diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-08-20 06:14:14 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:33:36 -0500 |
| commit | 7e36c7e6075814c0b4eb6e37ece6ed4fd4ed09e2 (patch) | |
| tree | 987e6d15bb3cde5f568ff2b4d2430f67542677be /source4/auth/ntlmssp/ntlmssp.c | |
| parent | 40f56f63bec5a609229033dc4c0854bb4fb16f06 (diff) | |
| download | samba-7e36c7e6075814c0b4eb6e37ece6ed4fd4ed09e2.tar.gz samba-7e36c7e6075814c0b4eb6e37ece6ed4fd4ed09e2.tar.xz samba-7e36c7e6075814c0b4eb6e37ece6ed4fd4ed09e2.zip | |
r9416: Cleanups inspired by jra's work to migrate Samba4's NTLMSSP code back
into Samba3.
The NTLMSSP sign/seal code now assumes that GENSEC has already checked
to see if SIGN or SEAL should be permitted. This simplfies the code
ensures that no matter what the mech, the correct code paths have been
set in place.
Also remove duplication caused by the NTLMv2 code's history, and
document why some of the things a bit funny.
In SPNEGO, create a new routine to handle the negTokenInit creation.
We no longer send an OID for a mech we can't start (like kerberos on
the server without a valid trust account).
Andrew Bartlett
(This used to be commit fe45ef608f961a6950d4d19b4cb5e7c27b38ba5f)
Diffstat (limited to 'source4/auth/ntlmssp/ntlmssp.c')
| -rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 339c219f62..82d6dd0e8f 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -185,25 +185,6 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, return status; } - gensec_ntlmssp_state->have_features = 0; - - if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { - gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SIGN; - } - - if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { - gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SEAL; - } - - if (gensec_ntlmssp_state->session_key.data) { - gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SESSION_KEY; - } - - /* only NTLMv2 can handle async replies */ - if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_ASYNC_REPLIES; - } - return status; } @@ -317,10 +298,35 @@ static BOOL gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, uint32_t feature) { struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; - if (gensec_ntlmssp_state->have_features & feature) { + if (feature & GENSEC_FEATURE_SIGN) { + if (!gensec_ntlmssp_state->session_key.length) { + return False; + } + if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { + return True; + } + } + if (feature & GENSEC_FEATURE_SEAL) { + if (!gensec_ntlmssp_state->session_key.length) { + return False; + } + if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { + return True; + } + } + if (feature & GENSEC_FEATURE_SESSION_KEY) { + if (gensec_ntlmssp_state->session_key.length) { + return True; + } + } + if (feature & GENSEC_FEATURE_DCE_STYLE) { return True; } - + if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { + if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { + return True; + } + } return False; } @@ -335,7 +341,6 @@ NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->auth_context = NULL; gensec_ntlmssp_state->server_info = NULL; - gensec_ntlmssp_state->have_features = 0; gensec_security->private_data = gensec_ntlmssp_state; return NT_STATUS_OK; |