From 8b983d232648944c18fe878a3ace0f58658ec24d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 26 Jul 2011 10:19:54 +1000
Subject: s3-ntlmssp Split auth_ntlmssp_start into two functions

This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/auth/auth_ntlmssp.c | 27 +++++++++++++++------------
 source3/auth/proto.h        |  3 ++-
 2 files changed, 17 insertions(+), 13 deletions(-)

(limited to 'source3/auth')

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index c078416aad..f7d3619d3b 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -188,8 +188,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 
 static int auth_ntlmssp_state_destructor(void *ptr);
 
-NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
-			    struct auth_ntlmssp_state **auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
+			      struct auth_ntlmssp_state **auth_ntlmssp_state)
 {
 	NTSTATUS nt_status;
 	bool is_standalone;
@@ -212,20 +212,16 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
 		return nt_status;
 	}
 
+	ans->auth_context = talloc_steal(ans, auth_context);
+
 	if (auth_context->prepare_gensec) {
 		nt_status = auth_context->prepare_gensec(ans, &ans->gensec_security);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			TALLOC_FREE(ans);
 			return nt_status;
 		} else {
-			nt_status = auth_context->gensec_start_mech_by_oid(ans->gensec_security, GENSEC_OID_NTLMSSP);
-			if (!NT_STATUS_IS_OK(nt_status)) {
-				TALLOC_FREE(ans);
-				return nt_status;
-			} else {
-				*auth_ntlmssp_state = ans;
-				return NT_STATUS_OK;
-			}
+			*auth_ntlmssp_state = ans;
+			return NT_STATUS_OK;
 		}
 	}
 
@@ -261,8 +257,6 @@ NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
 		return nt_status;
 	}
 
-	ans->auth_context = talloc_steal(ans, auth_context);
-
 	ans->ntlmssp_state->callback_private = ans;
 	ans->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
 	ans->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
@@ -286,3 +280,12 @@ static int auth_ntlmssp_state_destructor(void *ptr)
 	TALLOC_FREE(ans->ntlmssp_state);
 	return 0;
 }
+
+NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+	if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid) {
+		return auth_ntlmssp_state->auth_context->gensec_start_mech_by_oid(auth_ntlmssp_state->gensec_security, GENSEC_OID_NTLMSSP);
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index f2b7875997..bce27c86c3 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -72,8 +72,9 @@ NTSTATUS auth_netlogond_init(void);
 NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
 				struct auth_ntlmssp_state *auth_ntlmssp_state,
 				struct auth_session_info **session_info);
-NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
 			    struct auth_ntlmssp_state **auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state);
 
 
 /* The following definitions come from auth/auth_sam.c  */
-- 
cgit