summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/auth/gensec.c27
-rw-r--r--source4/libcli/auth/gensec.h7
-rw-r--r--source4/libcli/auth/gensec_ntlmssp.c31
-rw-r--r--source4/libcli/ldap/ldap_client.c2
4 files changed, 42 insertions, 25 deletions
diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c
index 7243222b6d..147d1b12df 100644
--- a/source4/libcli/auth/gensec.c
+++ b/source4/libcli/auth/gensec.c
@@ -137,6 +137,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gense
(*gensec_security)->subcontext = False;
(*gensec_security)->want_features = 0;
+ (*gensec_security)->have_features = 0;
return NT_STATUS_OK;
}
@@ -232,11 +233,11 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- gensec_want_feature(gensec_security, GENSEC_WANT_SIGN);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
}
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- gensec_want_feature(gensec_security, GENSEC_WANT_SIGN);
- gensec_want_feature(gensec_security, GENSEC_WANT_SEAL);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
}
return gensec_start_mech(gensec_security);
@@ -310,8 +311,8 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
if (!gensec_security->ops->unseal_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SEAL)) {
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return gensec_check_packet(gensec_security, mem_ctx,
data, length,
whole_pdu, pdu_length,
@@ -335,7 +336,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security,
if (!gensec_security->ops->check_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -351,8 +352,8 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
if (!gensec_security->ops->seal_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SEAL)) {
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return gensec_sign_packet(gensec_security, mem_ctx,
data, length,
whole_pdu, pdu_length,
@@ -373,7 +374,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
if (!gensec_security->ops->sign_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -385,7 +386,7 @@ size_t gensec_sig_size(struct gensec_security *gensec_security)
if (!gensec_security->ops->sig_size) {
return 0;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return 0;
}
@@ -398,10 +399,6 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security,
if (!gensec_security->ops->session_key) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SESSION_KEY)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
return gensec_security->ops->session_key(gensec_security, session_key);
}
@@ -474,7 +471,7 @@ void gensec_want_feature(struct gensec_security *gensec_security,
BOOL gensec_have_feature(struct gensec_security *gensec_security,
uint32 feature)
{
- if (gensec_security->want_features & feature) {
+ if (gensec_security->have_features & feature) {
return True;
}
diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h
index f8b7e292e8..3d645bee82 100644
--- a/source4/libcli/auth/gensec.h
+++ b/source4/libcli/auth/gensec.h
@@ -41,9 +41,9 @@ struct gensec_target {
const char *service;
};
-#define GENSEC_WANT_SESSION_KEY 0x1
-#define GENSEC_WANT_SIGN 0x2
-#define GENSEC_WANT_SEAL 0x4
+#define GENSEC_FEATURE_SESSION_KEY 0x00000001
+#define GENSEC_FEATURE_SIGN 0x00000002
+#define GENSEC_FEATURE_SEAL 0x00000004
/* GENSEC mode */
enum gensec_role
@@ -99,6 +99,7 @@ struct gensec_security {
enum gensec_role gensec_role;
BOOL subcontext;
uint32 want_features;
+ uint32 have_features;
};
/* this structure is used by backends to determine the size of some critical types */
diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c
index 147e2359f4..07dacfb5e0 100644
--- a/source4/libcli/auth/gensec_ntlmssp.c
+++ b/source4/libcli/auth/gensec_ntlmssp.c
@@ -178,10 +178,10 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur
return nt_status;
}
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
- if (gensec_security->want_features & GENSEC_WANT_SEAL) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
@@ -219,7 +219,7 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
return status;
}
- if (gensec_security->want_features & GENSEC_WANT_SESSION_KEY) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
/*
* We need to set this to allow a later SetPassword
* via the SAMR pipe to succeed. Strange.... We could
@@ -231,10 +231,10 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur
*/
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
- if (gensec_security->want_features & GENSEC_WANT_SEAL) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
@@ -343,8 +343,27 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, T
const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ NTSTATUS status;
+
+ status = ntlmssp_update(gensec_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (gensec_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+ gensec_security->have_features |= GENSEC_FEATURE_SIGN;
+ }
+
+ if (gensec_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+ gensec_security->have_features |= GENSEC_FEATURE_SEAL;
+ }
- return ntlmssp_update(gensec_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out);
+ if (gensec_ntlmssp_state->ntlmssp_state->session_key.data) {
+ gensec_security->have_features |= GENSEC_FEATURE_SESSION_KEY;
+ }
+
+ return status;
}
/**
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 88c84d880b..a9b20b4ea8 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -382,7 +382,7 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha
return result;
}
- gensec_want_feature(conn->gensec, GENSEC_WANT_SIGN | GENSEC_WANT_SEAL);
+ gensec_want_feature(conn->gensec, GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
status = gensec_set_domain(conn->gensec, domain);
if (!NT_STATUS_IS_OK(status)) {
generated by cgit (git 2.34.1) at 2024-07-07 04:20:37 +0000