{
NTSTATUS status;
uint32_t srv_flgs;
- /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
- * so use a copy to avoid destroying the client values. */
- uint32_t in_neg_flags = *r->in.negotiate_flags;
struct netr_Credential srv_chal_out;
/* According to Microsoft (see bugid #6099)
* Windows 7 looks at the negotiate_flags
* returned in this structure *even if the
- * call fails with access denied* ! So in order
+ * call fails with access denied ! So in order
* to allow Win7 to connect to a Samba NT style
* PDC we set the flags before we know if it's
* an error or not.
NETLOGON_NEG_REDO |
NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
- /* Ensure we support strong (128-bit) keys. */
- if (in_neg_flags & NETLOGON_NEG_128BIT) {
- srv_flgs |= NETLOGON_NEG_128BIT;
- }
-
if (lp_server_schannel() != false) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
+ *r->out.negotiate_flags = srv_flgs;
+
/* We use this as the key to store the creds: */
/* r->in.computer_name */
if (!p->dc || !p->dc->challenge_sent) {
DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
r->in.computer_name));
- status = NT_STATUS_ACCESS_DENIED;
- goto out;
+ return NT_STATUS_ACCESS_DENIED;
}
if ( (lp_server_schannel() == true) &&
- ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
+ ((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
/* schannel must be used, but client did not offer it. */
DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
"to offer it. Client was %s\n",
r->in.account_name));
- status = NT_STATUS_ACCESS_DENIED;
- goto out;
+ return NT_STATUS_ACCESS_DENIED;
}
status = get_md4pw((char *)p->dc->mach_pw,
"account %s: %s\n",
r->in.account_name, nt_errstr(status) ));
/* always return NT_STATUS_ACCESS_DENIED */
- status = NT_STATUS_ACCESS_DENIED;
- goto out;
+ return NT_STATUS_ACCESS_DENIED;
}
/* From the client / server challenges and md4 password, generate sess key */
- creds_server_init(in_neg_flags,
+ creds_server_init(*r->in.negotiate_flags,
p->dc,
&p->dc->clnt_chal, /* Stored client chal. */
&p->dc->srv_chal, /* Stored server chal. */
"request from client %s machine account %s\n",
r->in.computer_name,
r->in.account_name));
- status = NT_STATUS_ACCESS_DENIED;
- goto out;
+ return NT_STATUS_ACCESS_DENIED;
}
/* set up the LSA AUTH 2 response */
memcpy(r->out.return_credentials->data, &srv_chal_out.data,
r->in.computer_name,
p->dc);
unbecome_root();
- status = NT_STATUS_OK;
-
- out:
- *r->out.negotiate_flags = srv_flgs;
- return status;
+ return NT_STATUS_OK;
}
/*************************************************************************