From c1ace78ab587d544a927e9c844b29b4cc2d7603a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 23 Apr 2016 05:17:25 +0200
Subject: [PATCH] auth/gensec/spnego: handle broken mechListMIC response from
 Windows 2000

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 auth/gensec/spnego.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 1493baf..4a2e709 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1081,6 +1081,24 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 		}
 
 		if (spnego.negTokenTarg.mechListMIC.length > 0) {
+			DATA_BLOB *m = &spnego.negTokenTarg.mechListMIC;
+			const DATA_BLOB *r = &spnego.negTokenTarg.responseToken;
+
+			/*
+			 * Windows 2000 has a bug, it repeats the
+			 * responseToken in the mechListMIC field.
+			 */
+			if (m->length == r->length) {
+				int cmp;
+
+				cmp = memcmp(m->data, r->data, m->length);
+				if (cmp == 0) {
+					data_blob_free(m);
+				}
+			}
+		}
+
+		if (spnego.negTokenTarg.mechListMIC.length > 0) {
 			if (spnego_state->no_response_expected) {
 				spnego_state->needs_mic_check = true;
 			}
-- 
1.9.1