diff options
Diffstat (limited to 'source4/auth/ntlmssp')
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 9d6a897c69..8f7aa6e941 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -220,6 +220,11 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, return NT_STATUS_MORE_PROCESSING_REQUIRED; } +struct ntlmssp_server_auth_state { + DATA_BLOB user_session_key; + DATA_BLOB lm_session_key; +}; + /** * Next state function for the Authenticate packet * @@ -229,6 +234,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, */ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state, + struct ntlmssp_server_auth_state *state, const DATA_BLOB request) { uint32_t ntlmssp_command, auth_flags; @@ -384,13 +390,14 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state, */ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, - DATA_BLOB *user_session_key, - DATA_BLOB *lm_session_key) + struct ntlmssp_server_auth_state *state) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; + DATA_BLOB *user_session_key = &state->user_session_key; + DATA_BLOB *lm_session_key = &state->lm_session_key; NTSTATUS nt_status; DATA_BLOB session_key = data_blob(NULL, 0); @@ -536,15 +543,20 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - DATA_BLOB user_session_key = data_blob_null; - DATA_BLOB lm_session_key = data_blob_null; + struct ntlmssp_server_auth_state *state; NTSTATUS nt_status; /* zero the outbound NTLMSSP packet */ *out = data_blob_null; - nt_status = ntlmssp_server_preauth(ntlmssp_state, in); + state = talloc_zero(ntlmssp_state, struct ntlmssp_server_auth_state); + if (state == NULL) { + return NT_STATUS_NO_MEMORY; + } + + nt_status = ntlmssp_server_preauth(ntlmssp_state, state, in); if (!NT_STATUS_IS_OK(nt_status)) { + TALLOC_FREE(state); return nt_status; } @@ -557,19 +569,20 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, /* Finally, actually ask if the password is OK */ nt_status = ntlmssp_state->check_password(ntlmssp_state, - &user_session_key, - &lm_session_key); + &state->user_session_key, + &state->lm_session_key); if (!NT_STATUS_IS_OK(nt_status)) { + TALLOC_FREE(state); return nt_status; } - nt_status = ntlmssp_server_postauth(gensec_security, - &user_session_key, - &lm_session_key); + nt_status = ntlmssp_server_postauth(gensec_security, state); if (!NT_STATUS_IS_OK(nt_status)) { + TALLOC_FREE(state); return nt_status; } + TALLOC_FREE(state); return NT_STATUS_OK; } |