summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-11-25 11:25:38 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-11-25 11:25:38 +0000
commit1b6e6c98ba7175afb994a531bec06a7845950ff3 (patch)
tree780878b5213b46c18c068dcb7d089fa4071ba0ae
parentb4feed1e505d564a0cf355bc6166b622dd044194 (diff)
downloadsamba-1b6e6c98ba7175afb994a531bec06a7845950ff3.tar.gz
samba-1b6e6c98ba7175afb994a531bec06a7845950ff3.tar.bz2
samba-1b6e6c98ba7175afb994a531bec06a7845950ff3.zip
Do not add NTLM2 to the NTLMSSP flags unconditionally - allow the
defaults specified by the caller to prevail. Don't use NTLM2 for RPC pipes, until we know how it works in signing or sealing. Call ntlmssp_sign_init() unconditionally in the client - we setup the session key, why not setup the rest of the data. Andrew Bartlett (This used to be commit 48123f7e42c3fde85887de23c80ceee04c2f6281)
-rw-r--r--source3/libsmb/ntlmssp.c8
-rw-r--r--source3/rpc_client/cli_pipe.c12
2 files changed, 10 insertions, 10 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index a0da1efcc1..d361196047 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -774,8 +774,6 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
-
/* generate the ntlmssp negotiate packet */
msrpc_gen(next_request, "CddAA",
"NTLMSSP",
@@ -812,6 +810,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB nt_response = data_blob(NULL, 0);
DATA_BLOB session_key = data_blob(NULL, 0);
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
+ NTSTATUS nt_status;
if (!msrpc_parse(&reply, "CdBd",
"NTLMSSP",
@@ -1002,6 +1001,11 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->expected_state = NTLMSSP_UNKNOWN;
+ if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
+ DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", nt_errstr(nt_status)));
+ return nt_status;
+ }
+
return NT_STATUS_MORE_PROCESSING_REQUIRED;
}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 7517777920..49abf787ee 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -822,14 +822,6 @@ static NTSTATUS create_rpc_bind_resp(struct cli_state *cli,
return NT_STATUS_NO_MEMORY;
}
- if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
- nt_status = ntlmssp_sign_init(cli->ntlmssp_pipe_state);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
- }
-
data_blob_free(&ntlmssp_reply);
return NT_STATUS_OK;
}
@@ -1336,6 +1328,10 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_na
if (!NT_STATUS_IS_OK(nt_status))
return False;
+ /* Currently the NTLMSSP code does not implement NTLM2 correctly for signing or sealing */
+
+ cli->ntlmssp_pipe_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
+
nt_status = ntlmssp_set_username(cli->ntlmssp_pipe_state,
cli->user_name);
if (!NT_STATUS_IS_OK(nt_status))