[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Jul 19 18:16:07 MDT 2010
The branch, master has been updated
via 0bb8d13... Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit(). We now have one function to do this in all calling code. More rationalization to follow.
from 8cba4a0... Move the addition of the 16 byte guid out of spnego_gen_negTokenInit() and into negprot_spnego() where it belongs (it's not an SPNEGO operation). Add a TALLOC_CTX for callers of negprot_spnego(). Closer to unifying all the gen_negTokenXXX calls.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0bb8d133c9a39873828dbe977513edd31e1a7045
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jul 19 17:14:26 2010 -0700
Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit().
We now have one function to do this in all calling code. More rationalization
to follow.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 4 +-
source3/libads/sasl.c | 3 +-
source3/libsmb/cliconnect.c | 3 +-
source3/libsmb/clispnego.c | 70 ++++++++++-------------------------------
source3/rpc_client/cli_pipe.c | 3 +-
source3/smbd/negprot.c | 6 ++--
6 files changed, 28 insertions(+), 61 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a0bb55c..a85f7b5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2821,9 +2821,9 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
/* The following definitions come from libsmb/clispnego.c */
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+ DATA_BLOB *psecblob,
const char *principal);
-DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob);
bool spnego_parse_negTokenInit(DATA_BLOB blob,
char *OIDs[ASN1_MAX_OIDS],
char **principal,
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index aa3acbd..b314eb9 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -190,8 +190,9 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
|| NT_STATUS_IS_OK(nt_status))
&& blob_out.length) {
if (turn == 1) {
+ const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
/* and wrap it in a SPNEGO wrapper */
- msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
+ msg1 = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 7fe359b..a8e359d 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -984,6 +984,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
struct cli_session_setup_ntlmssp_state *state;
NTSTATUS status;
DATA_BLOB blob_out;
+ const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
req = tevent_req_create(mem_ctx, &state,
struct cli_session_setup_ntlmssp_state);
@@ -1032,7 +1033,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
goto fail;
}
- state->blob_out = gen_negTokenInit(OID_NTLMSSP, blob_out);
+ state->blob_out = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
data_blob_free(&blob_out);
subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 2cf2764..e1eb03b 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -25,9 +25,11 @@
/*
generate a negTokenInit packet given a list of supported
- OIDs (the mechanisms) and a principal name string
+ OIDs (the mechanisms) a blob, and a principal name string
*/
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+ DATA_BLOB *psecblob,
const char *principal)
{
int i;
@@ -52,61 +54,23 @@ DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
asn1_pop_tag(data);
asn1_pop_tag(data);
- asn1_push_tag(data, ASN1_CONTEXT(3));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_push_tag(data, ASN1_CONTEXT(0));
- asn1_write_GeneralString(data,principal);
- asn1_pop_tag(data);
- asn1_pop_tag(data);
- asn1_pop_tag(data);
-
- asn1_pop_tag(data);
- asn1_pop_tag(data);
-
- asn1_pop_tag(data);
-
- if (data->has_error) {
- DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
+ if (psecblob && psecblob->length && psecblob->data) {
+ asn1_push_tag(data, ASN1_CONTEXT(2));
+ asn1_write_OctetString(data,psecblob->data,
+ psecblob->length);
+ asn1_pop_tag(data);
}
- ret = data_blob(data->data, data->length);
- asn1_free(data);
-
- return ret;
-}
-
-/*
- Generate a negTokenInit as used by the client side ... It has a mechType
- (OID), and a mechToken (a security blob) ...
-
- Really, we need to break out the NTLMSSP stuff as well, because it could be
- raw in the packets!
-*/
-DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
-{
- ASN1_DATA *data;
- DATA_BLOB ret;
-
- data = asn1_init(talloc_tos());
- if (data == NULL) {
- return data_blob_null;
+ if (principal) {
+ asn1_push_tag(data, ASN1_CONTEXT(3));
+ asn1_push_tag(data, ASN1_SEQUENCE(0));
+ asn1_push_tag(data, ASN1_CONTEXT(0));
+ asn1_write_GeneralString(data,principal);
+ asn1_pop_tag(data);
+ asn1_pop_tag(data);
+ asn1_pop_tag(data);
}
- asn1_push_tag(data, ASN1_APPLICATION(0));
- asn1_write_OID(data,OID_SPNEGO);
- asn1_push_tag(data, ASN1_CONTEXT(0));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
-
- asn1_push_tag(data, ASN1_CONTEXT(0));
- asn1_push_tag(data, ASN1_SEQUENCE(0));
- asn1_write_OID(data, OID);
- asn1_pop_tag(data);
- asn1_pop_tag(data);
-
- asn1_push_tag(data, ASN1_CONTEXT(2));
- asn1_write_OctetString(data,blob.data,blob.length);
- asn1_pop_tag(data);
-
asn1_pop_tag(data);
asn1_pop_tag(data);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8dd9386..2e77746 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1338,6 +1338,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
DATA_BLOB null_blob = data_blob_null;
DATA_BLOB request = data_blob_null;
DATA_BLOB spnego_msg = data_blob_null;
+ const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
@@ -1350,7 +1351,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
}
/* Wrap this in SPNEGO. */
- spnego_msg = gen_negTokenInit(OID_NTLMSSP, request);
+ spnego_msg = spnego_gen_negTokenInit(OIDs_ntlm, &request, NULL);
data_blob_free(&request);
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index e7cf5b7..c5c83ca 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -189,7 +189,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
OID_KERBEROS5_OLD,
OID_NTLMSSP,
NULL};
- const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
+ const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
sconn->smb1.negprot.spnego = true;
/* strangely enough, NT does not sent the single OID NTLMSSP when
@@ -211,7 +211,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
blob = data_blob(guid, 16);
#else
/* Code for standalone WXP client */
- blob = spnego_gen_negTokenInit(OIDs_plain, "NONE");
+ blob = spnego_gen_negTokenInit(OIDs_ntlm, NULL, "NONE");
#endif
} else {
fstring myname;
@@ -222,7 +222,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
== -1) {
return data_blob_null;
}
- blob = spnego_gen_negTokenInit(OIDs_krb5, host_princ_s);
+ blob = spnego_gen_negTokenInit(OIDs_krb5, NULL, host_princ_s);
SAFE_FREE(host_princ_s);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list