s3-ntlmssp Remove auth_ntlmssp_and_flags()

There is no need to mask out these flags as they simply are not set
yet.

The correct abstraction is to ask for NTLMSSP features.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index 789842cc655f3aea931033bf45e0c7e88913640f..22cd582bb782af200e2c545ee1a0bdafc0b41585 100644 (file)
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -70,7 +70,6 @@ NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
                                 const char *domain);
 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
                                   const char *password);
                                 const char *domain);
 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
                                   const char *password);

-void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags);

 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature);
 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, 
                                       TALLOC_CTX *mem_ctx);
 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature);
 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, 
                                       TALLOC_CTX *mem_ctx);

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 45cf569c7915968efe4fa428f6ac0ac7c11ac3a1..a3001863b82db46ec5e87218f069ffa1d138e0f9 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -148,7 +148,6 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
        if (!NT_STATUS_IS_OK(nt_status)) {
                return ADS_ERROR_NT(nt_status);
        }
        if (!NT_STATUS_IS_OK(nt_status)) {
                return ADS_ERROR_NT(nt_status);
        }

-       ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;

 
        if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
                return ADS_ERROR_NT(nt_status);
 
        if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, ads->auth.user_name))) {
                return ADS_ERROR_NT(nt_status);

diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index c30a297cc5d660ba452258313af48927cdd87b5f..65b5050ed326ff2e2aa857b7eb5c089581f49dbe 100644 (file)
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -130,13 +130,6 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
                return status;
        }
 
                return status;
        }
 

-       /*
-        * Turn off sign+seal to allow selected auth level to turn it back on.
-        */
-       auth_ntlmssp_and_flags(sp_ctx->mech_ctx.ntlmssp_state,
-                                               ~(NTLMSSP_NEGOTIATE_SIGN |
-                                                 NTLMSSP_NEGOTIATE_SEAL));
-

        if (do_sign) {
                auth_ntlmssp_want_feature(sp_ctx->mech_ctx.ntlmssp_state,
                                          NTLMSSP_FEATURE_SIGN);
        if (do_sign) {
                auth_ntlmssp_want_feature(sp_ctx->mech_ctx.ntlmssp_state,
                                          NTLMSSP_FEATURE_SIGN);

diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index da04ceb245403f1a86c49d85c4638e0b6aa12149..91e5d0e5d97674a5667c03725f9c48ecd8f86718 100644 (file)
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -138,11 +138,6 @@ NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
        return ntlmssp_set_password(ans->ntlmssp_state, password);
 }
 
        return ntlmssp_set_password(ans->ntlmssp_state, password);
 }
 

-void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
-{
-       ans->ntlmssp_state->neg_flags &= flags;
-}
-

 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
 {
        if (ans->gensec_security) {
 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
 {
        if (ans->gensec_security) {

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 80e3c4b1ae9c4f6b0ba5bf8724e72a9989121202..e352c8630095ef469c5d7b3a2c8a83f576878759 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2315,12 +2315,6 @@ static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
                goto fail;
        }
 
                goto fail;
        }
 

-       /*
-        * Turn off sign+seal to allow selected auth level to turn it back on.
-        */
-       auth_ntlmssp_and_flags(ntlmssp_ctx, ~(NTLMSSP_NEGOTIATE_SIGN |
-                                               NTLMSSP_NEGOTIATE_SEAL));
-

        if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
                auth_ntlmssp_want_feature(ntlmssp_ctx, NTLMSSP_FEATURE_SIGN);
        } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
        if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
                auth_ntlmssp_want_feature(ntlmssp_ctx, NTLMSSP_FEATURE_SIGN);
        } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {