- *out_session_id = session->vuid;
-
- return NT_STATUS_OK;
-
- fail:
-
- data_blob_free(&ap_rep);
- data_blob_free(&ap_rep_wrapped);
- data_blob_free(&ticket);
- data_blob_free(&session_key);
- data_blob_free(&secblob_out);
-
- ap_rep_wrapped = data_blob_null;
- secblob_out = spnego_gen_auth_response(
- talloc_tos(),
- &ap_rep_wrapped,
- status,
- mechOID);
-
- *out_security_buffer = data_blob_talloc(smb2req,
- secblob_out.data,
- secblob_out.length);
- data_blob_free(&secblob_out);
- return status;
-}
-#endif
-
-static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
- struct smbd_smb2_request *smb2req,
- uint8_t in_security_mode,
- DATA_BLOB in_security_buffer,
- uint16_t *out_session_flags,
- DATA_BLOB *out_security_buffer,
- uint64_t *out_session_id)
-{
- DATA_BLOB secblob_in = data_blob_null;
- DATA_BLOB chal_out = data_blob_null;
- char *kerb_mech = NULL;
- NTSTATUS status;
-
- /* Ensure we have no old NTLM state around. */
- TALLOC_FREE(session->auth_ntlmssp_state);
-
- status = parse_spnego_mechanisms(talloc_tos(), in_security_buffer,
- &secblob_in, &kerb_mech);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
-
-#ifdef HAVE_KRB5
- if (kerb_mech && ((lp_security()==SEC_ADS) ||
- USE_KERBEROS_KEYTAB) ) {
- status = smbd_smb2_session_setup_krb5(session,
- smb2req,
- in_security_mode,
- &secblob_in,
- kerb_mech,
- out_session_flags,
- out_security_buffer,
- out_session_id);