Additional fix for #8256 : the case when server doesn't return error immediately after connect.

hvlad · hvlad · commit 2260537777e5 · 2024-10-05T12:40:15.000+03:00
diff --git a/src/remote/client/interface.cpp b/src/remote/client/interface.cpp
@@ -7416,6 +7416,7 @@ static rem_port* analyze(ClntAuthBlock& cBlock, PathName& attach_name, unsigned
 	while (true)
 	{
 		authenticateStep0(cBlock);
+		const NoCaseString savePluginName(cBlock.plugins.name());
 
 		try
 		{
@@ -7503,6 +7504,38 @@ static rem_port* analyze(ClntAuthBlock& cBlock, PathName& attach_name, unsigned
 				}
 			}
 
+#ifdef TRUSTED_AUTH
+			if (port && !legacySSP)
+			{
+				const PACKET& const packet = port->port_context->rdb_packet;
+				if (port->port_protocol < PROTOCOL_VERSION13 && packet.p_operation == op_accept)
+				{
+					// old server supports legacy SSP only
+					legacySSP = true;
+				}
+				else if (port->port_protocol >= PROTOCOL_VERSION13 && packet.p_operation == op_accept_data)
+				{
+					// more recent server reports if it supports non-legacy SSP
+					legacySSP = !(packet.p_acpd.p_acpt_type & pflag_win_sspi_nego);
+				}
+				else
+					break;
+
+				Auth::setLegacySSP(legacySSP);
+
+				if (legacySSP && savePluginName == "WIN_SSPI")
+				{
+					// reinitialize Win_SSPI plugin and send new data
+					attach_name = save_attach_name;
+
+					cBlock.plugins.set(savePluginName.c_str());
+
+					disconnect(port, false);
+					continue;
+				}
+			}
+#endif
+
 			break;
 		}
 		catch (const Exception&)
diff --git a/src/remote/protocol.h b/src/remote/protocol.h
@@ -136,7 +136,8 @@ const USHORT ptype_lazy_send	= 5;	// Deferred packets delivery
 const USHORT ptype_MASK			= 0xFF;	// Mask - up to 255 types of protocol
 //
 // upper byte is used for protocol flags
-const USHORT pflag_compress		= 0x100;	// Turn on compression if possible
+const USHORT pflag_compress			= 0x100;	// Turn on compression if possible
+const USHORT pflag_win_sspi_nego	= 0x200;	// Win_SSPI supports Negotiate security package
 
 // Generic object id
 
diff --git a/src/remote/server/server.cpp b/src/remote/server/server.cpp
@@ -1960,6 +1960,9 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
 	send->p_acpd.p_acpt_version = port->port_protocol = version;
 	send->p_acpd.p_acpt_architecture = architecture;
 	send->p_acpd.p_acpt_type = type | (compress ? pflag_compress : 0);
+#ifdef TRUSTED_AUTH
+	send->p_acpd.p_acpt_type |= pflag_win_sspi_nego;
+#endif
 	send->p_acpd.p_acpt_authenticated = 0;
 
 	send->p_acpt.p_acpt_version = port->port_protocol = version;
