diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-09-13 16:45:38 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-09-13 18:12:23 +0200 |
commit | 9a855dd5d9d042f4dd93e8fd43c50176e99a4c0e (patch) | |
tree | 192f9bb56fa2749e98c388eaee5df35ffda18a81 /source3/auth | |
parent | fbd5cb5835fa2c2aa8c859ac6a2ba4f414cc6baf (diff) | |
download | samba-9a855dd5d9d042f4dd93e8fd43c50176e99a4c0e.tar.gz samba-9a855dd5d9d042f4dd93e8fd43c50176e99a4c0e.tar.bz2 samba-9a855dd5d9d042f4dd93e8fd43c50176e99a4c0e.zip |
s3:auth_server: make use of cli_state_security_mode()
metze
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth_server.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 1cc252400b..04b46737a2 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -45,6 +45,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) NTSTATUS status; /* security = server just can't function with spnego */ int flags = CLI_FULL_CONNECTION_DONT_SPNEGO; + uint16_t sec_mode = 0; pserver = talloc_strdup(mem_ctx, lp_passwordserver()); p = pserver; @@ -115,8 +116,9 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return NULL; } + sec_mode = cli_state_security_mode(cli); if (cli_state_protocol(cli) < PROTOCOL_LANMAN2 || - !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { + !(sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { TALLOC_FREE(mutex); DEBUG(1,("%s isn't in user level security mode\n",desthost)); cli_shutdown(cli); @@ -228,9 +230,11 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte struct cli_state *cli = server_cryptkey(mem_ctx); if (cli) { + uint16_t sec_mode = cli_state_security_mode(cli); + DEBUG(3,("using password server validation\n")); - if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { + if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { /* We can't work with unencrypted password servers unless 'encrypt passwords = no' */ DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); @@ -277,6 +281,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; bool locally_made_cli = False; + uint16_t sec_mode = 0; DEBUG(10, ("check_smbserver_security: Check auth for: [%s]\n", user_info->mapped.account_name)); @@ -301,7 +306,8 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context return NT_STATUS_LOGON_FAILURE; } - if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { + sec_mode = cli_state_security_mode(cli); + if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { if (user_info->password_state != AUTH_PASSWORD_PLAIN) { DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli_state_remote_name(cli))); return NT_STATUS_LOGON_FAILURE; |