svn commit: samba r9868 - in trunk/source/libsmb: .

Thu Sep 1 05:56:43 GMT 2005

Author: jra
Date: 2005-09-01 05:56:42 +0000 (Thu, 01 Sep 2005)
New Revision: 9868

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9868

Log:
Add the "ntlmssp_update" returns NT_STATUS_OK code from rpcrewrite branch.
State machine now more sane.
Jeremy.

Modified:
   trunk/source/libsmb/ntlmssp.c


Changeset:
Modified: trunk/source/libsmb/ntlmssp.c
===================================================================

--- trunk/source/libsmb/ntlmssp.c	2005-09-01 05:41:33 UTC (rev 9867)
+++ trunk/source/libsmb/ntlmssp.c	2005-09-01 05:56:42 UTC (rev 9868)
@@ -218,6 +218,12 @@
 	uint32 ntlmssp_command;
 	int i;
 
+	if (ntlmssp_state->expected_state == NTLMSSP_DONE) {
+		/* Called update after negotiations finished. */
+		DEBUG(1, ("Called NTLMSSP after state machine was 'done'\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	*out = data_blob(NULL, 0);
 
 	if (!in.length && ntlmssp_state->stored_response.length) {
@@ -534,7 +540,7 @@
 	DATA_BLOB lm_session_key = data_blob(NULL, 0);
 	DATA_BLOB session_key = data_blob(NULL, 0);
 	uint32 ntlmssp_command, auth_flags;
-	NTSTATUS nt_status;
+	NTSTATUS nt_status = NT_STATUS_OK;
 
 	/* used by NTLM2 */
 	BOOL doing_ntlm2 = False;
@@ -784,8 +790,8 @@
 
 	data_blob_free(&encrypted_session_key);
 	
-	/* allow arbitarily many authentications */
-	ntlmssp_state->expected_state = NTLMSSP_AUTH;
+	/* Only one authentication allowed per server state. */
+	ntlmssp_state->expected_state = NTLMSSP_DONE;
 
 	return nt_status;
 }
@@ -897,7 +903,7 @@
 	DATA_BLOB nt_response = data_blob(NULL, 0);
 	DATA_BLOB session_key = data_blob(NULL, 0);
 	DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
-	NTSTATUS nt_status;
+	NTSTATUS nt_status = NT_STATUS_OK;
 
 	if (!msrpc_parse(&reply, "CdBd",
 			 "NTLMSSP",
@@ -1098,14 +1104,13 @@
 	ntlmssp_state->lm_resp = lm_response;
 	ntlmssp_state->nt_resp = nt_response;
 
-	ntlmssp_state->expected_state = NTLMSSP_UNKNOWN;
+	ntlmssp_state->expected_state = NTLMSSP_DONE;
 
 	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
 		DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n", nt_errstr(nt_status)));
-		return nt_status;
 	}
 
-	return NT_STATUS_MORE_PROCESSING_REQUIRED;
+	return nt_status;
 }
 
 NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
@@ -1139,7 +1144,7 @@
 	(*ntlmssp_state)->neg_flags = 
 		NTLMSSP_NEGOTIATE_128 |
 		NTLMSSP_NEGOTIATE_NTLM |
-		NTLMSSP_NEGOTIATE_NTLM2 |
+		lp_client_ntlmv2_auth() ? NTLMSSP_NEGOTIATE_NTLM2 : 0 |
 		NTLMSSP_NEGOTIATE_KEY_EXCH |
 		/*
 		 * We need to set this to allow a later SetPassword

