svn commit: samba r13177 - in trunk/source: libsmb rpc_server

jra at samba.org jra at samba.org
Fri Jan 27 02:36:27 GMT 2006


Author: jra
Date: 2006-01-27 02:36:26 +0000 (Fri, 27 Jan 2006)
New Revision: 13177

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13177

Log:
Fix show-stopper bug for 3.0.21b where 4 leg NTLMSSP SPNEGO
auth was not generating the correct auth header on the 4th
packet. This may fix a lot of Windows client complaints and
is essential for release.
Jeremy.

Modified:
   trunk/source/libsmb/spnego.c
   trunk/source/rpc_server/srv_pipe.c


Changeset:
Modified: trunk/source/libsmb/spnego.c
===================================================================
--- trunk/source/libsmb/spnego.c	2006-01-27 02:35:08 UTC (rev 13176)
+++ trunk/source/libsmb/spnego.c	2006-01-27 02:36:26 UTC (rev 13177)
@@ -341,4 +341,3 @@
 out:
 	return ret;
 }
-

Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c	2006-01-27 02:35:08 UTC (rev 13176)
+++ trunk/source/rpc_server/srv_pipe.c	2006-01-27 02:36:26 UTC (rev 13177)
@@ -1189,12 +1189,17 @@
 static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p,
 					RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
-	DATA_BLOB spnego_blob, auth_blob, auth_reply;
+	RPC_HDR_AUTH auth_info;
+	DATA_BLOB spnego_blob;
+	DATA_BLOB auth_blob;
+	DATA_BLOB auth_reply;
+	DATA_BLOB response;
 	AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state;
 
 	ZERO_STRUCT(spnego_blob);
 	ZERO_STRUCT(auth_blob);
 	ZERO_STRUCT(auth_reply);
+	ZERO_STRUCT(response);
 
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP || !a) {
 		DEBUG(0,("pipe_spnego_auth_bind_continue: not in NTLMSSP auth state.\n"));
@@ -1231,7 +1236,24 @@
 
 	data_blob_free(&spnego_blob);
 	data_blob_free(&auth_blob);
+
+	/* Generate the spnego "accept completed" blob - no incoming data. */
+	response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP);
+
+	/* Copy the blob into the pout_auth parse struct */
+	init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+	if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
+		DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n"));
+		goto err;
+	}
+
+	if (!prs_copy_data_in(pout_auth, (char *)response.data, response.length)) {
+		DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of data blob failed.\n"));
+		goto err;
+	}
+
 	data_blob_free(&auth_reply);
+	data_blob_free(&response);
 
 	p->pipe_bound = True;
 
@@ -1242,6 +1264,7 @@
 	data_blob_free(&spnego_blob);
 	data_blob_free(&auth_blob);
 	data_blob_free(&auth_reply);
+	data_blob_free(&response);
 
 	free_pipe_ntlmssp_auth_data(&p->auth);
 	p->auth.a_u.auth_ntlmssp_state = NULL;



More information about the samba-cvs mailing list