diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-14 12:28:28 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-01-31 20:17:10 +0100 |
commit | a1a667dd37d0218eda56bd2033a24cdff2dc8ea2 (patch) | |
tree | 0df18d8c66d6c9f3842784ccc05dd1d0a0d8e4a8 | |
parent | d6b0d521ea816cb538077fa84cbc292aab1299e8 (diff) | |
download | samba-a1a667dd37d0218eda56bd2033a24cdff2dc8ea2.tar.gz samba-a1a667dd37d0218eda56bd2033a24cdff2dc8ea2.tar.bz2 samba-a1a667dd37d0218eda56bd2033a24cdff2dc8ea2.zip |
s3-libsmb: Use gensec_spnego in smb seal client
This is intead of the inline, manual spnego code currently
in use.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/libsmb/clifsinfo.c | 47 | ||||
-rw-r--r-- | source3/param/loadparm_ctx.c | 1 |
2 files changed, 7 insertions, 41 deletions
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index fe0238a34e..8c31b7f8c2 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -675,44 +675,6 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } /****************************************************************************** - Get client gss blob to send to a server. -******************************************************************************/ - -static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx, - struct gensec_security *gensec_security, - NTSTATUS status_in, - DATA_BLOB spnego_blob_in, - DATA_BLOB *p_blob_out) -{ - const char *krb_mechs[] = {OID_KERBEROS5, NULL}; - DATA_BLOB blob_out = data_blob_null; - DATA_BLOB blob_in = data_blob_null; - NTSTATUS status = NT_STATUS_OK; - - if (spnego_blob_in.length == 0) { - blob_in = spnego_blob_in; - } else { - /* Remove the SPNEGO wrapper */ - if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) { - status = NT_STATUS_UNSUCCESSFUL; - goto fail; - } - } - - status = gensec_update(gensec_security, ctx, - NULL, blob_in, &blob_out); - - /* Wrap in an SPNEGO wrapper */ - *p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL); - - fail: - - data_blob_free(&blob_out); - data_blob_free(&blob_in); - return status; -} - -/****************************************************************************** Start a SPNEGO gssapi encryption context. ******************************************************************************/ @@ -752,11 +714,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) goto fail; } - if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_KERBEROS5))) { + if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_SPNEGO))) { goto fail; } - status = make_cli_gss_blob(talloc_tos(), auth_generic_state->gensec_security, NT_STATUS_OK, blob_recv, &blob_send); + status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), + NULL, blob_recv, &blob_send); + do { data_blob_free(&blob_recv); status = enc_blob_send_receive(cli, &blob_send, &blob_recv, ¶m_out); @@ -764,7 +728,8 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) es->enc_ctx_num = SVAL(param_out.data, 0); } data_blob_free(&blob_send); - status = make_cli_gss_blob(talloc_tos(), auth_generic_state->gensec_security, status, blob_recv, &blob_send); + status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), + NULL, blob_recv, &blob_send); } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); data_blob_free(&blob_recv); diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c index f95965fcae..e1bbda3928 100644 --- a/source3/param/loadparm_ctx.c +++ b/source3/param/loadparm_ctx.c @@ -98,6 +98,7 @@ static const struct loadparm_s3_context s3_fns = .client_plaintext_auth = lp_client_plaintext_auth, .client_lanman_auth = lp_client_lanman_auth, .client_ntlmv2_auth = lp_client_ntlmv2_auth, + .client_use_spnego_principal = lp_client_use_spnego_principal, .private_dir = lp_private_dir, .ncalrpc_dir = lp_ncalrpc_dir, |