s3-ntlmssp Split auth_ntlmssp_start into two functions

This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

1 files changed, 35 insertions, 6 deletions

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1eb4708994..20b31096b0 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -624,8 +624,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
 		return;
 	}
 
-	status = auth_ntlmssp_start(sconn->remote_address,
-				    auth_ntlmssp_state);
+	status = auth_ntlmssp_prepare(sconn->remote_address,
+				      auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
 		invalidate_vuid(sconn, vuid);
@@ -635,6 +635,14 @@ static void reply_spnego_negotiate(struct smb_request *req,
 
 	auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
 
+	status = auth_ntlmssp_start(*auth_ntlmssp_state);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* Kill the intermediate vuid */
+		invalidate_vuid(sconn, vuid);
+		reply_nterror(req, nt_status_squash(status));
+		return;
+	}
+
 	status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
 					secblob, &chal);
 
@@ -728,8 +736,18 @@ static void reply_spnego_auth(struct smb_request *req,
 	data_blob_free(&secblob);
 
 	if (!*auth_ntlmssp_state) {
-		status = auth_ntlmssp_start(sconn->remote_address,
-					    auth_ntlmssp_state);
+		status = auth_ntlmssp_prepare(sconn->remote_address,
+					      auth_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			/* Kill the intermediate vuid */
+			invalidate_vuid(sconn, vuid);
+			reply_nterror(req, nt_status_squash(status));
+			return;
+		}
+
+		auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+		status = auth_ntlmssp_start(*auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			/* Kill the intermediate vuid */
 			invalidate_vuid(sconn, vuid);
@@ -1141,8 +1159,19 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 		DATA_BLOB chal;
 
 		if (!vuser->auth_ntlmssp_state) {
-			status = auth_ntlmssp_start(sconn->remote_address,
-						    &vuser->auth_ntlmssp_state);
+			status = auth_ntlmssp_prepare(sconn->remote_address,
+						      &vuser->auth_ntlmssp_state);
+			if (!NT_STATUS_IS_OK(status)) {
+				/* Kill the intermediate vuid */
+				invalidate_vuid(sconn, vuid);
+				data_blob_free(&blob1);
+				reply_nterror(req, nt_status_squash(status));
+				return;
+			}
+
+			auth_ntlmssp_want_feature(vuser->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+			status = auth_ntlmssp_start(vuser->auth_ntlmssp_state);
 			if (!NT_STATUS_IS_OK(status)) {
 				/* Kill the intermediate vuid */
 				invalidate_vuid(sconn, vuid);