From 62f92cfa3056c92054c53fb3a6f8ced753e3992b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 29 Aug 2019 20:15:15 +0300
Subject: [PATCH] wip: spnego fallback

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
---
 auth/ntlmssp/ntlmssp.c         |  7 +++++--
 auth/ntlmssp/ntlmssp.h         |  5 +++--
 auth/ntlmssp/ntlmssp_private.h |  4 ++++
 auth/ntlmssp/ntlmssp_server.c  | 20 ++++++++++++++++++++
 4 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c
index 37434fbb0c2..558b9311730 100644
--- a/auth/ntlmssp/ntlmssp.c
+++ b/auth/ntlmssp/ntlmssp.c
@@ -67,6 +67,10 @@ static const struct ntlmssp_callbacks {
 		.role		= NTLMSSP_SERVER,
 		.command	= NTLMSSP_NEGOTIATE,
 		.sync_fn	= gensec_ntlmssp_server_negotiate,
+	},{
+		.role		= NTLMSSP_SERVER,
+		.command	= NTLMSSP_SPNEGO_FALLBACK,
+		.sync_fn	= gensec_ntlmssp_server_spnego_fallback,
 	},{
 		.role		= NTLMSSP_CLIENT,
 		.command	= NTLMSSP_CHALLENGE,
@@ -116,8 +120,7 @@ static NTSTATUS gensec_ntlmssp_update_find(struct gensec_security *gensec_securi
 				ntlmssp_command = NTLMSSP_NEGOTIATE;
 			} else {
 				/* This is normal in SPNEGO mech negotiation fallback */
-				DEBUG(2, ("Failed to parse NTLMSSP packet: zero length\n"));
-				return NT_STATUS_INVALID_PARAMETER;
+                                ntlmssp_command = NTLMSSP_SPNEGO_FALLBACK;
 			}
 			break;
 		default:
diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h
index 658d3fa86af..781ca454624 100644
--- a/auth/ntlmssp/ntlmssp.h
+++ b/auth/ntlmssp/ntlmssp.h
@@ -43,8 +43,9 @@ enum ntlmssp_message_type
 	NTLMSSP_NEGOTIATE = 1,
 	NTLMSSP_CHALLENGE = 2,
 	NTLMSSP_AUTH      = 3,
-	NTLMSSP_UNKNOWN   = 4,
-	NTLMSSP_DONE      = 5 /* samba final state */
+	NTLMSSP_SPNEGO_FALLBACK  = 4,
+	NTLMSSP_UNKNOWN   = 5,
+	NTLMSSP_DONE      = 6 /* samba final state */
 };
 
 #define NTLMSSP_FEATURE_SESSION_KEY        0x00000001
diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h
index 4d84e3347b6..57d7c009942 100644
--- a/auth/ntlmssp/ntlmssp_private.h
+++ b/auth/ntlmssp/ntlmssp_private.h
@@ -118,6 +118,10 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security
 					 TALLOC_CTX *out_mem_ctx,
 					 const DATA_BLOB request, DATA_BLOB *reply);
 
+NTSTATUS gensec_ntlmssp_server_spnego_fallback(struct gensec_security *gensec_security,
+					 TALLOC_CTX *out_mem_ctx,
+					 const DATA_BLOB request, DATA_BLOB *reply);
+
 struct tevent_req *ntlmssp_server_auth_send(TALLOC_CTX *mem_ctx,
 					    struct tevent_context *ev,
 					    struct gensec_security *gensec_security,
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 5a56a4db99f..4e0be7c3440 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -71,6 +71,26 @@ const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
 	}
 }
 
+
+/**
+ * Next state function for the NTLMSSP Negotiate packet
+ *
+ * @param gensec_security GENSEC state
+ * @param out_mem_ctx Memory context for *out
+ * @param in The request, as a DATA_BLOB.  reply.data must be NULL
+ * @param out The reply, as an allocated DATA_BLOB, caller to free.
+ * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
+ */
+
+NTSTATUS gensec_ntlmssp_server_spnego_fallback(struct gensec_security *gensec_security,
+					 TALLOC_CTX *out_mem_ctx,
+					 const DATA_BLOB request, DATA_BLOB *reply)
+{
+        *reply = data_blob_talloc(out_mem_ctx, NULL, 0);
+
+	return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
+
 /**
  * Next state function for the NTLMSSP Negotiate packet
  *
-- 
2.14.5