The Samba-Bugzilla – Attachment 10073 Details for
Bug 10691
ntlm_auth doesn't give up session key when used with cached credentials
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Partial fix
ntlm-ccache-session-key.patch (text/plain), 3.17 KB, created by
David Woodhouse
on 2014-07-05 23:15:22 UTC
(
hide
)
Description:
Partial fix
Filename:
MIME Type:
Creator:
David Woodhouse
Created:
2014-07-05 23:15:22 UTC
Size:
3.17 KB
patch
obsolete
>diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c >index b3bbaa4..25e4034 100644 >--- a/source3/utils/ntlm_auth.c >+++ b/source3/utils/ntlm_auth.c >@@ -1151,7 +1151,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx, > *******************************************************************/ > > static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_msg, >- DATA_BLOB *reply) >+ DATA_BLOB *reply, DATA_BLOB *session_key) > { > struct winbindd_request wb_request; > struct winbindd_response wb_response; >@@ -1211,9 +1211,18 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m > return NT_STATUS_NO_MEMORY; > } > } >- >+ if (session_key) { >+ *session_key = data_blob(wb_response.data.ccache_ntlm_auth.session_key, >+ sizeof(wb_response.data.ccache_ntlm_auth.session_key)); >+ if (session_key->data == NULL) { >+ if (reply) >+ data_blob_free(reply); >+ winbindd_free_response(&wb_response); >+ return NT_STATUS_NO_MEMORY; >+ } >+ } > winbindd_free_response(&wb_response); >- return NT_STATUS_MORE_PROCESSING_REQUIRED; >+ return NT_STATUS_OK; > } > > static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode, >@@ -1271,8 +1280,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo > /* check whether cached credentials are usable. */ > DATA_BLOB empty_blob = data_blob_null; > >- nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL); >- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { >+ nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL, NULL); >+ if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) { > /* failed to use cached creds */ > use_cached_creds = False; > } >@@ -1344,10 +1353,23 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo > if (use_cached_creds && !opt_password && > (state->cli_state == CLIENT_RESPONSE)) { > nt_status = do_ccache_ntlm_auth(state->initial_message, request, >- &reply); >+ &reply, &state->session_key); >+ if (NT_STATUS_IS_OK(nt_status)) { >+ state->have_session_key = true; >+ } > } else { > nt_status = ntlmssp_update(state->ntlmssp_state, request, > &reply); >+ if (NT_STATUS_IS_OK(nt_status)) { >+ if(state->have_session_key) >+ data_blob_free(&state->session_key); >+ >+ state->session_key = data_blob( >+ state->ntlmssp_state->session_key.data, >+ state->ntlmssp_state->session_key.length); >+ state->neg_flags = state->ntlmssp_state->neg_flags; >+ state->have_session_key = true; >+ } > } > > if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { >@@ -1369,15 +1391,6 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo > x_fprintf(x_stdout, "AF %s\n", reply_base64); > TALLOC_FREE(reply_base64); > >- if(state->have_session_key) >- data_blob_free(&state->session_key); >- >- state->session_key = data_blob( >- state->ntlmssp_state->session_key.data, >- state->ntlmssp_state->session_key.length); >- state->neg_flags = state->ntlmssp_state->neg_flags; >- state->have_session_key = true; >- > DEBUG(10, ("NTLMSSP OK!\n")); > state->cli_state = CLIENT_FINISHED; > TALLOC_FREE(state->ntlmssp_state);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 10691
: 10073