auth: Remove .get_challenge (only used for security=server)

With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.

Now that security=server has been removed, we have no such module.

This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.

Andrew Bartlett

2 files changed, 0 insertions, 11 deletions

diff --git a/auth/common_auth.h b/auth/common_auth.h
index cf21543a91..a40f7c2b3d 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -82,8 +82,6 @@ struct auth4_context {
 		/* Who set this up in the first place? */
 		const char *set_by;
 
-		bool may_be_modified;
-
 		DATA_BLOB data;
 	} challenge;
 
@@ -113,8 +111,6 @@ struct auth4_context {
 
 	NTSTATUS (*get_ntlm_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
 
-	bool (*challenge_may_be_modified)(struct auth4_context *auth_ctx);
-
 	NTSTATUS (*set_ntlm_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
 
 	NTSTATUS (*generate_session_info)(struct auth4_context *auth_context,
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index bb86c9cf20..d9bea1cde4 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -131,13 +131,6 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	/* Check if we may set the challenge */
-	if (auth_context->challenge_may_be_modified) {
-		if (!auth_context->challenge_may_be_modified(auth_context)) {
-			ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
-		}
-	}
-
 	/* The flags we send back are not just the negotiated flags,
 	 * they are also 'what is in this packet'.  Therfore, we
 	 * operate on 'chal_flags' from here on