Attachment 10073 Details for Bug 10691 – Partial fix

[patch] Partial fix

ntlm-ccache-session-key.patch (text/plain), 3.17 KB, created by David Woodhouse on 2014-07-05 23:15:22 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: David Woodhouse

Created: 2014-07-05 23:15:22 UTC

Size: 3.17 KB

patch

obsolete

>diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
>index b3bbaa4..25e4034 100644
>--- a/source3/utils/ntlm_auth.c
>+++ b/source3/utils/ntlm_auth.c
>@@ -1151,7 +1151,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
> *******************************************************************/
> 
> static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_msg,
>-				DATA_BLOB *reply)
>+				DATA_BLOB *reply, DATA_BLOB *session_key)
> {
> 	struct winbindd_request wb_request;
> 	struct winbindd_response wb_response;
>@@ -1211,9 +1211,18 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m
> 			return NT_STATUS_NO_MEMORY;
> 		}
> 	}
>-
>+	if (session_key) {
>+		*session_key = data_blob(wb_response.data.ccache_ntlm_auth.session_key,
>+					 sizeof(wb_response.data.ccache_ntlm_auth.session_key));
>+		if (session_key->data == NULL) {
>+			if (reply)
>+				data_blob_free(reply);
>+			winbindd_free_response(&wb_response);
>+			return NT_STATUS_NO_MEMORY;
>+		}
>+	}
> 	winbindd_free_response(&wb_response);
>-	return NT_STATUS_MORE_PROCESSING_REQUIRED;
>+	return NT_STATUS_OK;
> }
> 
> static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode,
>@@ -1271,8 +1280,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
> 		/* check whether cached credentials are usable. */
> 		DATA_BLOB empty_blob = data_blob_null;
> 
>-		nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL);
>-		if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
>+		nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL, NULL);
>+		if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) {
> 			/* failed to use cached creds */
> 			use_cached_creds = False;
> 		}
>@@ -1344,10 +1353,23 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
> 	if (use_cached_creds && !opt_password &&
> 			(state->cli_state == CLIENT_RESPONSE)) {
> 		nt_status = do_ccache_ntlm_auth(state->initial_message, request,
>-				&reply);
>+						&reply, &state->session_key);
>+		if (NT_STATUS_IS_OK(nt_status)) {
>+			state->have_session_key = true;
>+		}
> 	} else {
> 		nt_status = ntlmssp_update(state->ntlmssp_state, request,
> 				&reply);
>+		if (NT_STATUS_IS_OK(nt_status)) {
>+			if(state->have_session_key)
>+				data_blob_free(&state->session_key);
>+
>+			state->session_key = data_blob(
>+					state->ntlmssp_state->session_key.data,
>+					state->ntlmssp_state->session_key.length);
>+			state->neg_flags = state->ntlmssp_state->neg_flags;
>+			state->have_session_key = true;
>+		}
> 	}
> 
> 	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
>@@ -1369,15 +1391,6 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
> 		x_fprintf(x_stdout, "AF %s\n", reply_base64);
> 		TALLOC_FREE(reply_base64);
> 
>-		if(state->have_session_key)
>-			data_blob_free(&state->session_key);
>-
>-		state->session_key = data_blob(
>-				state->ntlmssp_state->session_key.data,
>-				state->ntlmssp_state->session_key.length);
>-		state->neg_flags = state->ntlmssp_state->neg_flags;
>-		state->have_session_key = true;
>-
> 		DEBUG(10, ("NTLMSSP OK!\n"));
> 		state->cli_state = CLIENT_FINISHED;
> 		TALLOC_FREE(state->ntlmssp_state);

Actions: View

Attachments on bug 10691: 10073