[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Jan 12 22:33:03 MST 2012
The branch, master has been updated
via 342be28 s3:build: add auth/gensec/spnego.o
via 01f246e auth/gensec: move spnego.c to the toplevel
via d88af2f auth/gensec: common helper functions should be in gensec_util.c
via 3ad7ca5 s4:auth/gensec: inline packet_full_request_u32()
via edaa933 auth/gensec: add some more functions from gensec_start.c to gensec.h
via bb6e648 auth/gensec: make sure functions from gensec.c are in gensec.h
via 36829cf s4:auth/gensec: fix compiler warnings in spnego.c
from 339d5ea s3-selftest The krb5 encrypted CIFS test was wrong
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 342be2851a286588ebe5d0cc7e98fc22e9416d80
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 15:42:08 2012 +0100
s3:build: add auth/gensec/spnego.o
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
commit 01f246e873ed15ce7eb9c7a523a5efbfa36c2496
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 12:21:21 2012 +0100
auth/gensec: move spnego.c to the toplevel
metze
commit d88af2fe24bfc3a55cd2bbfc8898a8dd21cc7cda
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 22:03:07 2012 +0100
auth/gensec: common helper functions should be in gensec_util.c
This makes the dependencies easier to handle.
metze
commit 3ad7ca59b3914c41486953ebe00221737ccf3d15
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 22:56:03 2012 +0100
s4:auth/gensec: inline packet_full_request_u32()
This removes the dependency to s4 specific code.
metze
commit edaa933b17b98223f0a951777ff507d96692229a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 16:18:38 2012 +0100
auth/gensec: add some more functions from gensec_start.c to gensec.h
metze
commit bb6e64802ee16bf694639546e131817459b26fca
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 16:18:38 2012 +0100
auth/gensec: make sure functions from gensec.c are in gensec.h
metze
commit 36829cff8f006c52af8d43484f9252f9d1cbd745
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 12 17:07:41 2012 +0100
s4:auth/gensec: fix compiler warnings in spnego.c
metze
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.c | 10 ++--
auth/gensec/gensec.h | 19 +++++
auth/gensec/gensec_start.c | 36 ++++++-----
auth/gensec/gensec_util.c | 116 ++++++++++++++++++++++++++++++++
{source4/auth => auth}/gensec/spnego.c | 7 +--
auth/gensec/wscript_build | 7 ++
source3/Makefile.in | 11 ++--
source3/configure.in | 3 +
source4/auth/gensec/socket.c | 99 ---------------------------
source4/auth/gensec/wscript_build | 9 ---
10 files changed, 178 insertions(+), 139 deletions(-)
rename {source4/auth => auth}/gensec/spnego.c (99%)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index d1dcc75..1e61bf0 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -111,7 +111,7 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t
return gensec_security->ops->sig_size(gensec_security, data_size);
}
-size_t gensec_max_wrapped_size(struct gensec_security *gensec_security)
+_PUBLIC_ size_t gensec_max_wrapped_size(struct gensec_security *gensec_security)
{
if (!gensec_security->ops->max_wrapped_size) {
return (1 << 17);
@@ -120,7 +120,7 @@ size_t gensec_max_wrapped_size(struct gensec_security *gensec_security)
return gensec_security->ops->max_wrapped_size(gensec_security);
}
-size_t gensec_max_input_size(struct gensec_security *gensec_security)
+_PUBLIC_ size_t gensec_max_input_size(struct gensec_security *gensec_security)
{
if (!gensec_security->ops->max_input_size) {
return (1 << 17) - gensec_sig_size(gensec_security, 1 << 17);
@@ -185,13 +185,13 @@ _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
return gensec_security->ops->session_info(gensec_security, mem_ctx, session_info);
}
-void gensec_set_max_update_size(struct gensec_security *gensec_security,
+_PUBLIC_ void gensec_set_max_update_size(struct gensec_security *gensec_security,
uint32_t max_update_size)
{
gensec_security->max_update_size = max_update_size;
}
-size_t gensec_max_update_size(struct gensec_security *gensec_security)
+_PUBLIC_ size_t gensec_max_update_size(struct gensec_security *gensec_security)
{
if (gensec_security->max_update_size == 0) {
return UINT32_MAX;
@@ -571,7 +571,7 @@ _PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_sec
return NT_STATUS_OK;
}
-const char *gensec_get_target_principal(struct gensec_security *gensec_security)
+_PUBLIC_ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
{
if (gensec_security->target.principal) {
return gensec_security->target.principal;
