summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/librpc/crypto/cli_spnego.c1
-rw-r--r--source3/libsmb/ntlmssp.c4
-rw-r--r--source3/rpc_server/dcesrv_ntlmssp.c9
-rw-r--r--source3/smbd/seal.c2
-rw-r--r--source3/smbd/sesssetup.c4
-rw-r--r--source3/smbd/smb2_sesssetup.c2
-rw-r--r--source3/utils/ntlm_auth.c4
7 files changed, 15 insertions, 11 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 3e40d15569..3222d0b7ef 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -21,6 +21,7 @@
#include "../libcli/auth/spnego.h"
#include "include/ntlmssp_wrap.h"
#include "librpc/gen_ndr/ntlmssp.h"
+#include "libcli/auth/ntlmssp.h"
#include "librpc/crypto/gse.h"
#include "librpc/crypto/spnego.h"
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 87362c2840..9436ca1c3f 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -333,9 +333,7 @@ NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_NTLM2 |
- NTLMSSP_NEGOTIATE_KEY_EXCH |
- NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL;
+ NTLMSSP_NEGOTIATE_KEY_EXCH;
ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
if (!ntlmssp_state->server.netbios_name) {
diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c
index 87c8e0bece..fd5b820143 100644
--- a/source3/rpc_server/dcesrv_ntlmssp.c
+++ b/source3/rpc_server/dcesrv_ntlmssp.c
@@ -43,17 +43,12 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
return status;
}
- /* Clear flags, then set them according to requested flags */
- auth_ntlmssp_and_flags(a, ~(NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL));
-
if (do_sign) {
- auth_ntlmssp_or_flags(a, NTLMSSP_NEGOTIATE_SIGN);
+ auth_ntlmssp_want_feature(a, NTLMSSP_FEATURE_SIGN);
}
if (do_seal) {
/* Always implies both sign and seal for ntlmssp */
- auth_ntlmssp_or_flags(a, NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL);
+ auth_ntlmssp_want_feature(a, NTLMSSP_FEATURE_SEAL);
}
status = auth_ntlmssp_update(a, mem_ctx, *token_in, token_out);
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 5481e52fe0..12672681fe 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -92,6 +92,8 @@ static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
return nt_status_squash(status);
}
+ auth_ntlmssp_want_feature(ec->auth_ntlmssp_state, NTLMSSP_FEATURE_SEAL);
+
/*
* We must remember to update the pointer copy for the common
* functions after any auth_ntlmssp_start/auth_ntlmssp_end.
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b1fed41e8e..1eb4708994 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -633,8 +633,10 @@ static void reply_spnego_negotiate(struct smb_request *req,
return;
}
+ auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
- secblob, &chal);
+ secblob, &chal);
data_blob_free(&secblob);
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 320a707758..40f98ce45f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -392,6 +392,8 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
goto out;
}
+ auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
talloc_tos(),
secblob_in,
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 3a99a8c1bf..9cd47d0611 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -737,6 +737,10 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(struct ntlmssp_state **ntlmssp_st
return status;
}
+ (*ntlmssp_state)->neg_flags |=
+ (NTLMSSP_NEGOTIATE_SIGN |
+ NTLMSSP_NEGOTIATE_SEAL);
+
/* Have we been given a local password, or should we ask winbind? */
if (opt_password) {
(*ntlmssp_state)->check_password = local_pw_check;