallback could not initialize
the signing engine (again).
metze
(cherry picked from commit 7d9fd64f38aa5821b38c1223cf87979fc87bfb71)
(cherry picked from commit 8e29070ccd0b5103af2e6da75644169f46700313)
(cherry picked from commit 38b297f99ec166e5c40ba33774222b37b45b4fec)
(a little bit modified to compile in v3-0)
(cherry picked from commit db109da6b10a091593435e3f8b0d9adb57d3c972)
Diffstat (limited to 'pcp')
0 files changed, 0 insertions, 0 deletions