summaryrefslogtreecommitdiff
path: root/source3/utils/ntlm_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils/ntlm_auth.c')
-rw-r--r--source3/utils/ntlm_auth.c71
1 files changed, 37 insertions, 34 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index da41f9dd08..5154744ed1 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -410,6 +410,9 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode,
NTSTATUS status;
ssize_t len;
+ char *user = NULL;
+ char *domain = NULL;
+
const char *reply_code;
char *reply_base64;
pstring reply_argument;
@@ -470,39 +473,35 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode,
return;
}
- if ( strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) != 0 ) {
- DEBUG(1, ("Client did not choose NTLMSSP but %s\n",
- request.negTokenInit.mechTypes[0]));
- x_fprintf(x_stdout, "BH\n");
- return;
- }
+ if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) {
- if ( request.negTokenInit.mechToken.data == NULL ) {
- DEBUG(1, ("Client did not provide NTLMSSP data\n"));
- x_fprintf(x_stdout, "BH\n");
- return;
- }
+ if ( request.negTokenInit.mechToken.data == NULL ) {
+ DEBUG(1, ("Client did not provide NTLMSSP data\n"));
+ x_fprintf(x_stdout, "BH\n");
+ return;
+ }
- if ( ntlmssp_state != NULL ) {
- DEBUG(1, ("Client wants a new NTLMSSP challenge, but "
- "already got one\n"));
- x_fprintf(x_stdout, "BH\n");
- ntlmssp_server_end(&ntlmssp_state);
- return;
- }
+ if ( ntlmssp_state != NULL ) {
+ DEBUG(1, ("Client wants a new NTLMSSP challenge, but "
+ "already got one\n"));
+ x_fprintf(x_stdout, "BH\n");
+ ntlmssp_server_end(&ntlmssp_state);
+ return;
+ }
- ntlmssp_server_start(&ntlmssp_state);
- ntlmssp_state->check_password = winbind_pw_check;
- ntlmssp_state->get_domain = get_winbind_domain;
- ntlmssp_state->get_global_myname = get_winbind_netbios_name;
+ ntlmssp_server_start(&ntlmssp_state);
+ ntlmssp_state->check_password = winbind_pw_check;
+ ntlmssp_state->get_domain = get_winbind_domain;
+ ntlmssp_state->get_global_myname = get_winbind_netbios_name;
- DEBUG(10, ("got NTLMSSP packet:\n"));
- dump_data(10, request.negTokenInit.mechToken.data,
- request.negTokenInit.mechToken.length);
+ DEBUG(10, ("got NTLMSSP packet:\n"));
+ dump_data(10, request.negTokenInit.mechToken.data,
+ request.negTokenInit.mechToken.length);
- status = ntlmssp_server_update(ntlmssp_state,
- request.negTokenInit.mechToken,
- &response.negTokenTarg.responseToken);
+ status = ntlmssp_server_update(ntlmssp_state,
+ request.negTokenInit.mechToken,
+ &response.negTokenTarg.responseToken);
+ }
} else {
@@ -517,6 +516,12 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode,
status = ntlmssp_server_update(ntlmssp_state,
request.negTokenTarg.responseToken,
&response.negTokenTarg.responseToken);
+
+ if (NT_STATUS_IS_OK(status)) {
+ user = strdup(ntlmssp_state->user);
+ domain = strdup(ntlmssp_state->domain);
+ ntlmssp_server_end(&ntlmssp_state);
+ }
}
free_spnego_data(&request);
@@ -528,8 +533,7 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode,
if (NT_STATUS_IS_OK(status)) {
response.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED;
reply_code = "AF";
- pstr_sprintf(reply_argument, "%s\\%s",
- ntlmssp_state->domain, ntlmssp_state->user);
+ pstr_sprintf(reply_argument, "%s\\%s", domain, user);
} else if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
response.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE;
@@ -541,6 +545,9 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode,
pstrcpy(reply_argument, nt_errstr(status));
}
+ SAFE_FREE(user);
+ SAFE_FREE(domain);
+
len = write_spnego_data(&token, &response);
free_spnego_data(&response);
@@ -558,10 +565,6 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode,
SAFE_FREE(reply_base64);
data_blob_free(&token);
- if (NT_STATUS_IS_OK(status)) {
- ntlmssp_server_end(&ntlmssp_state);
- }
-
return;
}