summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-09-13 21:51:52 +0200
committerStefan Metzmacher <metze@samba.org>2011-09-15 12:12:28 +0200
commit935eb488774bfb76e05b87d94c8ccd4c07f6608f (patch)
tree01da33abe2d2f5f8aca1b275be494e58f4ba26c8
parentbc72a9c169dbaab1dd078e61c9cc1ee06e2b2995 (diff)
downloadsamba-935eb488774bfb76e05b87d94c8ccd4c07f6608f.tar.gz
samba-935eb488774bfb76e05b87d94c8ccd4c07f6608f.tar.bz2
samba-935eb488774bfb76e05b87d94c8ccd4c07f6608f.zip
s3:auth_server: make use of cli_state_server_challenge()
metze
-rw-r--r--source3/auth/auth_server.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 1df085321a..8a9e5cdf20 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -231,6 +231,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
if (cli) {
uint16_t sec_mode = cli_state_security_mode(cli);
+ const uint8_t *server_challenge = cli_state_server_challenge(cli);
DEBUG(3,("using password server validation\n"));
@@ -244,11 +245,6 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
*my_private_data =
(void *)make_server_security_state(cli);
return data_blob_null;
- } else if (cli->secblob.length < 8) {
- /* We can't do much if we don't get a full challenge */
- DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n"));
- cli_shutdown(cli);
- return data_blob_null;
}
if (!(*my_private_data = (void *)make_server_security_state(cli))) {
@@ -257,7 +253,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
/* The return must be allocated on the caller's mem_ctx, as our own will be
destoyed just after the call. */
- return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), cli->secblob.data,8);
+ return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), server_challenge ,8);
} else {
return data_blob_null;
}
@@ -313,7 +309,9 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
return NT_STATUS_LOGON_FAILURE;
}
} else {
- if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) {
+ const uint8_t *server_challenge = cli_state_server_challenge(cli);
+
+ if (memcmp(server_challenge, auth_context->challenge.data, 8) != 0) {
DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli_state_remote_name(cli)));
return NT_STATUS_LOGON_FAILURE;
}