summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/seal.c8
-rw-r--r--source3/smbd/sesssetup.c41
-rw-r--r--source3/smbd/smb2_sesssetup.c28
3 files changed, 67 insertions, 10 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 12672681fe..979c97c38a 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -86,7 +86,7 @@ bool is_encrypted_packet(const uint8_t *inbuf)
static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
struct smb_srv_trans_enc_ctx *ec)
{
- NTSTATUS status = auth_ntlmssp_start(remote_address,
+ NTSTATUS status = auth_ntlmssp_prepare(remote_address,
&ec->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
@@ -94,6 +94,12 @@ static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
auth_ntlmssp_want_feature(ec->auth_ntlmssp_state, NTLMSSP_FEATURE_SEAL);
+ status = auth_ntlmssp_start(ec->auth_ntlmssp_state);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return nt_status_squash(status);
+ }
+
/*
* We must remember to update the pointer copy for the common
* functions after any auth_ntlmssp_start/auth_ntlmssp_end.
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1eb4708994..20b31096b0 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -624,8 +624,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
return;
}
- status = auth_ntlmssp_start(sconn->remote_address,
- auth_ntlmssp_state);
+ status = auth_ntlmssp_prepare(sconn->remote_address,
+ auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -635,6 +635,14 @@ static void reply_spnego_negotiate(struct smb_request *req,
auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+ status = auth_ntlmssp_start(*auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Kill the intermediate vuid */
+ invalidate_vuid(sconn, vuid);
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+
status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
secblob, &chal);
@@ -728,8 +736,18 @@ static void reply_spnego_auth(struct smb_request *req,
data_blob_free(&secblob);
if (!*auth_ntlmssp_state) {
- status = auth_ntlmssp_start(sconn->remote_address,
- auth_ntlmssp_state);
+ status = auth_ntlmssp_prepare(sconn->remote_address,
+ auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Kill the intermediate vuid */
+ invalidate_vuid(sconn, vuid);
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+
+ auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+ status = auth_ntlmssp_start(*auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -1141,8 +1159,19 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
DATA_BLOB chal;
if (!vuser->auth_ntlmssp_state) {
- status = auth_ntlmssp_start(sconn->remote_address,
- &vuser->auth_ntlmssp_state);
+ status = auth_ntlmssp_prepare(sconn->remote_address,
+ &vuser->auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Kill the intermediate vuid */
+ invalidate_vuid(sconn, vuid);
+ data_blob_free(&blob1);
+ reply_nterror(req, nt_status_squash(status));
+ return;
+ }
+
+ auth_ntlmssp_want_feature(vuser->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+ status = auth_ntlmssp_start(vuser->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 40f98ce45f..7bc8692758 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -386,7 +386,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
status = NT_STATUS_MORE_PROCESSING_REQUIRED;
} else {
/* Fall back to NTLMSSP. */
- status = auth_ntlmssp_start(session->sconn->remote_address,
+ status = auth_ntlmssp_prepare(session->sconn->remote_address,
&session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto out;
@@ -394,6 +394,11 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+ status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
talloc_tos(),
secblob_in,
@@ -577,13 +582,22 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
}
if (session->auth_ntlmssp_state == NULL) {
- status = auth_ntlmssp_start(session->sconn->remote_address,
+ status = auth_ntlmssp_prepare(session->sconn->remote_address,
&session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&auth);
TALLOC_FREE(session);
return status;
}
+
+ auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+ status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ data_blob_free(&auth);
+ TALLOC_FREE(session);
+ return status;
+ }
}
status = auth_ntlmssp_update(session->auth_ntlmssp_state,
@@ -642,12 +656,20 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
NTSTATUS status;
if (session->auth_ntlmssp_state == NULL) {
- status = auth_ntlmssp_start(session->sconn->remote_address,
+ status = auth_ntlmssp_prepare(session->sconn->remote_address,
&session->auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;
}
+
+ auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+ status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(session);
+ return status;
+ }
}
/* RAW NTLMSSP */