[SCM] Samba Shared Repository - branch v3-5-test updated

Günther Deschner gd at samba.org
Thu Oct 15 07:05:30 MDT 2009


The branch, v3-5-test has been updated
       via  7936874... s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
       via  dfd22e3... s3-build: we need to have talloc 2.0.1 when building with external talloc.
       via  d4d2bbf... s3-passdb: missed two prototypes while moving to enum netr_SchannelType.
      from  1a25ef2... s3/docs: Add missing meta data to man ldbrename.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 7936874af1ab8b2449af41f38695b2946813adf7
Author: Günther Deschner <gd at samba.org>
Date:   Thu Oct 15 14:13:26 2009 +0200

    s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
    
    When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
    we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
    failing spnego_parse_auth() completely.
    
    By just using the shared spnego/asn1 code, we get the parsing the correct way.
    
    Guenther
    (cherry picked from commit 449ab398f58c6e0041621752322ebe24e6d70225)

commit dfd22e3c5dd21b62b9509c1a9781aaa671b528b3
Author: Günther Deschner <gd at samba.org>
Date:   Wed Oct 14 17:42:19 2009 +0200

    s3-build: we need to have talloc 2.0.1 when building with external talloc.
    
    2.0.0 did not got the exports right.
    This and the 2.0.1 talloc fixes resolve bug #6808.
    
    Guenther
    (cherry picked from commit 67b544ba968d08cd861fc2d6d5b8a0881880b0aa)

commit d4d2bbff2fd300d8c7001e3ee65d4c854a431ad9
Author: Günther Deschner <gd at samba.org>
Date:   Wed Oct 14 11:48:59 2009 +0200

    s3-passdb: missed two prototypes while moving to enum netr_SchannelType.
    
    Guenther
    (cherry picked from commit 075303560f545e59128a1bb16d6128a165830288)

-----------------------------------------------------------------------

Summary of changes:
 source3/Makefile.in        |    4 +++-
 source3/configure.in       |    2 +-
 source3/include/proto.h    |    6 ++++--
 source3/libsmb/clispnego.c |   31 ++++++++++++-------------------
 4 files changed, 20 insertions(+), 23 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 90faadf..d12c991 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -506,7 +506,9 @@ SCHANNEL_OBJ = ../libcli/auth/credentials.o \
 	       passdb/secrets_schannel.o
 
 LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
-	     libsmb/clikrb5.o libsmb/clispnego.o ../lib/util/asn1.o \
+	     libsmb/clikrb5.o libsmb/clispnego.o \
+	     ../libcli/auth/spnego_parse.o \
+	     ../lib/util/asn1.o \
 	     libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
 	     libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
 	     libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
diff --git a/source3/configure.in b/source3/configure.in
index 9775ce4..c98d526 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -4756,7 +4756,7 @@ AC_ARG_ENABLE(external_libtalloc, [AS_HELP_STRING([--enable-external-libtalloc],
 
 if test "x$enable_external_libtalloc" != xno
 then
-	PKG_CHECK_MODULES(LIBTALLOC, talloc >= 2.0.0,
+	PKG_CHECK_MODULES(LIBTALLOC, talloc >= 2.0.1,
 		[ enable_external_libtalloc=yes ],
 		[ if test x$enable_external_libtalloc = xyes; then
 		 	AC_MSG_ERROR([Unable to find libtalloc])
diff --git a/source3/include/proto.h b/source3/include/proto.h
index cc9fe87..6f81162 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4445,9 +4445,11 @@ bool pdb_update_autolock_flag(struct samu *sampass, bool *updated);
 bool pdb_increment_bad_password_count(struct samu *sampass);
 bool is_dc_trusted_domain_situation(const char *domain_name);
 bool get_trust_pw_clear(const char *domain, char **ret_pwd,
-			const char **account_name, uint32 *channel);
+			const char **account_name,
+			enum netr_SchannelType *channel);
 bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
-		       const char **account_name, uint32 *channel);
+		       const char **account_name,
+		       enum netr_SchannelType *channel);
 struct samr_LogonHours get_logon_hours_from_pdb(TALLOC_CTX *mem_ctx,
 						struct samu *pw);
 /* The following definitions come from passdb/pdb_compat.c  */
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 5d7e43d..1103ef8 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -495,31 +495,24 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
 */
 bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
 {
-	ASN1_DATA *data;
+	ssize_t len;
+	struct spnego_data token;
 
-	data = asn1_init(talloc_tos());
-	if (data == NULL) {
+	len = spnego_read_data(talloc_tos(), blob, &token);
+	if (len == -1) {
+		DEBUG(3,("spnego_parse_auth: spnego_read_data failed\n"));
 		return false;
 	}
 
-	asn1_load(data, blob);
-	asn1_start_tag(data, ASN1_CONTEXT(1));
-	asn1_start_tag(data, ASN1_SEQUENCE(0));
-	asn1_start_tag(data, ASN1_CONTEXT(2));
-	asn1_read_OctetString(data, talloc_autofree_context(), auth);
-	asn1_end_tag(data);
-	asn1_end_tag(data);
-	asn1_end_tag(data);
-
-	if (data->has_error) {
-		DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data->ofs));
-		data_blob_free(auth);
-		asn1_free(data);
-		return False;
+	if (token.type != SPNEGO_NEG_TOKEN_TARG) {
+		DEBUG(3,("spnego_parse_auth: wrong token type: %d\n",
+			token.type));
+		return false;
 	}
 
-	asn1_free(data);
-	return True;
+	*auth = token.negTokenTarg.responseToken;
+
+	return true;
 }
 
 /*


-- 
Samba Shared Repository


More information about the samba-cvs mailing list