summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-04-18 00:34:10 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:19:27 -0500
commit9812a7e32e515315302d3040a4145592640de7f7 (patch)
tree0b8ae70050962dce88efe8bb90e64a4f8d3450a4 /source3/smbd
parent8a210af339c116182790d039b93bfd60ce69028d (diff)
downloadsamba-9812a7e32e515315302d3040a4145592640de7f7.tar.gz
samba-9812a7e32e515315302d3040a4145592640de7f7.tar.bz2
samba-9812a7e32e515315302d3040a4145592640de7f7.zip
r22327: Finish the gss-spnego part of the seal code. Now
for testing.... Jeremy. (This used to be commit 1c1f5360b67792f14b50835a2c5a4d4ac68aca8f)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/seal.c30
1 files changed, 16 insertions, 14 deletions
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 259aff014a..c6fab5f078 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -333,9 +333,12 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
OM_uint32 flags = 0;
gss_buffer_desc in_buf, out_buf;
struct smb_tran_enc_state_gss *gss_state;
+ DATA_BLOB auth_reply = data_blob(NULL,0);
+ DATA_BLOB response = data_blob(NULL,0);
+ NTSTATUS status;
if (!partial_srv_trans_enc_ctx) {
- NTSTATUS status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx);
+ status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -361,8 +364,9 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
NULL, /* Ingore time. */
NULL); /* Ignore delegated creds. */
+ status = gss_err_to_ntstatus(ret, min);
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
- return gss_err_to_ntstatus(ret, min);
+ return status;
}
/* Ensure we've got sign+seal available. */
@@ -376,20 +380,18 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
}
}
- SAFE_FREE(*ppdata);
- *ppdata = memdup(out_buf.value, out_buf.length);
- if (!*ppdata) {
- gss_release_buffer(&min, &out_buf);
- return NT_STATUS_NO_MEMORY;
- }
- *p_data_size = out_buf.length;
+ auth_reply = data_blob(out_buf.value, out_buf.length);
gss_release_buffer(&min, &out_buf);
- if (ret != GSS_S_CONTINUE_NEEDED) {
- return NT_STATUS_MORE_PROCESSING_REQUIRED;
- } else {
- return NT_STATUS_OK;
- }
+ /* Wrap in SPNEGO. */
+ response = spnego_gen_auth_response(&auth_reply, status, OID_KERBEROS5);
+ data_blob_free(&auth_reply);
+
+ SAFE_FREE(*ppdata);
+ *ppdata = response.data;
+ *p_data_size = response.length;
+
+ return status;
}
#endif