The Samba-Bugzilla – Attachment 5855 Details for
Bug 7577
SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in Assistant
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 3.4.x.
foobar1 (text/plain), 2.26 KB, created by
Jeremy Allison
on 2010-07-20 12:41:30 UTC
(
hide
)
Description:
Patch for 3.4.x.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2010-07-20 12:41:30 UTC
Size:
2.26 KB
patch
obsolete
>diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c >index 8e51e89..f091842 100644 >--- a/source3/libsmb/clispnego.c >+++ b/source3/libsmb/clispnego.c >@@ -4,7 +4,7 @@ > Copyright (C) Andrew Tridgell 2001 > Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 > Copyright (C) Luke Howard 2003 >- >+ > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by > the Free Software Foundation; either version 3 of the License, or >@@ -145,9 +145,16 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob, > asn1_start_tag(data,ASN1_APPLICATION(0)); > > asn1_check_OID(data,OID_SPNEGO); >+ >+ /* negTokenInit [0] NegTokenInit */ > asn1_start_tag(data,ASN1_CONTEXT(0)); > asn1_start_tag(data,ASN1_SEQUENCE(0)); > >+ /* mechTypes [0] MechTypeList OPTIONAL */ >+ >+ /* Not really optional, we depend on this to decide >+ * what mechanisms we have to work with. */ >+ > asn1_start_tag(data,ASN1_CONTEXT(0)); > asn1_start_tag(data,ASN1_SEQUENCE(0)); > for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) { >@@ -160,7 +167,40 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob, > asn1_end_tag(data); > > *principal = NULL; >- if (asn1_tag_remaining(data) > 0) { >+ >+ >+ /* >+ Win7 + Live Sign-in Assistant attaches a mechToken >+ ASN1_CONTEXT(2) to the negTokenInit packet >+ which breaks our negotiation if we just assume >+ the next tag is ASN1_CONTEXT(3). >+ */ >+ >+ if (asn1_peek_tag(data, ASN1_CONTEXT(1))) { >+ uint8 flags; >+ >+ /* reqFlags [1] ContextFlags OPTIONAL */ >+ asn1_start_tag(data, ASN1_CONTEXT(1)); >+ asn1_start_tag(data, ASN1_BITFIELD); >+ while (asn1_tag_remaining(data) > 0) { >+ asn1_read_uint8(data, &flags); >+ } >+ asn1_end_tag(data); >+ asn1_end_tag(data); >+ } >+ >+ if (asn1_peek_tag(data, ASN1_CONTEXT(2))) { >+ /* mechToken [2] OCTET STRING OPTIONAL */ >+ DATA_BLOB token; >+ asn1_start_tag(data, ASN1_CONTEXT(2)); >+ asn1_read_OctetString(data, NULL, &token); >+ asn1_end_tag(data); >+ /* Throw away the token - not used. */ >+ data_blob_free(&token); >+ } >+ >+ if (asn1_peek_tag(data, ASN1_CONTEXT(3))) { >+ /* mechListMIC [3] OCTET STRING OPTIONAL */ > asn1_start_tag(data, ASN1_CONTEXT(3)); > asn1_start_tag(data, ASN1_SEQUENCE(0)); > asn1_start_tag(data, ASN1_CONTEXT(0));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5855">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
idra
:
review+
Actions:
View
Attachments on
bug 7577
:
5850
|
5851
|
5852
|
5854
| 5855