r4692: Make the client SPNEGO code bail out in a couple more cases.

author Andrew Bartlett <abartlet@samba.org>

Tue, 11 Jan 2005 20:20:27 +0000 (20:20 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:08:44 +0000 (13:08 -0500)
author Andrew Bartlett <abartlet@samba.org>
Tue, 11 Jan 2005 20:20:27 +0000 (20:20 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:08:44 +0000 (13:08 -0500)
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c

index 84bd7ce42c092219f0b972ced005eb34c66b738a..f7221b7458a274fb876ca36b29a0aa25ceaa8e1c 100644 (file)
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -686,7 +686,10 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
  
                 if (spnego_state->no_response_expected) {
                         if (spnego.negTokenTarg.negResult != SPNEGO_ACCEPT_COMPLETED) {
-                               DEBUG(1,("gensec_update ok but not accepted\n"));
+                               DEBUG(3,("GENSEC SPNEGO: client GENSEC accepted, but server rejected (bad password?)\n"));
+                               nt_status = NT_STATUS_INVALID_PARAMETER;
+                       } else if (spnego.negTokenTarg.responseToken.length) {
+                               DEBUG(2,("GENSEC SPNEGO: client GENSEC accepted, but server continued negotiation!\n"));
                                 nt_status = NT_STATUS_INVALID_PARAMETER;
                         } else {
                                 nt_status = NT_STATUS_OK;
author	Andrew Bartlett <abartlet@samba.org>
	Tue, 11 Jan 2005 20:20:27 +0000 (20:20 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:08:44 +0000 (13:08 -0500)