diff options
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/spnego.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index f706de30672..db8a91b6f34 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -1319,6 +1319,10 @@ static NTSTATUS gensec_spnego_server_negTokenInit_step( spnego_state->mic_requested = true; } + if (sub_in.length == 0) { + spnego_state->no_optimistic = true; + } + /* * Note that 'cur_sec' is temporary memory, but * cur_sec->oid points to a const string in the @@ -1953,6 +1957,15 @@ static void gensec_spnego_update_pre(struct tevent_req *req) * Skip optimistic token per conf. */ state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED; + } else if (spnego_state->state_position == SPNEGO_SERVER_START && + state->sub.in.length == 0 && spnego_state->no_optimistic) { + /* + * If we didn't like the mechanism for which the client sent us + * an optimistic token, or if he didn't send any, don't call + * the sub mechanism just yet. + */ + state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED; + spnego_state->no_optimistic = false; } else { /* * MORE_PROCESSING_REQUIRED => |