Rev 5342: merge from upstream in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/

Michael Adam ma at sernet.de
Thu Apr 5 20:28:20 GMT 2007 

At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/

------------------------------------------------------------
revno: 5342
revision-id: ma at sernet.de-20070405202817-bd78d74d5cb04968
parent: ma at sernet.de-20070405122350-02dc749084813baf
parent: metze at samba.org-20070405170237-t2gytdk0fu5gw3rc
committer: Michael Adam <ma at sernet.de>
branch nick: SAMBA_3_0-registry.bzr
timestamp: Thu 2007-04-05 22:28:17 +0200
message:
  merge from upstream
modified:
  REVISION                       REVISION-20060530022625-68239662668b41c3
  source/libads/sasl.c           sasl.c-20060530022627-de2e2050d01ecfd2
  source/libsmb/cliconnect.c     cliconnect.c-20060530022627-fb16a3a9bd86c44d
  source/libsmb/clispnego.c      clispnego.c-20060530022627-62f24675b797009c
  source/libsmb/samlogon_cache.c samlogon_cache.c-20060530081558-752eb588cc2c12ab
  source/rpc_client/cli_pipe.c   cli_pipe.c-20060530022627-f3308aaa033a1d34
    ------------------------------------------------------------
    merged: metze at samba.org-20070405170237-t2gytdk0fu5gw3rc
    parent: metze at samba.org-20070405170151-nl75woedz7424ijy
    committer: metze at samba.org
    branch nick: SAMBA_3_0.bzr
    timestamp: Thu 2007-04-05 12:02:37 -0500
    message:
      metze at samba.org (r22093)  2007-04-05 07:36:10 -0500 (Thu, 05 Apr 2007)
          
          send also the correct OID_KERBEROS5 not only the broken
          OID_KERBEROS_OLD one.
          
          metze
    ------------------------------------------------------------
    merged: metze at samba.org-20070405170151-nl75woedz7424ijy
    parent: vlendec at samba.org-20070405170106-y4v8otn64tmeexc8
    committer: metze at samba.org
    branch nick: SAMBA_3_0.bzr
    timestamp: Thu 2007-04-05 12:01:51 -0500
    message:
      metze at samba.org (r22092)  2007-04-05 07:30:23 -0500 (Thu, 05 Apr 2007)
          
          - make spnego_parse_auth_response() more generic and
          not specific for NTLMSSP
          - it's possible that the server sends a mechOID and authdata
          if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
          force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
          
          metze
    ------------------------------------------------------------
    merged: vlendec at samba.org-20070405170106-y4v8otn64tmeexc8
    parent: jra at samba.org-20070405050043-e5k93h9v5nsdq3ov
    committer: vlendec at samba.org
    branch nick: SAMBA_3_0.bzr
    timestamp: Thu 2007-04-05 12:01:06 -0500
    message:
      vlendec at samba.org (r22091)  2007-04-05 06:13:25 -0500 (Thu, 05 Apr 2007)
          
          Fix an uninitialized variable warning
=== modified file 'REVISION'
--- a/REVISION	2007-04-05 05:00:43 +0000
+++ b/REVISION	2007-04-05 17:02:37 +0000
@@ -2,9 +2,9 @@
 URL: svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0
 Repository Root: svn+ssh://svn.samba.org/home/svn/samba
 Repository UUID: 0c0555d6-39d7-0310-84fc-f1cc0bd64818
-Revision: 22080
+Revision: 22093
 Node Kind: directory
-Last Changed Author: jra
-Last Changed Rev: 22080
-Last Changed Date: 2007-04-04 18:33:07 -0500 (Wed, 04 Apr 2007)
+Last Changed Author: metze
+Last Changed Rev: 22093
+Last Changed Date: 2007-04-05 07:36:10 -0500 (Thu, 05 Apr 2007)
 

=== modified file 'source/libads/sasl.c'
--- a/source/libads/sasl.c	2007-04-04 23:00:42 +0000
+++ b/source/libads/sasl.c	2007-04-05 17:01:51 +0000
@@ -114,7 +114,7 @@
 			}
 			data_blob_free(&tmp_blob);
 		} else if (rc == LDAP_SASL_BIND_IN_PROGRESS) {
-			if (!spnego_parse_auth_response(blob, nt_status, 
+			if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP, 
 							&blob_in)) {
 
 				ntlmssp_end(&ntlmssp_state);

