From 5ba42f1a481a691b55a41125cfffdda3afc5f156 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 8 Aug 2014 16:18:57 -0400 Subject: Do not send domain/workstation name in nego_msg Modern Windows OSs also completely ignore sending any of this stuff, so just stop sending it ourselves, it's generally ignored anyway. --- src/gss_sec_ctx.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 3b06d18..9f1e989 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -44,7 +44,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, char *nb_computer_name = NULL; char *nb_domain_name = NULL; struct gssntlm_name *client_name = NULL; - const char *domain = NULL; uint32_t in_flags; uint32_t msg_type; char *trgt_name = NULL; @@ -162,12 +161,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (cred->type == GSSNTLM_CRED_USER && - cred->cred.user.user.data.user.domain) { - ctx->neg_flags |= NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED; - domain = cred->cred.user.user.data.user.domain; - } - /* acquire our own name */ if (!client_name) { gss_buffer_desc tmpbuf; @@ -204,8 +197,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, gssntlm_set_role(ctx, GSSNTLM_CLIENT, nb_domain_name); - ctx->neg_flags |= NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED; - lm_compat_lvl = gssntlm_get_lm_compatibility_level(); ctx->sec_req = gssntlm_required_security(lm_compat_lvl, ctx); if (ctx->sec_req == 0xff) { @@ -252,7 +243,7 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, } retmin = ntlm_encode_neg_msg(ctx->ntlm, ctx->neg_flags, - domain, ctx->workstation, &ctx->nego_msg); + NULL, NULL, &ctx->nego_msg); if (retmin) { retmaj = GSS_S_FAILURE; goto done; -- cgit