if (cli) {
uint16_t sec_mode = cli_state_security_mode(cli);
+ const uint8_t *server_challenge = cli_state_server_challenge(cli);
DEBUG(3,("using password server validation\n"));
*my_private_data =
(void *)make_server_security_state(cli);
return data_blob_null;
- } else if (cli->secblob.length < 8) {
- /* We can't do much if we don't get a full challenge */
- DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n"));
- cli_shutdown(cli);
- return data_blob_null;
}
if (!(*my_private_data = (void *)make_server_security_state(cli))) {
/* The return must be allocated on the caller's mem_ctx, as our own will be
destoyed just after the call. */
- return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), cli->secblob.data,8);
+ return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), server_challenge ,8);
} else {
return data_blob_null;
}
return NT_STATUS_LOGON_FAILURE;
}
} else {
- if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) {
+ const uint8_t *server_challenge = cli_state_server_challenge(cli);
+
+ if (memcmp(server_challenge, auth_context->challenge.data, 8) != 0) {
DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli_state_remote_name(cli)));
return NT_STATUS_LOGON_FAILURE;
}