summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-01-03 06:23:02 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:15 -0500
commit8eb981c90a6094b15d4b71cc14fee4f23c713cf8 (patch)
tree4a1fe311f020c986233596799ff82699bdd999c8 /source4/libcli/auth
parentdd1c0a56b4e09454b6612923acfeef2fb4be7639 (diff)
downloadsamba-8eb981c90a6094b15d4b71cc14fee4f23c713cf8.tar.gz
samba-8eb981c90a6094b15d4b71cc14fee4f23c713cf8.tar.bz2
samba-8eb981c90a6094b15d4b71cc14fee4f23c713cf8.zip
r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.
I just need to fix a couple of NTLMv2 issues before we can fully pass, and put this in test_rpc.sh, as a 'should pass' test. Andrew Bartlett (This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
Diffstat (limited to 'source4/libcli/auth')
-rw-r--r--source4/libcli/auth/credentials.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index a61660d776..8cae71180c 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -273,6 +273,7 @@ void creds_server_init(struct creds_CredentialState *creds,
}
*initial_credential = creds->server;
+ creds->negotiate_flags = negotiate_flags;
}
/*
@@ -290,10 +291,14 @@ BOOL creds_server_check(const struct creds_CredentialState *creds,
return True;
}
-BOOL creds_server_step_check(struct creds_CredentialState *creds,
+NTSTATUS creds_server_step_check(struct creds_CredentialState *creds,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator)
{
+ if (!received_authenticator || !return_authenticator) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
/* TODO: this may allow the a replay attack on a non-signed
connection. Should we check that this is increasing? */
creds->sequence = received_authenticator->timestamp;
@@ -301,9 +306,9 @@ BOOL creds_server_step_check(struct creds_CredentialState *creds,
if (creds_server_check(creds, &received_authenticator->cred)) {
return_authenticator->cred = creds->server;
return_authenticator->timestamp = creds->sequence;
- return True;
+ return NT_STATUS_OK;
} else {
ZERO_STRUCTP(return_authenticator);
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
}