=== modified file 'source/libsmb/cliconnect.c'
--- a/source/libsmb/cliconnect.c	2007-03-30 15:34:17 +0000
+++ b/source/libsmb/cliconnect.c	2007-04-05 17:01:51 +0000
@@ -722,7 +722,7 @@
 			}
 			data_blob_free(&tmp_blob);
 		} else {
-			if (!spnego_parse_auth_response(blob, nt_status, 
+			if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP, 
 							&blob_in)) {
 				DEBUG(3,("Failed to parse auth response\n"));
 				if (NT_STATUS_IS_OK(nt_status) 

=== modified file 'source/libsmb/clispnego.c'
--- a/source/libsmb/clispnego.c	2007-02-09 14:16:07 +0000
+++ b/source/libsmb/clispnego.c	2007-04-05 17:02:37 +0000
@@ -348,7 +348,7 @@
 {
 	int retval;
 	DATA_BLOB tkt, tkt_wrapped;
-	const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
+	const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL};
 
 	/* get a kerberos ticket for the service and extract the session key */
 	retval = cli_krb5_get_ticket(principal, time_offset,
@@ -518,9 +518,10 @@
 }
 
 /*
- parse a SPNEGO NTLMSSP auth packet. This contains the encrypted passwords
+ parse a SPNEGO auth packet. This contains the encrypted passwords
 */
-BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, 
+BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
+				const char *mechOID,
 				DATA_BLOB *auth)
 {
 	ASN1_DATA data;
@@ -541,14 +542,20 @@
 	asn1_check_enumerated(&data, negResult);
 	asn1_end_tag(&data);
 
-	if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) {
+	*auth = data_blob(NULL,0);
+
+	if (asn1_tag_remaining(&data)) {
 		asn1_start_tag(&data,ASN1_CONTEXT(1));
-		asn1_check_OID(&data, OID_NTLMSSP);
-		asn1_end_tag(&data);
-		
-		asn1_start_tag(&data,ASN1_CONTEXT(2));
-		asn1_read_OctetString(&data, auth);
-		asn1_end_tag(&data);
+		asn1_check_OID(&data, mechOID);
+		asn1_end_tag(&data);
+
+		if (asn1_tag_remaining(&data)) {
+			asn1_start_tag(&data,ASN1_CONTEXT(2));
+			asn1_read_OctetString(&data, auth);
+			asn1_end_tag(&data);
+		}
+	} else if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) {
+		data.has_error = 1;
 	}
 
 	asn1_end_tag(&data);

=== modified file 'source/libsmb/samlogon_cache.c'
--- a/source/libsmb/samlogon_cache.c	2007-03-30 15:43:31 +0000
+++ b/source/libsmb/samlogon_cache.c	2007-04-05 17:01:06 +0000
@@ -59,7 +59,6 @@
 ***********************************************************************/
 void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
 {
-	TDB_DATA key;
 	BOOL got_tdb = False;
 	DOM_SID sid;
 	fstring key_str, sid_string;
@@ -93,7 +92,7 @@
 
 	fstr_sprintf(key_str, "UG/%s", sid_to_string(sid_string, &sid));
 
-	DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr));
+	DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key_str));
 
 	tdb_delete(tdb, string_tdb_data(key_str));
 

=== modified file 'source/rpc_client/cli_pipe.c'
--- a/source/rpc_client/cli_pipe.c	2007-03-30 15:39:51 +0000
+++ b/source/rpc_client/cli_pipe.c	2007-04-05 17:01:51 +0000
@@ -2002,7 +2002,7 @@
 	prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len);
 
 	/* Check we got a valid auth response. */
-	if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, &tmp_blob)) {
+	if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) {
 		data_blob_free(&server_spnego_response);
 		data_blob_free(&tmp_blob);
 		return NT_STATUS_INVALID_PARAMETER;

More information about the samba-cvs mailing list