Author: jra
Date: 2005-09-01 05:56:42 +0000 (Thu, 01 Sep 2005)
New Revision: 9868

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9868

Log:
Add the "ntlmssp_update" returns NT_STATUS_OK code from rpcrewrite branch.
State machine now more sane.
Jeremy.

Modified:
   trunk/source/libsmb/ntlmssp.c


Changeset:
Modified: trunk/source/libsmb/ntlmssp.c
===================================================================
--- trunk/source/libsmb/ntlmssp.c       2005-09-01 05:41:33 UTC (rev 9867)
+++ trunk/source/libsmb/ntlmssp.c       2005-09-01 05:56:42 UTC (rev 9868)
@@ -218,6 +218,12 @@
        uint32 ntlmssp_command;
        int i;
 
+       if (ntlmssp_state->expected_state == NTLMSSP_DONE) {
+               /* Called update after negotiations finished. */
+               DEBUG(1, ("Called NTLMSSP after state machine was 'done'\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
        *out = data_blob(NULL, 0);
 
        if (!in.length && ntlmssp_state->stored_response.length) {
@@ -534,7 +540,7 @@
        DATA_BLOB lm_session_key = data_blob(NULL, 0);
        DATA_BLOB session_key = data_blob(NULL, 0);
        uint32 ntlmssp_command, auth_flags;
-       NTSTATUS nt_status;
+       NTSTATUS nt_status = NT_STATUS_OK;
 
        /* used by NTLM2 */
        BOOL doing_ntlm2 = False;
@@ -784,8 +790,8 @@
 
        data_blob_free(&encrypted_session_key);
        
-       /* allow arbitarily many authentications */
-       ntlmssp_state->expected_state = NTLMSSP_AUTH;
+       /* Only one authentication allowed per server state. */
+       ntlmssp_state->expected_state = NTLMSSP_DONE;
 
        return nt_status;
 }
@@ -897,7 +903,7 @@
        DATA_BLOB nt_response = data_blob(NULL, 0);
        DATA_BLOB session_key = data_blob(NULL, 0);
        DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
-       NTSTATUS nt_status;
+       NTSTATUS nt_status = NT_STATUS_OK;
 
        if (!msrpc_parse(&reply, "CdBd",
                         "NTLMSSP",
@@ -1098,14 +1104,13 @@
        ntlmssp_state->lm_resp = lm_response;
        ntlmssp_state->nt_resp = nt_response;
 
-       ntlmssp_state->expected_state = NTLMSSP_UNKNOWN;
+       ntlmssp_state->expected_state = NTLMSSP_DONE;
 
        if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
                DEBUG(1, ("Could not setup NTLMSSP signing/sealing system 
(error was: %s)\n", nt_errstr(nt_status)));
-               return nt_status;
        }
 
-       return NT_STATUS_MORE_PROCESSING_REQUIRED;
+       return nt_status;
 }
 
 NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
@@ -1139,7 +1144,7 @@
        (*ntlmssp_state)->neg_flags = 
                NTLMSSP_NEGOTIATE_128 |
                NTLMSSP_NEGOTIATE_NTLM |
-               NTLMSSP_NEGOTIATE_NTLM2 |
+               lp_client_ntlmv2_auth() ? NTLMSSP_NEGOTIATE_NTLM2 : 0 |
                NTLMSSP_NEGOTIATE_KEY_EXCH |
                /*
                 * We need to set this to allow a later SetPassword

Reply via email to