diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-09-13 21:51:52 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-09-15 12:12:28 +0200 |
| commit | 935eb488774bfb76e05b87d94c8ccd4c07f6608f (patch) | |
| tree | 01da33abe2d2f5f8aca1b275be494e58f4ba26c8 /source3 | |
| parent | bc72a9c169dbaab1dd078e61c9cc1ee06e2b2995 (diff) | |
| download | samba-935eb488774bfb76e05b87d94c8ccd4c07f6608f.tar.gz samba-935eb488774bfb76e05b87d94c8ccd4c07f6608f.tar.bz2 samba-935eb488774bfb76e05b87d94c8ccd4c07f6608f.zip | |
s3:auth_server: make use of cli_state_server_challenge()
metze
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_server.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 1df085321a..8a9e5cdf20 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -231,6 +231,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte if (cli) { uint16_t sec_mode = cli_state_security_mode(cli); + const uint8_t *server_challenge = cli_state_server_challenge(cli); DEBUG(3,("using password server validation\n")); @@ -244,11 +245,6 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte *my_private_data = (void *)make_server_security_state(cli); return data_blob_null; - } else if (cli->secblob.length < 8) { - /* We can't do much if we don't get a full challenge */ - DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n")); - cli_shutdown(cli); - return data_blob_null; } if (!(*my_private_data = (void *)make_server_security_state(cli))) { @@ -257,7 +253,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte /* The return must be allocated on the caller's mem_ctx, as our own will be destoyed just after the call. */ - return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), cli->secblob.data,8); + return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), server_challenge ,8); } else { return data_blob_null; } @@ -313,7 +309,9 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context return NT_STATUS_LOGON_FAILURE; } } else { - if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) { + const uint8_t *server_challenge = cli_state_server_challenge(cli); + + if (memcmp(server_challenge, auth_context->challenge.data, 8) != 0) { DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli_state_remote_name(cli))); return NT_STATUS_LOGON_FAILURE; } |