[PATCH] Various fixes to ntlm_auth SPNEGO
Anthony Liguori
aliguor at us.ibm.com
Wed Jul 30 18:41:13 GMT 2003
First patch changes the mechListMIC to be handled as just an Octet String
(as per-RFC2478) and the second patch adds a free_spnego_data function
that should take care of any memory issues we had in ntlm_auth w/SPNEGO.
Index: libsmb/spnego.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/Attic/spnego.c,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 spnego.c
--- libsmb/spnego.c 29 Jul 2003 15:00:38 -0000 1.1.2.1
+++ libsmb/spnego.c 30 Jul 2003 18:29:47 -0000
@@ -71,18 +71,7 @@
/* Read mecListMIC */
case ASN1_CONTEXT(3):
asn1_start_tag(asn1, ASN1_CONTEXT(3));
- if (!asn1_read_OctetString(asn1,
&token->mechListMIC)) {
- char *mechListMIC;
- asn1_push_tag(asn1, ASN1_SEQUENCE(0));
- asn1_push_tag(asn1, ASN1_CONTEXT(0));
- asn1_read_GeneralString(asn1,
&mechListMIC);
- asn1_pop_tag(asn1);
- asn1_pop_tag(asn1);
-
- token->mechListMIC =
- data_blob(mechListMIC,
strlen(mechListMIC));
- SAFE_FREE(mechListMIC);
- }
+ asn1_read_OctetString(asn1, &token->mechListMIC);
asn1_end_tag(asn1);
break;
default:
? epmd
Index: libsmb/spnego.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/Attic/spnego.c,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 spnego.c
--- libsmb/spnego.c 29 Jul 2003 15:00:38 -0000 1.1.2.1
+++ libsmb/spnego.c 30 Jul 2003 18:27:56 -0000
@@ -156,8 +156,6 @@
while (!asn1->has_error && 0 < asn1_tag_remaining(asn1)) {
switch (asn1->data[asn1->ofs]) {
case ASN1_CONTEXT(0):
- /* this is listed as being non-optional by RFC2478
but
- Windows doesn't always send it... */
asn1_start_tag(asn1, ASN1_CONTEXT(0));
asn1_start_tag(asn1, ASN1_ENUMERATED);
asn1_read_uint8(asn1, &token->negResult);
@@ -287,6 +285,40 @@
}
asn1_free(&asn1);
+ return ret;
+}
+
+BOOL free_spnego_data(SPNEGO_DATA *spnego)
+{
+ BOOL ret = True;
+
+ if (!spnego) goto out;
+
+ switch(spnego->type) {
+ case SPNEGO_NEG_TOKEN_INIT:
+ if (spnego->negTokenInit.mechTypes) {
+ int i;
+ for (i = 0; spnego->negTokenInit.mechTypes[i];
i++) {
+ free(spnego->negTokenInit.mechTypes[i]);
+ }
+ free(spnego->negTokenInit.mechTypes);
+ }
+ data_blob_free(&spnego->negTokenInit.mechToken);
+ data_blob_free(&spnego->negTokenInit.mechListMIC);
+ break;
+ case SPNEGO_NEG_TOKEN_TARG:
+ if (spnego->negTokenTarg.supportedMech) {
+ free(spnego->negTokenTarg.supportedMech);
+ }
+ data_blob_free(&spnego->negTokenTarg.responseToken);
+ data_blob_free(&spnego->negTokenTarg.mechListMIC);
+ break;
+ default:
+ ret = False;
+ break;
+ }
+ ZERO_STRUCTP(spnego);
+out:
return ret;
}
Index: utils/ntlm_auth.c
===================================================================
RCS file: /cvsroot/samba/source/utils/ntlm_auth.c,v
retrieving revision 1.6.2.21
diff -u -r1.6.2.21 ntlm_auth.c
--- utils/ntlm_auth.c 29 Jul 2003 15:00:38 -0000 1.6.2.21
+++ utils/ntlm_auth.c 30 Jul 2003 18:27:57 -0000
@@ -348,14 +348,16 @@
DATA_BLOB token;
ASN1_DATA asn1;
SPNEGO_DATA spnego;
- const char *OIDs[] = {OID_NTLMSSP, NULL};
ssize_t len;
char *reply_base64;
- /* Server negTokenInit (mech offerings) */
ZERO_STRUCT(spnego);
+
+ /* Server negTokenInit (mech offerings) */
spnego.type = SPNEGO_NEG_TOKEN_INIT;
- spnego.negTokenInit.mechTypes = OIDs;
+ spnego.negTokenInit.mechTypes = smb_xmalloc(sizeof(char *) * 2);
+ spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_NTLMSSP);
+ spnego.negTokenInit.mechTypes[1] = NULL;
ZERO_STRUCT(asn1);
asn1_push_tag(&asn1, ASN1_SEQUENCE(0));
@@ -367,7 +369,7 @@
asn1_free(&asn1);
len = write_spnego_data(&token, &spnego);
- data_blob_free(&spnego.negTokenInit.mechListMIC);
+ free_spnego_data(&spnego);
if (len == -1) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
@@ -437,14 +439,6 @@
return;
}
- if ( (spnego.type != SPNEGO_NEG_TOKEN_INIT) &&
- (spnego.type != SPNEGO_NEG_TOKEN_TARG) ) {
-
- DEBUG(1, ("Got an invalid SPNEGO token!\n"));
- x_fprintf(x_stdout, "BH\n");
- return;
- }
-
if (spnego.type == SPNEGO_NEG_TOKEN_INIT) {
/* Second request from Client. This is where the
@@ -490,7 +484,8 @@
dump_data(10, spnego.negTokenInit.mechToken.data,
spnego.negTokenInit.mechToken.length);
- ZERO_STRUCT(spnego);
+ free_spnego_data(&spnego);
+
spnego.type = SPNEGO_NEG_TOKEN_TARG;
spnego.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE;
spnego.negTokenTarg.supportedMech = OID_NTLMSSP;
@@ -543,6 +538,7 @@
}
len = write_spnego_data(&token, &spnego);
+ free_spnego_data(&spnego);
if (len == -1) {
DEBUG(1, ("Could not write SPNEGO data blob\n"));
Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguor at us.ibm.com
Phone: (512) 838-1208
Tie Line: 678-1208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spnego_mechListMIC.diff
Type: application/octet-stream
Size: 902 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030730/40035695/spnego_mechListMIC.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: free_spnego_data.diff
Type: application/octet-stream
Size: 3552 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030730/40035695/free_spnego_data.obj
More information about the samba-technical
mailing list