From 8b983d232648944c18fe878a3ace0f58658ec24d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 26 Jul 2011 10:19:54 +1000
Subject: s3-ntlmssp Split auth_ntlmssp_start into two functions

This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/smbd/sesssetup.c | 41 +++++++++++++++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 6 deletions(-)

(limited to 'source3/smbd/sesssetup.c')

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1eb4708994..20b31096b0 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -624,8 +624,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
 		return;
 	}
 
-	status = auth_ntlmssp_start(sconn->remote_address,
-				    auth_ntlmssp_state);
+	status = auth_ntlmssp_prepare(sconn->remote_address,
+				      auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
 		invalidate_vuid(sconn, vuid);
@@ -635,6 +635,14 @@ static void reply_spnego_negotiate(struct smb_request *req,
 
 	auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
 
+	status = auth_ntlmssp_start(*auth_ntlmssp_state);
+	if (!NT_STATUS_IS_OK(status)) {
+		/* Kill the intermediate vuid */
+		invalidate_vuid(sconn, vuid);
+		reply_nterror(req, nt_status_squash(status));
+		return;
+	}
+
 	status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
 					secblob, &chal);
 
@@ -728,8 +736,18 @@ static void reply_spnego_auth(struct smb_request *req,
 	data_blob_free(&secblob);
 
 	if (!*auth_ntlmssp_state) {
-		status = auth_ntlmssp_start(sconn->remote_address,
-					    auth_ntlmssp_state);
+		status = auth_ntlmssp_prepare(sconn->remote_address,
+					      auth_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			/* Kill the intermediate vuid */
+			invalidate_vuid(sconn, vuid);
+			reply_nterror(req, nt_status_squash(status));
+			return;
+		}
+
+		auth_ntlmssp_want_feature(*auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+		status = auth_ntlmssp_start(*auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			/* Kill the intermediate vuid */
 			invalidate_vuid(sconn, vuid);
@@ -1141,8 +1159,19 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 		DATA_BLOB chal;
 
 		if (!vuser->auth_ntlmssp_state) {
-			status = auth_ntlmssp_start(sconn->remote_address,
-						    &vuser->auth_ntlmssp_state);
+			status = auth_ntlmssp_prepare(sconn->remote_address,
+						      &vuser->auth_ntlmssp_state);
+			if (!NT_STATUS_IS_OK(status)) {
+				/* Kill the intermediate vuid */
+				invalidate_vuid(sconn, vuid);
+				data_blob_free(&blob1);
+				reply_nterror(req, nt_status_squash(status));
+				return;
+			}
+
+			auth_ntlmssp_want_feature(vuser->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+			status = auth_ntlmssp_start(vuser->auth_ntlmssp_state);
 			if (!NT_STATUS_IS_OK(status)) {
 				/* Kill the intermediate vuid */
 				invalidate_vuid(sconn, vuid);
-- 
cgit