1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

r6799: Remove a rudundent variable from the context structure - we can figure

this out by asking GENSEC, just like everybody else.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2005-05-15 23:40:22 +00:00 committed by Gerald (Jerry) Carter
parent 31ff2cd8e1
commit 0268d6c46b
4 changed files with 14 additions and 10 deletions

View File

@ -87,8 +87,6 @@ struct gensec_ntlmssp_state
BOOL allow_lm_key; /* The LM_KEY code is not functional at this point, and it's not
very secure anyway */
BOOL server_use_session_keys; /* Set to 'False' for authentication only,
that will never return a session key */
BOOL server_multiple_authentications; /* Set to 'True' to allow squid 2.5
style 'challenge caching' */

View File

@ -560,11 +560,12 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security,
/* Finally, actually ask if the password is OK */
if (!NT_STATUS_IS_OK(nt_status = gensec_ntlmssp_state->check_password(gensec_ntlmssp_state,
&user_session_key, &lm_session_key))) {
&user_session_key, &lm_session_key))) {
return nt_status;
}
if (gensec_ntlmssp_state->server_use_session_keys) {
if (gensec_security->want_features
& (GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL|GENSEC_FEATURE_SESSION_KEY)) {
return ntlmssp_server_postauth(gensec_security, &user_session_key, &lm_session_key);
} else {
gensec_ntlmssp_state->session_key = data_blob(NULL, 0);
@ -715,7 +716,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth()
&& lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
gensec_ntlmssp_state->server_use_session_keys = True;
gensec_ntlmssp_state->server_multiple_authentications = False;
gensec_ntlmssp_state->neg_flags =

View File

@ -137,7 +137,7 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
}
if (!(gensec_security->want_features & GENSEC_FEATURE_SIGN)) {
DEBUG(3, ("GENSEC Signing not requested - cannot seal packet!\n"));
DEBUG(3, ("GENSEC Signing not requested - cannot sign packet!\n"));
return NT_STATUS_INVALID_PARAMETER;
}

View File

@ -39,9 +39,13 @@ BOOL torture_ntlmssp_self_check(void)
gensec_set_credentials(gensec_security, cmdline_credentials);
gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to start GENSEC for NTLMSSP\n");
return False;
}
@ -52,8 +56,7 @@ BOOL torture_ntlmssp_self_check(void)
gensec_ntlmssp_state->session_key.data,
gensec_ntlmssp_state->session_key.length);
gensec_ntlmssp_state->server_use_session_keys = True;
gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2;
if (!NT_STATUS_IS_OK(status = ntlmssp_sign_init(gensec_ntlmssp_state))) {
printf("Failed to sign_init: %s\n", nt_errstr(status));
@ -83,11 +86,15 @@ BOOL torture_ntlmssp_self_check(void)
status = gensec_client_start(NULL, &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to start GENSEC for NTLMSSP\n");
return False;
}
gensec_set_credentials(gensec_security, cmdline_credentials);
gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
@ -101,8 +108,7 @@ BOOL torture_ntlmssp_self_check(void)
gensec_ntlmssp_state->session_key.data,
gensec_ntlmssp_state->session_key.length);
gensec_ntlmssp_state->server_use_session_keys = True;
gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH;
if (!NT_STATUS_IS_OK(status = ntlmssp_sign_init(gensec_ntlmssp_state))) {
printf("Failed to sign_init: %s\n", nt_errstr(status));