summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/ntlmssp_sign.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-25 02:25:20 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:58:19 -0500
commitfa5a99b7a6e4f9bffa82eed1393e8e5e1f6404dc (patch)
tree608b29fcba6b323474690cd4adcc7f2a4bb5b117 /source4/libcli/auth/ntlmssp_sign.c
parentb13a9a8f98469fffe0db4cce7e077390d35984a3 (diff)
downloadsamba-fa5a99b7a6e4f9bffa82eed1393e8e5e1f6404dc.tar.gz
samba-fa5a99b7a6e4f9bffa82eed1393e8e5e1f6404dc.tar.bz2
samba-fa5a99b7a6e4f9bffa82eed1393e8e5e1f6404dc.zip
r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
Diffstat (limited to 'source4/libcli/auth/ntlmssp_sign.c')
-rw-r--r--source4/libcli/auth/ntlmssp_sign.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 80ce1cccc0..6c770b87b9 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -178,6 +178,11 @@ NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
return NT_STATUS_NO_USER_SESSION_KEY;
}
+ if (!ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+ DEBUG(3, ("NTLMSSP Signing not negotiated - cannot sign packet!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx,
data, length, NTLMSSP_SEND, sig);
@@ -268,6 +273,11 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
return NT_STATUS_NO_USER_SESSION_KEY;
}
+ if (!ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+ DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
DEBUG(10,("ntlmssp_seal_data: seal\n"));
dump_data_pw("ntlmssp clear data\n", data, length);
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
generated by cgit (git 2.34.1) at 2024-08-03 08:07:02 +0000