From 52c1e60e68f8e906ce7c6a82b1c32f29cd546659 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Nov 2003 00:07:55 +0000 Subject: Merge from 3.0: - NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett (This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0) --- source3/libsmb/ntlmssp.c | 8 ++++++-- source3/nsswitch/winbindd.c | 6 +++--- source3/nsswitch/winbindd_pam.c | 2 ++ source3/rpc_client/cli_pipe.c | 12 ++++-------- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index a0da1efcc1..d361196047 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -774,8 +774,6 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; - /* generate the ntlmssp negotiate packet */ msrpc_gen(next_request, "CddAA", "NTLMSSP", @@ -812,6 +810,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB nt_response = data_blob(NULL, 0); DATA_BLOB session_key = data_blob(NULL, 0); DATA_BLOB encrypted_session_key = data_blob(NULL, 0); + NTSTATUS nt_status; if (!msrpc_parse(&reply, "CdBd", "NTLMSSP", @@ -1002,6 +1001,11 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->expected_state = NTLMSSP_UNKNOWN; + if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) { + DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", nt_errstr(nt_status))); + return nt_status; + } + return NT_STATUS_MORE_PROCESSING_REQUIRED; } diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 4f161604b5..4b47ac13a2 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -452,7 +452,7 @@ void winbind_client_read(struct winbindd_cli_state *state) (char *)&state->request, sizeof(state->request) - state->read_buf_len); - DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len )); + DEBUG(10,("client_read: read %d bytes. Need %ld more for a full request.\n", n, (unsigned long)(sizeof(state->request) - n - state->read_buf_len) )); /* Read failed, kill client */ @@ -719,8 +719,8 @@ static void process_loop(void) if (state->read_buf_len >= sizeof(uint32) && *(uint32 *) &state->request != sizeof(state->request)) { - DEBUG(0,("process_loop: Invalid request size from pid %lu: %d bytes sent, should be %d\n", - (unsigned long)state->request.pid, *(uint32 *) &state->request, sizeof(state->request))); + DEBUG(0,("process_loop: Invalid request size from pid %lu: %d bytes sent, should be %ld\n", + (unsigned long)state->request.pid, *(uint32 *) &state->request, (unsigned long)sizeof(state->request))); remove_client(state); break; diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 993e7d68ff..9962105787 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -383,6 +383,8 @@ done: state->response.data.auth.nt_status = NT_STATUS_V(result); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); + + /* we might have given a more useful error above */ if (!*state->response.data.auth.error_string) push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 7517777920..49abf787ee 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -822,14 +822,6 @@ static NTSTATUS create_rpc_bind_resp(struct cli_state *cli, return NT_STATUS_NO_MEMORY; } - if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) { - nt_status = ntlmssp_sign_init(cli->ntlmssp_pipe_state); - - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - } - data_blob_free(&ntlmssp_reply); return NT_STATUS_OK; } @@ -1336,6 +1328,10 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_na if (!NT_STATUS_IS_OK(nt_status)) return False; + /* Currently the NTLMSSP code does not implement NTLM2 correctly for signing or sealing */ + + cli->ntlmssp_pipe_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; + nt_status = ntlmssp_set_username(cli->ntlmssp_pipe_state, cli->user_name); if (!NT_STATUS_IS_OK(nt_status)) -- cgit