DEBUG(3, ("Got challenge flags:\n"));
debug_ntlmssp_flags(chal_flags);
- ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, ntlmssp_state->allow_lm_key);
+ nt_status = ntlmssp_handle_neg_flags(ntlmssp_state,
+ chal_flags, "challenge");
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
if (ntlmssp_state->unicode) {
if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
/* The following definitions come from auth/ntlmssp_util.c */
void debug_ntlmssp_flags(uint32_t neg_flags);
-void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- uint32_t neg_flags, bool allow_lm);
+NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
+ uint32_t neg_flags, const char *name);
const DATA_BLOB ntlmssp_version_blob(void);
/* The following definitions come from auth/ntlmssp_server.c */
}
}
- ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, ntlmssp_state->allow_lm_key);
+ status = ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, "negotiate");
+ if (!NT_STATUS_IS_OK(status)){
+ return status;
+ }
/* Ask our caller what challenge they would like in the packet */
if (auth_context->get_ntlm_challenge) {
talloc_steal(state, state->encrypted_session_key.data);
- if (auth_flags)
- ntlmssp_handle_neg_flags(ntlmssp_state, auth_flags, ntlmssp_state->allow_lm_key);
+ if (auth_flags != 0) {
+ nt_status = ntlmssp_handle_neg_flags(ntlmssp_state,
+ auth_flags,
+ "authenticate");
+ if (!NT_STATUS_IS_OK(nt_status)){
+ return nt_status;
+ }
+ }
if (DEBUGLEVEL >= 10) {
struct AUTHENTICATE_MESSAGE *authenticate = talloc(
debug_ntlmssp_flags_raw(4, neg_flags);
}
-void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- uint32_t neg_flags, bool allow_lm)
+NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
+ uint32_t flags, const char *name)
{
- if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
+ if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
ntlmssp_state->unicode = true;
ntlmssp_state->unicode = false;
}
- if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm) {
+ if ((flags & NTLMSSP_NEGOTIATE_LM_KEY) && ntlmssp_state->allow_lm_key) {
/* other end forcing us to use LM */
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
ntlmssp_state->use_ntlmv2 = false;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_128)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_56)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_SIGN)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
}
- if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+ if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
}
- if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
+ if ((flags & NTLMSSP_REQUEST_TARGET)) {
ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
}
+
+ return NT_STATUS_OK;
}
/* Does this blob looks like it could be NTLMSSP? */