diff options
Diffstat (limited to 'source3/smbd/sesssetup.c')
| -rw-r--r-- | source3/smbd/sesssetup.c | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 1eb4708994..20b31096b0 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -624,8 +624,8 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } - status = auth_ntlmssp_start(sconn->remote_address, - auth_ntlmssp_state); + status = auth_ntlmssp_prepare(sconn->remote_address, + auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -635,6 +635,14 @@ static void reply_spnego_negotiate(struct smb_request *req, auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + status = auth_ntlmssp_start(*auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + reply_nterror(req, nt_status_squash(status)); + return; + } + status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), secblob, &chal); @@ -728,8 +736,18 @@ static void reply_spnego_auth(struct smb_request *req, data_blob_free(&secblob); if (!*auth_ntlmssp_state) { - status = auth_ntlmssp_start(sconn->remote_address, - auth_ntlmssp_state); + status = auth_ntlmssp_prepare(sconn->remote_address, + auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + reply_nterror(req, nt_status_squash(status)); + return; + } + + auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + + status = auth_ntlmssp_start(*auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); @@ -1141,8 +1159,19 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) DATA_BLOB chal; if (!vuser->auth_ntlmssp_state) { - status = auth_ntlmssp_start(sconn->remote_address, - &vuser->auth_ntlmssp_state); + status = auth_ntlmssp_prepare(sconn->remote_address, + &vuser->auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + data_blob_free(&blob1); + reply_nterror(req, nt_status_squash(status)); + return; + } + + auth_ntlmssp_want_feature(vuser->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + + status = auth_ntlmssp_start(vuser->auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { /* Kill the intermediate vuid */ invalidate_vuid(sconn, vuid); |