Fix ntlm_auth handling to accept AF in auth reply

This is what it should have been giving all along, if it weren't for Samba bug #10691. Also report the error better if we do get one. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Aug 5, 2014 · e5fedab · e5fedab
1 parent 260bbb9
commit e5fedab
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/ntlm.c b/ntlm.c
@@ -232,12 +232,16 @@ static int ntlm_helper_challenge(struct openconnect_info *vpninfo, struct oc_tex
 		  strlen(vpninfo->auth[AUTH_TYPE_NTLM].challenge)) != strlen(vpninfo->auth[AUTH_TYPE_NTLM].challenge) ||
 	    write(vpninfo->ntlm_helper_fd, "\n", 1) != 1) {
 	err:
+		vpn_progress(vpninfo, PRG_ERR, _("Error communicating with ntlm_auth helper\n"));
 		close(vpninfo->ntlm_helper_fd);
 		vpninfo->ntlm_helper_fd = -1;
 		return -EAGAIN;
 	}
 	len = read(vpninfo->ntlm_helper_fd, helperbuf, sizeof(helperbuf));
-	if (len < 4 || helperbuf[0] != 'K' || helperbuf[1] != 'K' ||
+	/* Accept both 'KK' and 'AF'. It should be the latter but see
+	   https://bugzilla.samba.org/show_bug.cgi?id=10691 */
+	if (len < 4 || (!(helperbuf[0] == 'K' && helperbuf[1] == 'K') &&
+			!(helperbuf[0] == 'A' && helperbuf[1] == 'F')) ||
 	    helperbuf[2] != ' ' || helperbuf[len - 1] != '\n') {
 		goto err;
 	}