diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-26 10:19:54 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-03 18:48:04 +1000 |
commit | 8b983d232648944c18fe878a3ace0f58658ec24d (patch) | |
tree | 02555b34ad4f949ea300edf4a244ed9e471e5e5f /source3/smbd/sesssetup.c | |
parent | 902df836807b700b2d27877f2fa5284930df3ff7 (diff) | |
download | samba-8b983d232648944c18fe878a3ace0f58658ec24d.tar.gz samba-8b983d232648944c18fe878a3ace0f58658ec24d.tar.bz2 samba-8b983d232648944c18fe878a3ace0f58658ec24d.zip |
s3-ntlmssp Split auth_ntlmssp_start into two functions
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/smbd/sesssetup.c')
-rw-r--r-- | source3/smbd/sesssetup.c | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 1eb4708994..20b31096b0 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -624,8 +624,8 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } - status = auth_ntlmssp_start(sconn->remote_address, - auth_ntlmssp_state); + status = auth_ntlmssp_prepare(sconn->remote_address, + auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -635,6 +635,14 @@ static void reply_spnego_negotiate(struct smb_request *req, auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + status = auth_ntlmssp_start(*auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + reply_nterror(req, nt_status_squash(status)); + return; + } + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), secblob, &chal); @@ -728,8 +736,18 @@ static void reply_spnego_auth(struct smb_request *req, data_blob_free(&secblob); if (!*auth_ntlmssp_state) { - status = auth_ntlmssp_start(sconn->remote_address, - auth_ntlmssp_state); + status = auth_ntlmssp_prepare(sconn->remote_address, + auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + reply_nterror(req, nt_status_squash(status)); + return; + } + + auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + + status = auth_ntlmssp_start(*auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -1141,8 +1159,19 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) DATA_BLOB chal; if (!vuser->auth_ntlmssp_state) { - status = auth_ntlmssp_start(sconn->remote_address, - &vuser->auth_ntlmssp_state); + status = auth_ntlmssp_prepare(sconn->remote_address, + &vuser->auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + data_blob_free(&blob1); + reply_nterror(req, nt_status_squash(status)); + return; + } + + auth_ntlmssp_want_feature(vuser->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + + status = auth_ntlmssp_start(vuser->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); |