summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-14 12:28:28 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-31 20:17:10 +0100
commita1a667dd37d0218eda56bd2033a24cdff2dc8ea2 (patch)
tree0df18d8c66d6c9f3842784ccc05dd1d0a0d8e4a8
parentd6b0d521ea816cb538077fa84cbc292aab1299e8 (diff)
downloadsamba-a1a667dd37d0218eda56bd2033a24cdff2dc8ea2.tar.gz
samba-a1a667dd37d0218eda56bd2033a24cdff2dc8ea2.tar.bz2
samba-a1a667dd37d0218eda56bd2033a24cdff2dc8ea2.zip
s3-libsmb: Use gensec_spnego in smb seal client
This is intead of the inline, manual spnego code currently in use. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/libsmb/clifsinfo.c47
-rw-r--r--source3/param/loadparm_ctx.c1
2 files changed, 7 insertions, 41 deletions
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index fe0238a34e..8c31b7f8c2 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -675,44 +675,6 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
}
/******************************************************************************
- Get client gss blob to send to a server.
-******************************************************************************/
-
-static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
- struct gensec_security *gensec_security,
- NTSTATUS status_in,
- DATA_BLOB spnego_blob_in,
- DATA_BLOB *p_blob_out)
-{
- const char *krb_mechs[] = {OID_KERBEROS5, NULL};
- DATA_BLOB blob_out = data_blob_null;
- DATA_BLOB blob_in = data_blob_null;
- NTSTATUS status = NT_STATUS_OK;
-
- if (spnego_blob_in.length == 0) {
- blob_in = spnego_blob_in;
- } else {
- /* Remove the SPNEGO wrapper */
- if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) {
- status = NT_STATUS_UNSUCCESSFUL;
- goto fail;
- }
- }
-
- status = gensec_update(gensec_security, ctx,
- NULL, blob_in, &blob_out);
-
- /* Wrap in an SPNEGO wrapper */
- *p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL);
-
- fail:
-
- data_blob_free(&blob_out);
- data_blob_free(&blob_in);
- return status;
-}
-
-/******************************************************************************
Start a SPNEGO gssapi encryption context.
******************************************************************************/
@@ -752,11 +714,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
goto fail;
}
- if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_KERBEROS5))) {
+ if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_SPNEGO))) {
goto fail;
}
- status = make_cli_gss_blob(talloc_tos(), auth_generic_state->gensec_security, NT_STATUS_OK, blob_recv, &blob_send);
+ status = gensec_update(auth_generic_state->gensec_security, talloc_tos(),
+ NULL, blob_recv, &blob_send);
+
do {
data_blob_free(&blob_recv);
status = enc_blob_send_receive(cli, &blob_send, &blob_recv, &param_out);
@@ -764,7 +728,8 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
es->enc_ctx_num = SVAL(param_out.data, 0);
}
data_blob_free(&blob_send);
- status = make_cli_gss_blob(talloc_tos(), auth_generic_state->gensec_security, status, blob_recv, &blob_send);
+ status = gensec_update(auth_generic_state->gensec_security, talloc_tos(),
+ NULL, blob_recv, &blob_send);
} while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
data_blob_free(&blob_recv);
diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c
index f95965fcae..e1bbda3928 100644
--- a/source3/param/loadparm_ctx.c
+++ b/source3/param/loadparm_ctx.c
@@ -98,6 +98,7 @@ static const struct loadparm_s3_context s3_fns =
.client_plaintext_auth = lp_client_plaintext_auth,
.client_lanman_auth = lp_client_lanman_auth,
.client_ntlmv2_auth = lp_client_ntlmv2_auth,
+ .client_use_spnego_principal = lp_client_use_spnego_principal,
.private_dir = lp_private_dir,
.ncalrpc_dir = lp_ncalrpc_dir,