diff options
-rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 1 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_ntlmssp.c | 9 | ||||
-rw-r--r-- | source3/smbd/seal.c | 2 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 4 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 2 | ||||
-rw-r--r-- | source3/utils/ntlm_auth.c | 4 |
7 files changed, 15 insertions, 11 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index 3e40d15569..3222d0b7ef 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -21,6 +21,7 @@ #include "../libcli/auth/spnego.h" #include "include/ntlmssp_wrap.h" #include "librpc/gen_ndr/ntlmssp.h" +#include "libcli/auth/ntlmssp.h" #include "librpc/crypto/gse.h" #include "librpc/crypto/spnego.h" diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 87362c2840..9436ca1c3f 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -333,9 +333,7 @@ NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx, NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_NTLM2 | - NTLMSSP_NEGOTIATE_KEY_EXCH | - NTLMSSP_NEGOTIATE_SIGN | - NTLMSSP_NEGOTIATE_SEAL; + NTLMSSP_NEGOTIATE_KEY_EXCH; ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); if (!ntlmssp_state->server.netbios_name) { diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c index 87c8e0bece..fd5b820143 100644 --- a/source3/rpc_server/dcesrv_ntlmssp.c +++ b/source3/rpc_server/dcesrv_ntlmssp.c @@ -43,17 +43,12 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, return status; } - /* Clear flags, then set them according to requested flags */ - auth_ntlmssp_and_flags(a, ~(NTLMSSP_NEGOTIATE_SIGN | - NTLMSSP_NEGOTIATE_SEAL)); - if (do_sign) { - auth_ntlmssp_or_flags(a, NTLMSSP_NEGOTIATE_SIGN); + auth_ntlmssp_want_feature(a, NTLMSSP_FEATURE_SIGN); } if (do_seal) { /* Always implies both sign and seal for ntlmssp */ - auth_ntlmssp_or_flags(a, NTLMSSP_NEGOTIATE_SIGN | - NTLMSSP_NEGOTIATE_SEAL); + auth_ntlmssp_want_feature(a, NTLMSSP_FEATURE_SEAL); } status = auth_ntlmssp_update(a, mem_ctx, *token_in, token_out); diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 5481e52fe0..12672681fe 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -92,6 +92,8 @@ static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address, return nt_status_squash(status); } + auth_ntlmssp_want_feature(ec->auth_ntlmssp_state, NTLMSSP_FEATURE_SEAL); + /* * We must remember to update the pointer copy for the common * functions after any auth_ntlmssp_start/auth_ntlmssp_end. diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index b1fed41e8e..1eb4708994 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -633,8 +633,10 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } + auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), - secblob, &chal); + secblob, &chal); data_blob_free(&secblob); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 320a707758..40f98ce45f 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -392,6 +392,8 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, goto out; } + auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + status = auth_ntlmssp_update(session->auth_ntlmssp_state, talloc_tos(), secblob_in, diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 3a99a8c1bf..9cd47d0611 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -737,6 +737,10 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(struct ntlmssp_state **ntlmssp_st return status; } + (*ntlmssp_state)->neg_flags |= + (NTLMSSP_NEGOTIATE_SIGN | + NTLMSSP_NEGOTIATE_SEAL); + /* Have we been given a local password, or should we ask winbind? */ if (opt_password) { (*ntlmssp_state)->check_password = local_pw_check; |