Commit 3dc6390e authored by Kai Blin's avatar Kai Blin Committed by Alexandre Julliard

secur32: Improve version detection, move all the version detection to ntlm.c.

Also, as starting with Samba 3.0.24, ntlm_auth will have all the features we need, require that as minimal version and remove odd old-version compatibility hacks.
parent a3a2eaea
...@@ -20,6 +20,7 @@ ...@@ -20,6 +20,7 @@
#include "config.h" #include "config.h"
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h>
#ifdef HAVE_UNISTD_H #ifdef HAVE_UNISTD_H
#include <unistd.h> #include <unistd.h>
#endif #endif
...@@ -109,7 +110,7 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, ...@@ -109,7 +110,7 @@ SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
else else
{ {
*new_helper = helper; *new_helper = helper;
helper->version = -1; helper->major = helper->minor = helper->micro = -1;
helper->password = NULL; helper->password = NULL;
helper->com_buf = NULL; helper->com_buf = NULL;
helper->com_buf_size = 0; helper->com_buf_size = 0;
...@@ -273,6 +274,7 @@ void check_version(PNegoHelper helper) ...@@ -273,6 +274,7 @@ void check_version(PNegoHelper helper)
{ {
char temp[80]; char temp[80];
char *newline; char *newline;
int major = 0, minor = 0, micro = 0, ret;
TRACE("Checking version of helper\n"); TRACE("Checking version of helper\n");
if(helper != NULL) if(helper != NULL)
...@@ -286,18 +288,18 @@ void check_version(PNegoHelper helper) ...@@ -286,18 +288,18 @@ void check_version(PNegoHelper helper)
temp[len] = 0; temp[len] = 0;
TRACE("Exact version is %s\n", debugstr_a(temp)); TRACE("Exact version is %s\n", debugstr_a(temp));
if(strncmp(temp+8, "4", 1) == 0) ret = sscanf(temp, "Version %d.%d.%d", &major, &minor, &micro);
if(ret != 3)
{ {
helper->version = 4; ERR("Failed to get the helper version.\n");
} helper->major = helper->minor = helper->micro = -1;
else if(strncmp(temp+8, "3", 1) == 0)
{
helper->version = 3;
} }
else else
{ {
TRACE("Unknown version!\n"); TRACE("Version recognized: %d.%d.%d\n", major, minor, micro);
helper->version = -1; helper->major = major;
helper->minor = minor;
helper->micro = micro;
} }
} }
} }
......
...@@ -34,7 +34,9 @@ ...@@ -34,7 +34,9 @@
WINE_DEFAULT_DEBUG_CHANNEL(secur32); WINE_DEFAULT_DEBUG_CHANNEL(secur32);
#define NTLM_MAX_BUF 1904 #define NTLM_MAX_BUF 1904
#define MIN_NTLM_AUTH_MAJOR_VERSION 3
#define MIN_NTLM_AUTH_MINOR_VERSION 0
#define MIN_NTLM_AUTH_MICRO_VERSION 24
static CHAR ntlm_auth[] = "ntlm_auth"; static CHAR ntlm_auth[] = "ntlm_auth";
...@@ -524,7 +526,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -524,7 +526,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
!= SEC_E_OK) != SEC_E_OK)
goto isc_end; goto isc_end;
if(!strncmp(buffer, "BH", 2)) if(!strncmp(buffer, "BH", 2))
TRACE("Helper doesn't understand new command set\n"); ERR("Helper doesn't understand new command set. Expect more things to fail.\n");
} }
lstrcpynA(buffer, "YR", max_len-1); lstrcpynA(buffer, "YR", max_len-1);
...@@ -545,8 +547,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -545,8 +547,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
max_len-1, &bin_len)) != SEC_E_OK) max_len-1, &bin_len)) != SEC_E_OK)
goto isc_end; goto isc_end;
/* We need to set NTLMSSP_NEGOTIATE_ALWAYS_SIGN manually for now */
bin[13] |= 0x80;
/* put the decoded client blob into the out buffer */ /* put the decoded client blob into the out buffer */
ret = SEC_I_CONTINUE_NEEDED; ret = SEC_I_CONTINUE_NEEDED;
...@@ -653,7 +653,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -653,7 +653,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if(buffer_len < 3) if(buffer_len < 3)
{ {
TRACE("No flags negotiated, or helper does not support GF command\n"); TRACE("No flags negotiated.\n");
helper->neg_flags = 0l; helper->neg_flags = 0l;
} }
else else
...@@ -670,7 +670,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( ...@@ -670,7 +670,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
if(strncmp(buffer, "BH", 2) == 0) if(strncmp(buffer, "BH", 2) == 0)
{ {
TRACE("Helper does not understand command or no key negotiated.\n"); TRACE("No key negotiated.\n");
helper->valid_session_key = FALSE; helper->valid_session_key = FALSE;
helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16); helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
/*Generate the dummy session key = MD4(MD4(password))*/ /*Generate the dummy session key = MD4(MD4(password))*/
...@@ -1753,12 +1753,15 @@ void SECUR32_initNTLMSP(void) ...@@ -1753,12 +1753,15 @@ void SECUR32_initNTLMSP(void)
{ {
/* Cheat and allocate a helper anyway, so cleanup later will work. */ /* Cheat and allocate a helper anyway, so cleanup later will work. */
helper = HeapAlloc(GetProcessHeap(),0, sizeof(PNegoHelper)); helper = HeapAlloc(GetProcessHeap(),0, sizeof(PNegoHelper));
helper->version = -1; helper->major = helper->minor = helper->micro = -1;
} }
else else
check_version(helper); check_version(helper);
if(helper->version > 2) if( (helper->major > MIN_NTLM_AUTH_MAJOR_VERSION) ||
(helper->major = MIN_NTLM_AUTH_MAJOR_VERSION &&
helper->minor >= MIN_NTLM_AUTH_MINOR_VERSION &&
helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION) )
{ {
SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL); SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
SECUR32_addPackages(provider, 1L, &infoA, &infoW); SECUR32_addPackages(provider, 1L, &infoA, &infoW);
...@@ -1766,7 +1769,7 @@ void SECUR32_initNTLMSP(void) ...@@ -1766,7 +1769,7 @@ void SECUR32_initNTLMSP(void)
else else
{ {
ERR("%s was not found or is outdated. " ERR("%s was not found or is outdated. "
"Make sure that ntlm_auth >= 3.x is in your path.\n", "Make sure that ntlm_auth >= 3.0.24 is in your path.\n",
ntlm_auth); ntlm_auth);
} }
cleanup_helper(helper); cleanup_helper(helper);
......
...@@ -65,7 +65,9 @@ typedef struct _NegoHelper { ...@@ -65,7 +65,9 @@ typedef struct _NegoHelper {
int pwlen; int pwlen;
int pipe_in; int pipe_in;
int pipe_out; int pipe_out;
int version; int major;
int minor;
int micro;
char *com_buf; char *com_buf;
int com_buf_size; int com_buf_size;
int com_buf_offset; int com_buf_offset;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment