Closed jborean93 closed 3 years ago
Merging #17 (0561e98) into main (35395ba) will increase coverage by
0.00%
. The diff coverage is100.00%
.
@@ Coverage Diff @@
## main #17 +/- ##
=======================================
Coverage 99.58% 99.58%
=======================================
Files 25 25
Lines 4302 4304 +2
=======================================
+ Hits 4284 4286 +2
Misses 18 18
Impacted Files | Coverage Δ | |
---|---|---|
spnego/negotiate.py | 100.00% <100.00%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 35395ba...0561e98. Read the comment docs.
Older SPNEGO logic with NTLM (and possibly others) had the
mechListMIC
in theNegTokenResp
set to the same value as theresponseToken
. While most modern servers no longer do this it's still possible to encounter something out there that still follows this behaviour causing the client to fail to the authentication because themechListMIC
was invalidWhen checking MIT krb5 we can see that they ignore the duplicate value when it matches what is set for
responseToken
so this behaviour is just replicated here https://github.com/krb5/krb5/blob/3f5a348287646d65700854650fe668b9c4249013/src/lib/gssapi/spnego/spnego_mech.c#L3734-L3744.Fixes https://github.com/jborean93/smbprotocol/issues/137 - where the issue was originally reported