svn commit: samba r21923 - in branches/SAMBA_3_0/source/libsmb: .

jra at samba.org jra at samba.org
Thu Mar 22 00:08:26 GMT 2007 

Author: jra
Date: 2007-03-22 00:08:22 +0000 (Thu, 22 Mar 2007)
New Revision: 21923

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21923

Log:
Add in the gss decrypt.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libsmb/smb_seal.c


Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/smb_seal.c	2007-03-21 23:49:57 UTC (rev 21922)
+++ branches/SAMBA_3_0/source/libsmb/smb_seal.c	2007-03-22 00:08:22 UTC (rev 21923)
@@ -121,13 +121,54 @@
 
 /******************************************************************************
  Generic code for client and server.
- gss-api decrypt an incoming buffer.
+ gss-api decrypt an incoming buffer. We insist that the size of the
+ unwrapped buffer must be smaller or identical to the incoming buffer.
 ******************************************************************************/
 
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
  NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
 {
-	return NT_STATUS_NOT_SUPPORTED;
+	OM_uint32 ret = 0;
+	OM_uint32 minor = 0;
+	int flags_got = 0;
+	gss_buffer_desc in_buf, out_buf;
+	size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */
+
+	if (buf_len < 8) {
+		return NT_STATUS_BUFFER_TOO_SMALL;
+	}
+
+	in_buf.value = buf + 8;
+	in_buf.length = buf_len - 8;
+
+	ret = gss_unwrap(&minor,
+			context_handle,
+			&in_buf,
+			&out_buf,
+			&flags_got,		/* did we get sign+seal ? */
+			(gss_qop_t *) NULL);	
+
+	if (ret != GSS_S_COMPLETE) {
+		ADS_STATUS adss = ADS_ERROR_GSS(ret, minor);
+		DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap failed. Error %s\n",
+			ads_errstr(adss) ));
+		/* Um - no mapping for gss-errs to NTSTATUS yet. */
+		return ads_ntstatus(adss);
+	}
+
+	if (out_buf.length > in_buf.length) {
+		DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap size (%u) too large (%u) !\n",
+			(unsigned int)out_buf.length,
+			(unsigned int)in_buf.length ));
+		gss_release_buffer(&minor, &out_buf);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	memcpy(buf + 8, out_buf.value, out_buf.length);
+	smb_setlen(buf, out_buf.length + 4);
+
+	gss_release_buffer(&minor, &out_buf);
+	return NT_STATUS_OK;
 }
 #endif
 
@@ -194,8 +235,9 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	smb_setlen(*ppbuf_out, out_buf.length + 8);
 	memcpy(*ppbuf_out+8, out_buf.value, out_buf.length);
+	smb_setlen(*ppbuf_out, out_buf.length + 4);
+
 	gss_release_buffer(&minor, &out_buf);
 	return NT_STATUS_OK;
 }

More information about the samba-cvs mailing list