diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-09-04 16:31:21 +0300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-10-16 19:25:13 +0000 |
commit | 27982255d6454841d3d17c8de3b3d4eac9d84adb (patch) | |
tree | b6b51fddb27380ff4640fe6c9b75c7197ee5fb05 /auth | |
parent | 7e40d859283100791602c2504005f7c99ec86996 (diff) | |
download | samba-27982255d6454841d3d17c8de3b3d4eac9d84adb.tar.gz |
spnego: add client option to omit sending an optimistic token
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/spnego.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index dc73e324d99..97472c26837 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -136,6 +136,7 @@ struct spnego_state { bool done_mic_check; bool simulate_w2k; + bool no_optimistic; /* * The following is used to implement @@ -187,6 +188,10 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi spnego_state->simulate_w2k = gensec_setting_bool(gensec_security->settings, "spnego", "simulate_w2k", false); + spnego_state->no_optimistic = gensec_setting_bool(gensec_security->settings, + "spnego", + "client_no_optimistic", + false); gensec_security->private_data = spnego_state; return NT_STATUS_OK; @@ -1944,6 +1949,12 @@ static void gensec_spnego_update_pre(struct tevent_req *req) * blob and NT_STATUS_OK. */ state->sub.status = NT_STATUS_OK; + } else if (spnego_state->state_position == SPNEGO_CLIENT_START && + spnego_state->no_optimistic) { + /* + * Skip optimistic token per conf. + */ + state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED; } else { /* * MORE_PROCESSING_REQUIRED => |