auth/spnego: handle broken mechListMIC response from Windows 2000

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 032c2733dea834e2c95178cdd0deb73e7bb13621)

1 files changed, 18 insertions, 0 deletions

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 5126952a6d7..33a4b4688a3 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1078,6 +1078,24 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 		}
 
 		if (spnego.negTokenTarg.mechListMIC.length > 0) {
+			DATA_BLOB *m = &spnego.negTokenTarg.mechListMIC;
+			const DATA_BLOB *r = &spnego.negTokenTarg.responseToken;
+
+			/*
+			 * Windows 2000 has a bug, it repeats the
+			 * responseToken in the mechListMIC field.
+			 */
+			if (m->length == r->length) {
+				int cmp;
+
+				cmp = memcmp(m->data, r->data, m->length);
+				if (cmp == 0) {
+					data_blob_free(m);
+				}
+			}
+		}
+
+		if (spnego.negTokenTarg.mechListMIC.length > 0) {
 			if (spnego_state->no_response_expected) {
 				spnego_state->needs_mic_check = true;
 			}