[PATCH] Various fixes to ntlm_auth SPNEGO

Anthony Liguori aliguor at us.ibm.com
Wed Jul 30 18:41:13 GMT 2003


First patch changes the mechListMIC to be handled as just an Octet String 
(as per-RFC2478) and the second patch adds a free_spnego_data function 
that should take care of any memory issues we had in ntlm_auth w/SPNEGO.

Index: libsmb/spnego.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/Attic/spnego.c,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 spnego.c
--- libsmb/spnego.c     29 Jul 2003 15:00:38 -0000      1.1.2.1
+++ libsmb/spnego.c     30 Jul 2003 18:29:47 -0000
@@ -71,18 +71,7 @@
                /* Read mecListMIC */
                case ASN1_CONTEXT(3):
                        asn1_start_tag(asn1, ASN1_CONTEXT(3));
-                       if (!asn1_read_OctetString(asn1, 
&token->mechListMIC)) {
-                               char *mechListMIC;
-                               asn1_push_tag(asn1, ASN1_SEQUENCE(0));
-                               asn1_push_tag(asn1, ASN1_CONTEXT(0));
-                               asn1_read_GeneralString(asn1, 
&mechListMIC);
-                               asn1_pop_tag(asn1);
-                               asn1_pop_tag(asn1);
-
-                               token->mechListMIC =
-                                       data_blob(mechListMIC, 
strlen(mechListMIC));
-                               SAFE_FREE(mechListMIC);
-                       }
+                       asn1_read_OctetString(asn1, &token->mechListMIC);
                        asn1_end_tag(asn1);
                        break;
                default:

? epmd
Index: libsmb/spnego.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/Attic/spnego.c,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 spnego.c
--- libsmb/spnego.c     29 Jul 2003 15:00:38 -0000      1.1.2.1
+++ libsmb/spnego.c     30 Jul 2003 18:27:56 -0000
@@ -156,8 +156,6 @@
        while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
                switch (asn1->data[asn1->ofs]) {
                case ASN1_CONTEXT(0):
-                       /* this is listed as being non-optional by RFC2478 
but
-                          Windows doesn't always send it... */
                        asn1_start_tag(asn1, ASN1_CONTEXT(0));
                        asn1_start_tag(asn1, ASN1_ENUMERATED);
                        asn1_read_uint8(asn1, &token->negResult);
@@ -287,6 +285,40 @@
        }
        asn1_free(&asn1);
 
+       return ret;
+}
+
+BOOL free_spnego_data(SPNEGO_DATA *spnego)
+{
+       BOOL ret = True;
+
+       if (!spnego) goto out;
+
+       switch(spnego->type) {
+       case SPNEGO_NEG_TOKEN_INIT:
+               if (spnego->negTokenInit.mechTypes) {
+                       int i;
+                       for (i = 0; spnego->negTokenInit.mechTypes[i]; 
i++) {
+                               free(spnego->negTokenInit.mechTypes[i]);
+                       }
+                       free(spnego->negTokenInit.mechTypes);
+               }
+               data_blob_free(&spnego->negTokenInit.mechToken);
+               data_blob_free(&spnego->negTokenInit.mechListMIC);
+               break;
+       case SPNEGO_NEG_TOKEN_TARG:
+               if (spnego->negTokenTarg.supportedMech) {
+                       free(spnego->negTokenTarg.supportedMech);
+               }
+               data_blob_free(&spnego->negTokenTarg.responseToken);
+               data_blob_free(&spnego->negTokenTarg.mechListMIC);
+               break;
+       default:
+               ret = False;
+               break;
+       }
+       ZERO_STRUCTP(spnego);
+out:
        return ret;
 }
 
Index: utils/ntlm_auth.c
===================================================================
RCS file: /cvsroot/samba/source/utils/ntlm_auth.c,v
retrieving revision 1.6.2.21
diff -u -r1.6.2.21 ntlm_auth.c
--- utils/ntlm_auth.c   29 Jul 2003 15:00:38 -0000      1.6.2.21
+++ utils/ntlm_auth.c   30 Jul 2003 18:27:57 -0000
@@ -348,14 +348,16 @@
        DATA_BLOB token;
        ASN1_DATA asn1;
        SPNEGO_DATA spnego;
-       const char *OIDs[] = {OID_NTLMSSP, NULL};
        ssize_t len;
        char *reply_base64;
 
-       /* Server negTokenInit (mech offerings) */
        ZERO_STRUCT(spnego);
+
+       /* Server negTokenInit (mech offerings) */
        spnego.type = SPNEGO_NEG_TOKEN_INIT;
-       spnego.negTokenInit.mechTypes = OIDs;
+       spnego.negTokenInit.mechTypes = smb_xmalloc(sizeof(char *) * 2);
+       spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_NTLMSSP);
+       spnego.negTokenInit.mechTypes[1] = NULL;
 
        ZERO_STRUCT(asn1);
        asn1_push_tag(&asn1, ASN1_SEQUENCE(0));
@@ -367,7 +369,7 @@
        asn1_free(&asn1);
 
        len = write_spnego_data(&token, &spnego);
-       data_blob_free(&spnego.negTokenInit.mechListMIC);
+       free_spnego_data(&spnego);
 
        if (len == -1) {
                DEBUG(1, ("Could not write SPNEGO data blob\n"));
@@ -437,14 +439,6 @@
                return;
        }
 
-       if ( (spnego.type != SPNEGO_NEG_TOKEN_INIT) &&
-            (spnego.type != SPNEGO_NEG_TOKEN_TARG) ) {
-
-               DEBUG(1, ("Got an invalid SPNEGO token!\n"));
-               x_fprintf(x_stdout, "BH\n");
-               return;
-       }
-
        if (spnego.type == SPNEGO_NEG_TOKEN_INIT) {
 
                /* Second request from Client. This is where the
@@ -490,7 +484,8 @@
                dump_data(10, spnego.negTokenInit.mechToken.data,
                          spnego.negTokenInit.mechToken.length);
 
-               ZERO_STRUCT(spnego);
+               free_spnego_data(&spnego);
+
                spnego.type = SPNEGO_NEG_TOKEN_TARG;
                spnego.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE;
                spnego.negTokenTarg.supportedMech = OID_NTLMSSP;
@@ -543,6 +538,7 @@
        }
 
        len = write_spnego_data(&token, &spnego);
+       free_spnego_data(&spnego);
 
        if (len == -1) {
                DEBUG(1, ("Could not write SPNEGO data blob\n"));




Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguor at us.ibm.com
Phone: (512) 838-1208
Tie Line: 678-1208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spnego_mechListMIC.diff
Type: application/octet-stream
Size: 902 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030730/40035695/spnego_mechListMIC.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: free_spnego_data.diff
Type: application/octet-stream
Size: 3552 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030730/40035695/free_spnego_data.obj


More information about the samba-technical mailing list