r6799: Remove a rudundent variable from the context structure - we can figure
authorAndrew Bartlett <abartlet@samba.org>
Sun, 15 May 2005 23:40:22 +0000 (23:40 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:16:45 +0000 (13:16 -0500)
this out by asking GENSEC, just like everybody else.

Andrew Bartlett

source/auth/ntlmssp/ntlmssp.h
source/auth/ntlmssp/ntlmssp_server.c
source/auth/ntlmssp/ntlmssp_sign.c
source/torture/auth/ntlmssp.c

index 9d6b827fbc5c771d3e3966305ae89ce812330e2d..36d12a982094f1ae5aab6cdda767a3cdda930d91 100644 (file)
@@ -87,8 +87,6 @@ struct gensec_ntlmssp_state
        BOOL allow_lm_key;     /* The LM_KEY code is not functional at this point, and it's not 
                                  very secure anyway */
 
-       BOOL server_use_session_keys; /* Set to 'False' for authentication only, 
-                                        that will never return a session key */
        BOOL server_multiple_authentications;  /* Set to 'True' to allow squid 2.5 
                                                  style 'challenge caching' */
 
index db169684d615c05879c98f0450cc675a600221cb..bbe9b213f96c259297861d0822e09b4529b9f97b 100644 (file)
@@ -560,11 +560,12 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security,
        /* Finally, actually ask if the password is OK */
 
        if (!NT_STATUS_IS_OK(nt_status = gensec_ntlmssp_state->check_password(gensec_ntlmssp_state, 
-                                                                      &user_session_key, &lm_session_key))) {
+                                                                             &user_session_key, &lm_session_key))) {
                return nt_status;
        }
        
-       if (gensec_ntlmssp_state->server_use_session_keys) {
+       if (gensec_security->want_features
+           & (GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL|GENSEC_FEATURE_SESSION_KEY)) {
                return ntlmssp_server_postauth(gensec_security, &user_session_key, &lm_session_key);
        } else {
                gensec_ntlmssp_state->session_key = data_blob(NULL, 0);
@@ -715,7 +716,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
        gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth() 
                                          && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
 
-       gensec_ntlmssp_state->server_use_session_keys = True;
        gensec_ntlmssp_state->server_multiple_authentications = False;
        
        gensec_ntlmssp_state->neg_flags = 
index d8a5a0f909bfaf69aae7c8e464c3d73256736e0f..960841ecf27f0244ffe3de052fbae66fb03d5abd 100644 (file)
@@ -137,7 +137,7 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
        }
        
        if (!(gensec_security->want_features & GENSEC_FEATURE_SIGN)) {
-               DEBUG(3, ("GENSEC Signing not requested - cannot seal packet!\n"));
+               DEBUG(3, ("GENSEC Signing not requested - cannot sign packet!\n"));
                return NT_STATUS_INVALID_PARAMETER;
        }
 
index 644d502d99e02c27ea468156e5d7162dbeebbb89..48deb4e73a87a2b685d732251e55e1013d2dd6f7 100644 (file)
@@ -39,9 +39,13 @@ BOOL torture_ntlmssp_self_check(void)
 
        gensec_set_credentials(gensec_security, cmdline_credentials);
 
+       gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+       gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
        status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
 
        if (!NT_STATUS_IS_OK(status)) {
+               printf("Failed to start GENSEC for NTLMSSP\n");
                return False;
        }
 
@@ -52,8 +56,7 @@ BOOL torture_ntlmssp_self_check(void)
                     gensec_ntlmssp_state->session_key.data,  
                     gensec_ntlmssp_state->session_key.length);
 
-       gensec_ntlmssp_state->server_use_session_keys = True;
-       gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
+       gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
 
        if (!NT_STATUS_IS_OK(status = ntlmssp_sign_init(gensec_ntlmssp_state))) {
                printf("Failed to sign_init: %s\n", nt_errstr(status));
@@ -83,11 +86,15 @@ BOOL torture_ntlmssp_self_check(void)
        status = gensec_client_start(NULL, &gensec_security);
 
        if (!NT_STATUS_IS_OK(status)) {
+               printf("Failed to start GENSEC for NTLMSSP\n");
                return False;
        }
 
        gensec_set_credentials(gensec_security, cmdline_credentials);
 
+       gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+       gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
+
        status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
 
        if (!NT_STATUS_IS_OK(status)) {
@@ -101,8 +108,7 @@ BOOL torture_ntlmssp_self_check(void)
                     gensec_ntlmssp_state->session_key.data,  
                     gensec_ntlmssp_state->session_key.length);
 
-       gensec_ntlmssp_state->server_use_session_keys = True;
-       gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
+       gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
 
        if (!NT_STATUS_IS_OK(status = ntlmssp_sign_init(gensec_ntlmssp_state))) {
                printf("Failed to sign_init: %s\n", nt_errstr(status));