diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-04-23 05:17:25 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-04-29 12:06:25 +0200 |
commit | 26351cd1e90a113f722b6b12796edc9bf46c03d4 (patch) | |
tree | 61e1f725f1902d7c459794351d43fa45af2a480e | |
parent | 44ddc5642355164ab7d29f04555a9c1469f2800b (diff) | |
download | samba-26351cd1e90a113f722b6b12796edc9bf46c03d4.tar.gz |
auth/spnego: handle broken mechListMIC response from Windows 2000
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 032c2733dea834e2c95178cdd0deb73e7bb13621)
-rw-r--r-- | auth/gensec/spnego.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 5126952a6d7..33a4b4688a3 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -1078,6 +1078,24 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA } if (spnego.negTokenTarg.mechListMIC.length > 0) { + DATA_BLOB *m = &spnego.negTokenTarg.mechListMIC; + const DATA_BLOB *r = &spnego.negTokenTarg.responseToken; + + /* + * Windows 2000 has a bug, it repeats the + * responseToken in the mechListMIC field. + */ + if (m->length == r->length) { + int cmp; + + cmp = memcmp(m->data, r->data, m->length); + if (cmp == 0) { + data_blob_free(m); + } + } + } + + if (spnego.negTokenTarg.mechListMIC.length > 0) { if (spnego_state->no_response_expected) { spnego_state->needs_mic_check = true; } |