sync'ing up for 3.0alpha20 release

(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)

1 files changed, 70 insertions, 22 deletions

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 16702c375b..55f49c5987 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -73,13 +73,56 @@ DATA_BLOB spnego_gen_negTokenInit(uint8 guid[16],
 	return ret;
 }
 
+/*
+  Generate a negTokenInit as used by the client side ... It has a mechType
+  (OID), and a mechToken (a security blob) ... 
+
+  Really, we need to break out the NTLMSSP stuff as well, because it could be
+  raw in the packets!
+*/
+DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
+{
+	ASN1_DATA data;
+	DATA_BLOB ret;
+
+	memset(&data, 0, sizeof(data));
+
+	asn1_push_tag(&data, ASN1_APPLICATION(0));
+	asn1_write_OID(&data,OID_SPNEGO);
+	asn1_push_tag(&data, ASN1_CONTEXT(0));
+	asn1_push_tag(&data, ASN1_SEQUENCE(0));
+
+	asn1_push_tag(&data, ASN1_CONTEXT(0));
+	asn1_push_tag(&data, ASN1_SEQUENCE(0));
+	asn1_write_OID(&data, OID);
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_push_tag(&data, ASN1_CONTEXT(2));
+	asn1_write_OctetString(&data,blob.data,blob.length);
+	asn1_pop_tag(&data);
+
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_pop_tag(&data);
+
+	if (data.has_error) {
+		DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data.ofs));
+		asn1_free(&data);
+	}
+
+	ret = data_blob(data.data, data.length);
+	asn1_free(&data);
+
+	return ret;
+}
 
 /*
   parse a negTokenInit packet giving a GUID, a list of supported
   OIDs (the mechanisms) and a principal name string 
 */
 BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
-			       uint8 guid[16], 
 			       char *OIDs[ASN1_MAX_OIDS], 
 			       char **principal)
 {
@@ -89,7 +132,6 @@ BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
 
 	asn1_load(&data, blob);
 
-	asn1_read(&data, guid, 16);
 	asn1_start_tag(&data,ASN1_APPLICATION(0));
 	asn1_check_OID(&data,OID_SPNEGO);
 	asn1_start_tag(&data,ASN1_CONTEXT(0));
@@ -279,13 +321,13 @@ BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
    generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY
    kerberos session setup 
 */
-DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principal)
+DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset)
 {
 	DATA_BLOB tkt, tkt_wrapped, targ;
 	const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
 
 	/* get a kerberos ticket for the service */
-	tkt = krb5_get_ticket(principal);
+	tkt = krb5_get_ticket(principal, time_offset);
 
 	/* wrap that up in a nice GSS-API wrapping */
 	tkt_wrapped = spnego_gen_krb5_wrap(tkt);
@@ -473,8 +515,10 @@ DATA_BLOB spnego_gen_auth_response(void)
 
   U = unicode string (input is unix string)
   a = address (1 byte type, 1 byte length, unicode string, all inline)
+  A = ASCII string (pointer + length) Actually same as B
   B = data blob (pointer + length)
   b = data blob in header (pointer + length)
+  D
   d = word (4 bytes)
   C = constant ascii string
  */
@@ -502,6 +546,7 @@ BOOL msrpc_gen(DATA_BLOB *blob,
 			s = va_arg(ap, char *);
 			data_size += (str_charnum(s) * 2) + 4;
 			break;
+		case 'A':
 		case 'B':
 			b = va_arg(ap, uint8 *);
 			head_size += 8;
@@ -553,7 +598,8 @@ BOOL msrpc_gen(DATA_BLOB *blob,
 			}
 			data_ofs += n*2;
 			break;
-			
+
+		case 'A':
 		case 'B':
 			b = va_arg(ap, uint8 *);
 			n = va_arg(ap, int);
@@ -688,37 +734,39 @@ BOOL msrpc_parse(DATA_BLOB *blob,
 
 void debug_ntlmssp_flags(uint32 neg_flags)
 {
+	DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
+	
 	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_UNICODE\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_UNICODE\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_OEM) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_OEM\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM\n"));
 	if (neg_flags & NTLMSSP_REQUEST_TARGET) 
-		DEBUG(4, ("  NTLMSSP_REQUEST_TARGET\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_SIGN\n"));
+		DEBUGADD(4, ("  NTLMSSP_REQUEST_TARGET\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_SEAL\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SIGN\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) 
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SEAL\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_LM_KEY\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_LM_KEY\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_NETWARE\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NETWARE\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_NTLM\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_NTLM2\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM2\n"));
 	if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) 
-		DEBUG(4, ("  NTLMSSP_CHAL_TARGET_INFO\n"));
+		DEBUGADD(4, ("  NTLMSSP_CHAL_TARGET_INFO\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_128) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_128\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_128\n"));
 	if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) 
-		DEBUG(4, ("  NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
 }