summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_ntlmssp.c25
1 files changed, 16 insertions, 9 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index aa7998cf63..af3a6f3827 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -26,12 +26,13 @@
#include "../librpc/gen_ndr/netlogon.h"
NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state,
- struct auth_serversupplied_info **server_info)
+ struct auth_ntlmssp_state *auth_ntlmssp_state,
+ struct auth_serversupplied_info **server_info)
{
/* Free the current server_info user_session_key and reset it from the
* current ntlmssp_state session_key */
data_blob_free(&auth_ntlmssp_state->server_info->user_session_key);
+ /* Set up the final session key for the connection */
auth_ntlmssp_state->server_info->user_session_key =
data_blob_talloc(
auth_ntlmssp_state->server_info,
@@ -105,7 +106,8 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state,
* Return the session keys used on the connection.
*/
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
struct auth_ntlmssp_state *auth_ntlmssp_state =
(struct auth_ntlmssp_state *)ntlmssp_state->callback_private;
@@ -160,19 +162,24 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
return nt_status;
}
+ /* Clear out the session keys, and pass them to the caller.
+ * They will not be used in this form again - instead the
+ * NTLMSSP code will decide on the final correct session key,
+ * and put it back here at the end of
+ * auth_ntlmssp_steal_server_info */
if (auth_ntlmssp_state->server_info->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
(unsigned int)auth_ntlmssp_state->server_info->user_session_key.length));
- *user_session_key = data_blob_talloc(auth_ntlmssp_state,
- auth_ntlmssp_state->server_info->user_session_key.data,
- auth_ntlmssp_state->server_info->user_session_key.length);
+ *user_session_key = auth_ntlmssp_state->server_info->user_session_key;
+ talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->user_session_key.data);
+ auth_ntlmssp_state->server_info->user_session_key = data_blob_null;
}
if (auth_ntlmssp_state->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned int)auth_ntlmssp_state->server_info->lm_session_key.length));
- *lm_session_key = data_blob_talloc(auth_ntlmssp_state,
- auth_ntlmssp_state->server_info->lm_session_key.data,
- auth_ntlmssp_state->server_info->lm_session_key.length);
+ *lm_session_key = auth_ntlmssp_state->server_info->lm_session_key;
+ talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->lm_session_key.data);
+ auth_ntlmssp_state->server_info->lm_session_key = data_blob_null;
}
return nt_status;
}