From 8b983d232648944c18fe878a3ace0f58658ec24d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 26 Jul 2011 10:19:54 +1000
Subject: s3-ntlmssp Split auth_ntlmssp_start into two functions

This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/smbd/smb2_sesssetup.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

(limited to 'source3/smbd/smb2_sesssetup.c')

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 40f98ce45f..7bc8692758 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -386,7 +386,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 		status = NT_STATUS_MORE_PROCESSING_REQUIRED;
 	} else {
 		/* Fall back to NTLMSSP. */
-		status = auth_ntlmssp_start(session->sconn->remote_address,
+		status = auth_ntlmssp_prepare(session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			goto out;
@@ -394,6 +394,11 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 
 		auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
 
+		status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto out;
+		}
+
 		status = auth_ntlmssp_update(session->auth_ntlmssp_state,
 					     talloc_tos(),
 					     secblob_in,
@@ -577,13 +582,22 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 	}
 
 	if (session->auth_ntlmssp_state == NULL) {
-		status = auth_ntlmssp_start(session->sconn->remote_address,
+		status = auth_ntlmssp_prepare(session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			data_blob_free(&auth);
 			TALLOC_FREE(session);
 			return status;
 		}
+
+		auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+		status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			data_blob_free(&auth);
+			TALLOC_FREE(session);
+			return status;
+		}
 	}
 
 	status = auth_ntlmssp_update(session->auth_ntlmssp_state,
@@ -642,12 +656,20 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 	NTSTATUS status;
 
 	if (session->auth_ntlmssp_state == NULL) {
-		status = auth_ntlmssp_start(session->sconn->remote_address,
+		status = auth_ntlmssp_prepare(session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			TALLOC_FREE(session);
 			return status;
 		}
+
+		auth_ntlmssp_want_feature(session->auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
+		status = auth_ntlmssp_start(session->auth_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			TALLOC_FREE(session);
+			return status;
+		}
 	}
 
 	/* RAW NTLMSSP */
-- 
cgit