diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-12-04 04:16:16 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-12-04 04:16:16 +0000 |
commit | 88dad93acb6b2c62ae08d27752ed6b4ab87e7ad0 (patch) | |
tree | 3611063b15b0619f407bd182e44fbc0544b3e16d /source3 | |
parent | ffcb57e1bed30ed3f35f034a763ffe4f6aabb688 (diff) | |
download | samba-88dad93acb6b2c62ae08d27752ed6b4ab87e7ad0.tar.gz samba-88dad93acb6b2c62ae08d27752ed6b4ab87e7ad0.tar.bz2 samba-88dad93acb6b2c62ae08d27752ed6b4ab87e7ad0.zip |
Picked up by the build farm - despite all my efforts, security=server was
broken by my NTLM2 commit. This should correctly cause the NTLM2 case
not to be negotiated when 'security=server' is in effect.
Andrew Bartlett
(This used to be commit 19bb4b582f98eb1da41e22c9a2a2c11602cb95e4)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/ntlmssp.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index d361196047..ca1aa67403 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -340,7 +340,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) { ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; } if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) { @@ -403,13 +402,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth()); - chal_flags = ntlmssp_state->neg_flags; - - target_name = ntlmssp_target_name(ntlmssp_state, - neg_flags, &chal_flags); - if (target_name == NULL) - return NT_STATUS_INVALID_PARAMETER; - /* Ask our caller what challenge they would like in the packet */ cryptkey = ntlmssp_state->get_challenge(ntlmssp_state); @@ -418,6 +410,19 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; } + /* The flags we send back are not just the negotiated flags, + * they are also 'what is in this packet'. Therfore, we + * operate on 'chal_flags' from here on + */ + + chal_flags = ntlmssp_state->neg_flags; + + /* get the right name to fill in as 'target' */ + target_name = ntlmssp_target_name(ntlmssp_state, + neg_flags, &chal_flags); + if (target_name == NULL) + return NT_STATUS_INVALID_PARAMETER; + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); |