svn commit: samba r6799 - in branches/SAMBA_4_0/source: auth/ntlmssp torture/auth

[abartlet at samba.org]

Author: abartlet
Date: 2005-05-15 23:40:22 +0000 (Sun, 15 May 2005)
New Revision: 6799

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6799

Log:
Remove a rudundent variable from the context structure - we can figure
this out by asking GENSEC, just like everybody else.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h
   branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c
   branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c
   branches/SAMBA_4_0/source/torture/auth/ntlmssp.c


Changeset:
Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h
===================================================================
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h	2005-05-15 23:20:58 UTC (rev 6798)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.h	2005-05-15 23:40:22 UTC (rev 6799)
@@ -87,8 +87,6 @@
 	BOOL allow_lm_key;     /* The LM_KEY code is not functional at this point, and it's not 
 				  very secure anyway */
 
-	BOOL server_use_session_keys; /* Set to 'False' for authentication only, 
-					 that will never return a session key */
 	BOOL server_multiple_authentications;  /* Set to 'True' to allow squid 2.5 
 						  style 'challenge caching' */
 

Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c
===================================================================
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c	2005-05-15 23:20:58 UTC (rev 6798)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c	2005-05-15 23:40:22 UTC (rev 6799)
@@ -560,11 +560,12 @@
 	/* Finally, actually ask if the password is OK */
 
 	if (!NT_STATUS_IS_OK(nt_status = gensec_ntlmssp_state->check_password(gensec_ntlmssp_state, 
-								       &user_session_key, &lm_session_key))) {
+									      &user_session_key, &lm_session_key))) {
 		return nt_status;
 	}
 	
-	if (gensec_ntlmssp_state->server_use_session_keys) {
+	if (gensec_security->want_features
+	    & (GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL|GENSEC_FEATURE_SESSION_KEY)) {
 		return ntlmssp_server_postauth(gensec_security, &user_session_key, &lm_session_key);
 	} else {
 		gensec_ntlmssp_state->session_key = data_blob(NULL, 0);
@@ -715,7 +716,6 @@
 	gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth() 
 					  && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
 
-	gensec_ntlmssp_state->server_use_session_keys = True;
 	gensec_ntlmssp_state->server_multiple_authentications = False;
 	
 	gensec_ntlmssp_state->neg_flags = 

Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c
===================================================================
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c	2005-05-15 23:20:58 UTC (rev 6798)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c	2005-05-15 23:40:22 UTC (rev 6799)
@@ -137,7 +137,7 @@
 	}
 	
 	if (!(gensec_security->want_features & GENSEC_FEATURE_SIGN)) {
-		DEBUG(3, ("GENSEC Signing not requested - cannot seal packet!\n"));
+		DEBUG(3, ("GENSEC Signing not requested - cannot sign packet!\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 

Modified: branches/SAMBA_4_0/source/torture/auth/ntlmssp.c
===================================================================
--- branches/SAMBA_4_0/source/torture/auth/ntlmssp.c	2005-05-15 23:20:58 UTC (rev 6798)
+++ branches/SAMBA_4_0/source/torture/auth/ntlmssp.c	2005-05-15 23:40:22 UTC (rev 6799)
@@ -39,9 +39,13 @@
 
 	gensec_set_credentials(gensec_security, cmdline_credentials);
 
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
 	status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
 
 	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to start GENSEC for NTLMSSP\n");
 		return False;
 	}
 
@@ -52,8 +56,7 @@
 		     gensec_ntlmssp_state->session_key.data,  
 		     gensec_ntlmssp_state->session_key.length);
 
-	gensec_ntlmssp_state->server_use_session_keys = True;
-	gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
+	gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
 
 	if (!NT_STATUS_IS_OK(status = ntlmssp_sign_init(gensec_ntlmssp_state))) {
 		printf("Failed to sign_init: %s\n", nt_errstr(status));
@@ -83,11 +86,15 @@
 	status = gensec_client_start(NULL, &gensec_security);
 
 	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to start GENSEC for NTLMSSP\n");
 		return False;
 	}
 
 	gensec_set_credentials(gensec_security, cmdline_credentials);
 
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
 	status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -101,8 +108,7 @@
 		     gensec_ntlmssp_state->session_key.data,  
 		     gensec_ntlmssp_state->session_key.length);
 
-	gensec_ntlmssp_state->server_use_session_keys = True;
-	gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
+	gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
 
 	if (!NT_STATUS_IS_OK(status = ntlmssp_sign_init(gensec_ntlmssp_state))) {
 		printf("Failed to sign_init: %s\n", nt_errstr(status));