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 9982718..b03bcd8 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -252,7 +252,25 @@ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security,
const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string);
struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security);
NTSTATUS gensec_init(void);
+NTSTATUS gensec_register(const struct gensec_security_ops *ops);
+const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security *gensec_security,
+ const char *oid_string);
+const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_security *gensec_security,
+ const char *sasl_name);
+struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx);
+const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
+ struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const char **oid_strings,
+ const char *skip);
+const char **gensec_security_oids(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const char *skip);
+const char **gensec_security_oids_from_ops_wrapped(TALLOC_CTX *mem_ctx,
+ const struct gensec_security_ops_wrapper *wops);
size_t gensec_max_input_size(struct gensec_security *gensec_security);
+size_t gensec_max_wrapped_size(struct gensec_security *gensec_security);
NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -316,6 +334,7 @@ int gensec_setting_int(struct gensec_settings *settings, const char *mechanism,
bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
+const char *gensec_get_target_principal(struct gensec_security *gensec_security);
NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
struct gensec_security *gensec_security,
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 016967a..08b2fb6 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -114,8 +114,9 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
return new_gensec_list;
}
-struct gensec_security_ops **gensec_security_mechs(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx)
+_PUBLIC_ struct gensec_security_ops **gensec_security_mechs(
+ struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx)
{
struct gensec_security_ops **backends;
if (!gensec_security) {
@@ -166,8 +167,9 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens
return NULL;
}
-const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security *gensec_security,
- const char *oid_string)
+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_oid(
+ struct gensec_security *gensec_security,
+ const char *oid_string)
{
int i, j;
struct gensec_security_ops **backends;
@@ -198,8 +200,9 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security
return NULL;
}
-const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_security *gensec_security,
- const char *sasl_name)
+_PUBLIC_ const struct gensec_security_ops *gensec_security_by_sasl_name(
+ struct gensec_security *gensec_security,
+ const char *sasl_name)
{
int i;
struct gensec_security_ops **backends;
@@ -327,10 +330,11 @@ const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_se
* attached to the gensec_security, and return in our preferred order.
*/
-const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const char **oid_strings,
- const char *skip)
+_PUBLIC_ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(
+ struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const char **oid_strings,
+ const char *skip)
{
struct gensec_security_ops_wrapper *backends_out;
struct gensec_security_ops **backends;
@@ -451,8 +455,8 @@ const char **gensec_security_oids_from_ops(struct gensec_security *gensec_securi
* Return OIDS from the security subsystems listed
*/
-const char **gensec_security_oids_from_ops_wrapped(TALLOC_CTX *mem_ctx,
- const struct gensec_security_ops_wrapper *wops)
+_PUBLIC_ const char **gensec_security_oids_from_ops_wrapped(TALLOC_CTX *mem_ctx,
+ const struct gensec_security_ops_wrapper *wops)
{
int i;
int j = 0;
@@ -493,9 +497,9 @@ const char **gensec_security_oids_from_ops_wrapped(TALLOC_CTX *mem_ctx,
*
*/
-const char **gensec_security_oids(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const char *skip)
+_PUBLIC_ const char **gensec_security_oids(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const char *skip)
{
struct gensec_security_ops **ops
= gensec_security_mechs(gensec_security, mem_ctx);
@@ -820,7 +824,7 @@ _PUBLIC_ NTSTATUS gensec_set_credentials(struct gensec_security *gensec_security
The 'name' can be later used by other backends to find the operations
structure for this backend.
