There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
const char *domain);
NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
const char *password);
const char *domain);
NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
const char *password);
-void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags);
void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature);
DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans,
TALLOC_CTX *mem_ctx);
void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature);
DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans,
TALLOC_CTX *mem_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
- ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
return ADS_ERROR_NT(nt_status);
- /*
- * Turn off sign+seal to allow selected auth level to turn it back on.
- */
- auth_ntlmssp_and_flags(sp_ctx->mech_ctx.ntlmssp_state,
- ~(NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL));
-
if (do_sign) {
auth_ntlmssp_want_feature(sp_ctx->mech_ctx.ntlmssp_state,
NTLMSSP_FEATURE_SIGN);
if (do_sign) {
auth_ntlmssp_want_feature(sp_ctx->mech_ctx.ntlmssp_state,
NTLMSSP_FEATURE_SIGN);
return ntlmssp_set_password(ans->ntlmssp_state, password);
}
return ntlmssp_set_password(ans->ntlmssp_state, password);
}
-void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
-{
- ans->ntlmssp_state->neg_flags &= flags;
-}
-
void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
{
if (ans->gensec_security) {
void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
{
if (ans->gensec_security) {
- /*
- * Turn off sign+seal to allow selected auth level to turn it back on.
- */
- auth_ntlmssp_and_flags(ntlmssp_ctx, ~(NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL));
-
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
auth_ntlmssp_want_feature(ntlmssp_ctx, NTLMSSP_FEATURE_SIGN);
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
auth_ntlmssp_want_feature(ntlmssp_ctx, NTLMSSP_FEATURE_SIGN);
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {