mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
This is now handled by GENSEC_FEATURE_LDAP_STYLE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
122a5f6b58
commit
59301830e2
@ -479,57 +479,18 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_state,
|
|||||||
&sig);
|
&sig);
|
||||||
|
|
||||||
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
|
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
|
||||||
NTSTATUS status;
|
|
||||||
struct ntlmssp_crypt_direction save_direction;
|
|
||||||
|
|
||||||
if (in->length < NTLMSSP_SIG_SIZE) {
|
if (in->length < NTLMSSP_SIG_SIZE) {
|
||||||
return NT_STATUS_INVALID_PARAMETER;
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
sig.data = in->data;
|
sig.data = in->data;
|
||||||
sig.length = NTLMSSP_SIG_SIZE;
|
sig.length = NTLMSSP_SIG_SIZE;
|
||||||
|
|
||||||
*out = data_blob_talloc(out_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
|
*out = data_blob_talloc(out_mem_ctx, in->data + NTLMSSP_SIG_SIZE, in->length - NTLMSSP_SIG_SIZE);
|
||||||
|
|
||||||
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
|
return ntlmssp_check_packet(ntlmssp_state,
|
||||||
save_direction = ntlmssp_state->crypt->ntlm2.receiving;
|
out->data, out->length,
|
||||||
} else {
|
out->data, out->length,
|
||||||
save_direction = ntlmssp_state->crypt->ntlm;
|
&sig);
|
||||||
}
|
|
||||||
|
|
||||||
status = ntlmssp_check_packet(ntlmssp_state,
|
|
||||||
out->data, out->length,
|
|
||||||
out->data, out->length,
|
|
||||||
&sig);
|
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
|
||||||
NTSTATUS check_status = status;
|
|
||||||
/*
|
|
||||||
* The Windows LDAP libraries seems to have a bug
|
|
||||||
* and always use sealing even if only signing was
|
|
||||||
* negotiated. So we need to fallback.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
|
|
||||||
ntlmssp_state->crypt->ntlm2.receiving = save_direction;
|
|
||||||
} else {
|
|
||||||
ntlmssp_state->crypt->ntlm = save_direction;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = ntlmssp_unseal_packet(ntlmssp_state,
|
|
||||||
out->data,
|
|
||||||
out->length,
|
|
||||||
out->data,
|
|
||||||
out->length,
|
|
||||||
&sig);
|
|
||||||
if (NT_STATUS_IS_OK(status)) {
|
|
||||||
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
|
|
||||||
} else {
|
|
||||||
status = check_status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
|
||||||
DEBUG(1, ("NTLMSSP packet check for unwrap failed due to invalid signature\n"));
|
|
||||||
}
|
|
||||||
return status;
|
|
||||||
} else {
|
} else {
|
||||||
*out = data_blob_talloc(out_mem_ctx, in->data, in->length);
|
*out = data_blob_talloc(out_mem_ctx, in->data, in->length);
|
||||||
if (!out->data) {
|
if (!out->data) {
|
||||||
|
Loading…
Reference in New Issue
Block a user