*/
-NTSTATUS gensec_register(const struct gensec_security_ops *ops)
+_PUBLIC_ NTSTATUS gensec_register(const struct gensec_security_ops *ops)
{
if (gensec_security_by_name(NULL, ops->name) != NULL) {
/* its already registered! */
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index 1b4c0b1..feff3c3 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -93,3 +93,119 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
return NT_STATUS_INTERNAL_ERROR;
}
}
+
+/*
+ * These functions are for use in the deprecated
+ * gensec_socket code (public because SPNEGO must
+ * use them for recursion)
+ */
+_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out,
+ size_t *len_processed)
+{
+ if (!gensec_security->ops->wrap_packets) {
+ NTSTATUS nt_status;
+ size_t max_input_size;
+ DATA_BLOB unwrapped, wrapped;
+ max_input_size = gensec_max_input_size(gensec_security);
+ unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length));
+
+ nt_status = gensec_wrap(gensec_security,
+ mem_ctx,
+ &unwrapped, &wrapped);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ *out = data_blob_talloc(mem_ctx, NULL, 4);
+ if (!out->data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ RSIVAL(out->data, 0, wrapped.length);
+
+ if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *len_processed = unwrapped.length;
+ return NT_STATUS_OK;
+ }
+ return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out,
+ len_processed);
+}
+
+/*
+ * These functions are for use in the deprecated
+ * gensec_socket code (public because SPNEGO must
+ * use them for recursion)
+ */
+NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out,
+ size_t *len_processed)
+{
+ if (!gensec_security->ops->unwrap_packets) {
+ DATA_BLOB wrapped;
+ NTSTATUS nt_status;
+ size_t packet_size;
+ if (in->length < 4) {
+ /* Missing the header we already had! */
+ DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ packet_size = RIVAL(in->data, 0);
+
+ wrapped = data_blob_const(in->data + 4, packet_size);
+
+ if (wrapped.length > (in->length - 4)) {
+ DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n",
+ (int)wrapped.length, (int)(in->length - 4)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ nt_status = gensec_unwrap(gensec_security,
+ mem_ctx,
+ &wrapped, out);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ *len_processed = packet_size + 4;
+ return nt_status;
+ }
+ return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out,
+ len_processed);
+}
+
+/*
+ * These functions are for use in the deprecated
+ * gensec_socket code (public because SPNEGO must
+ * use them for recursion)
+ */
+NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
+ DATA_BLOB blob, size_t *size)
+{
+ if (gensec_security->ops->packet_full_request) {
+ return gensec_security->ops->packet_full_request(gensec_security,
+ blob, size);
+ }
+ if (gensec_security->ops->unwrap_packets) {
+ if (blob.length) {
+ *size = blob.length;
+ return NT_STATUS_OK;
+ }
+ return STATUS_MORE_ENTRIES;
+ }
+
+ if (blob.length < 4) {
+ return STATUS_MORE_ENTRIES;
+ }
+ *size = 4 + RIVAL(blob.data, 0);
+ if (*size > blob.length) {
+ return STATUS_MORE_ENTRIES;
+ }
+ return NT_STATUS_OK;
+}
diff --git a/source4/auth/gensec/spnego.c b/auth/gensec/spnego.c
similarity index 99%
rename from source4/auth/gensec/spnego.c
rename to auth/gensec/spnego.c
index fa20c45..15fd8da 100644
--- a/source4/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -27,11 +27,11 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
-#include "auth/gensec/gensec_proto.h"
-#include "auth/gensec/gensec_toplevel_proto.h"
#include "param/param.h"
#include "lib/util/asn1.h"
+#undef strcasecmp
+
_PUBLIC_ NTSTATUS gensec_spnego_init(void);
enum spnego_state_position {
@@ -1150,7 +1150,6 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
{
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
size_t expected;
- uint8_t *buf;
NTSTATUS status;
bool ok;
@@ -1239,8 +1238,6 @@ static NTSTATUS gensec_spnego_update_out(struct gensec_security *gensec_security
DATA_BLOB *_out)
{
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
- size_t new_length;
- uint8_t *buf;
DATA_BLOB out = data_blob_null;
*_out = data_blob_null;
diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
index 03d97e6..7ca3cab 100644
--- a/auth/gensec/wscript_build
+++ b/auth/gensec/wscript_build
@@ -9,3 +9,10 @@ bld.SAMBA_LIBRARY('gensec',
vnum='0.0.1'
)
+bld.SAMBA_MODULE('gensec_spnego',
+ source='spnego.c',
+ autoproto='spnego_proto.h',
+ subsystem='gensec',
