svn commit: samba r9868 - in trunk/source/libsmb: .
jra at samba.org
jra at samba.org
Thu Sep 1 05:56:43 GMT 2005
Author: jra
Date: 2005-09-01 05:56:42 +0000 (Thu, 01 Sep 2005)
New Revision: 9868
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9868
Log:
Add the "ntlmssp_update" returns NT_STATUS_OK code from rpcrewrite branch.
State machine now more sane.
Jeremy.
Modified:
trunk/source/libsmb/ntlmssp.c
Changeset:
Modified: trunk/source/libsmb/ntlmssp.c
===================================================================
--- trunk/source/libsmb/ntlmssp.c 2005-09-01 05:41:33 UTC (rev 9867)
+++ trunk/source/libsmb/ntlmssp.c 2005-09-01 05:56:42 UTC (rev 9868)
@@ -218,6 +218,12 @@
uint32 ntlmssp_command;
int i;
+ if (ntlmssp_state->expected_state == NTLMSSP_DONE) {
+ /* Called update after negotiations finished. */
+ DEBUG(1, ("Called NTLMSSP after state machine was 'done'\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
*out = data_blob(NULL, 0);
if (!in.length && ntlmssp_state->stored_response.length) {
@@ -534,7 +540,7 @@
DATA_BLOB lm_session_key = data_blob(NULL, 0);
DATA_BLOB session_key = data_blob(NULL, 0);
uint32 ntlmssp_command, auth_flags;
- NTSTATUS nt_status;
+ NTSTATUS nt_status = NT_STATUS_OK;
/* used by NTLM2 */
BOOL doing_ntlm2 = False;
@@ -784,8 +790,8 @@
data_blob_free(&encrypted_session_key);
- /* allow arbitarily many authentications */
- ntlmssp_state->expected_state = NTLMSSP_AUTH;
+ /* Only one authentication allowed per server state. */
+ ntlmssp_state->expected_state = NTLMSSP_DONE;
return nt_status;
}
@@ -897,7 +903,7 @@
DATA_BLOB nt_response = data_blob(NULL, 0);
DATA_BLOB session_key = data_blob(NULL, 0);
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
- NTSTATUS nt_status;
+ NTSTATUS nt_status = NT_STATUS_OK;
if (!msrpc_parse(&reply, "CdBd",
"NTLMSSP",
@@ -1098,14 +1104,13 @@
ntlmssp_state->lm_resp = lm_response;
ntlmssp_state->nt_resp = nt_response;
- ntlmssp_state->expected_state = NTLMSSP_UNKNOWN;
+ ntlmssp_state->expected_state = NTLMSSP_DONE;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", nt_errstr(nt_status)));
- return nt_status;
}
- return NT_STATUS_MORE_PROCESSING_REQUIRED;
+ return nt_status;
}
NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
@@ -1139,7 +1144,7 @@
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_NTLM |
- NTLMSSP_NEGOTIATE_NTLM2 |
+ lp_client_ntlmv2_auth() ? NTLMSSP_NEGOTIATE_NTLM2 : 0 |
NTLMSSP_NEGOTIATE_KEY_EXCH |
/*
* We need to set this to allow a later SetPassword
More information about the samba-cvs
mailing list