+ init_function='gensec_spnego_init',
+ deps='asn1util samba-credentials SPNEGO_PARSE'
+ )
diff --git a/source3/Makefile.in b/source3/Makefile.in
index b92097c..96c58c8 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -552,6 +552,8 @@ LIBSMB_ERR_OBJ = $(LIBSMB_ERR_OBJ0) $(LIBSMB_ERR_OBJ1) \
$(SECRETS_OBJ)
LIBSMB_OBJ0 = \
+ ../lib/util/asn1.o \
+ ../libcli/auth/spnego_parse.o \
../libcli/auth/ntlm_check.o \
libsmb/ntlmssp.o \
libsmb/ntlmssp_wrap.o \
@@ -559,6 +561,7 @@ LIBSMB_OBJ0 = \
../auth/gensec/gensec.o \
../auth/gensec/gensec_start.o \
../auth/gensec/gensec_util.o \
+ ../auth/gensec/spnego.o \
../auth/credentials/credentials.o \
../auth/credentials/credentials_samba3.o \
../auth/ntlmssp/ntlmssp.o \
@@ -592,8 +595,6 @@ SCHANNEL_OBJ = ../libcli/auth/credentials.o \
LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libsmb/clispnego.o \
- ../libcli/auth/spnego_parse.o \
- ../lib/util/asn1.o \
libsmb/reparse_symlink.o \
libsmb/clisymlink.o \
libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
@@ -1068,7 +1069,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
- $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) ../lib/util/asn1.o
+ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ)
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1)
@@ -1345,7 +1346,7 @@ WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \
$(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ)
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
- pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o
+ pam_smbpass/pam_smb_acct.o pam_smbpass/support.o
PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
@@ -1525,7 +1526,7 @@ TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o $(LIBREPLACE_OBJ) \
NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o
NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
- ../lib/util/asn1.o ../libcli/auth/spnego_parse.o libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libads/kerberos.o \
+ libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libads/kerberos.o \
libsmb/samlogon_cache.o \
$(LIBADS_SERVER_OBJ) \
$(PASSDB_OBJ) $(GROUPDB_OBJ) \
diff --git a/source3/configure.in b/source3/configure.in
index c0ddc27..e59d1e5 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -7167,6 +7167,9 @@ AC_ZLIB([ZLIB_OBJS=""], [
CFLAGS="-I../lib/zlib $CFLAGS"
])
+AC_DEFINE(STATIC_gensec_MODULES, [gensec_spnego_init,NULL],[gensec modules])
+AC_DEFINE(STATIC_gensec_MODULES_PROTO, [_MODULE_PROTO(gensec_spnego_init)],[gensec protos])
+
AC_ARG_ENABLE(dmalloc, [AS_HELP_STRING([--enable-dmalloc], [Enable heap debugging [default=no]])])
if test "x$enable_dmalloc" = xyes
diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c
index 4ee1512..99b4108 100644
--- a/source4/auth/gensec/socket.c
+++ b/source4/auth/gensec/socket.c
@@ -59,105 +59,6 @@ static NTSTATUS gensec_socket_init_fn(struct socket_context *sock)
return NT_STATUS_OK;
}
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- if (!gensec_security->ops->wrap_packets) {
- NTSTATUS nt_status;
- size_t max_input_size;
- DATA_BLOB unwrapped, wrapped;
- max_input_size = gensec_max_input_size(gensec_security);
- unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length));
-
- nt_status = gensec_wrap(gensec_security,
- mem_ctx,
- &unwrapped, &wrapped);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- *out = data_blob_talloc(mem_ctx, NULL, 4);
- if (!out->data) {
- return NT_STATUS_NO_MEMORY;
- }
- RSIVAL(out->data, 0, wrapped.length);
-
- if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) {
- return NT_STATUS_NO_MEMORY;
- }
- *len_processed = unwrapped.length;
- return NT_STATUS_OK;
- }
- return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out,
- len_processed);
-}
-
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- if (!gensec_security->ops->unwrap_packets) {
- DATA_BLOB wrapped;
- NTSTATUS nt_status;
- size_t packet_size;
- if (in->length < 4) {
- /* Missing the header we already had! */
- DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- packet_size = RIVAL(in->data, 0);
-
- wrapped = data_blob_const(in->data + 4, packet_size);
-
- if (wrapped.length > (in->length - 4)) {
- DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n",
- (int)wrapped.length, (int)(in->length - 4)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- nt_status = gensec_unwrap(gensec_security,
- mem_ctx,
- &wrapped, out);
- if (!NT_STATUS_IS_OK(nt_status)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list