diff options
| author | Günther Deschner <gd@samba.org> | 2009-10-15 14:13:26 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2009-10-15 14:41:22 +0200 |
| commit | 449ab398f58c6e0041621752322ebe24e6d70225 (patch) | |
| tree | 862c26e6801351a231ac06f6c8cca79ce4a0822b /source3 | |
| parent | fb13eb7db84e93d3791d0674d82923d5f168530e (diff) | |
| download | samba-449ab398f58c6e0041621752322ebe24e6d70225.tar.gz samba-449ab398f58c6e0041621752322ebe24e6d70225.tar.bz2 samba-449ab398f58c6e0041621752322ebe24e6d70225.zip | |
s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.
By just using the shared spnego/asn1 code, we get the parsing the correct way.
Guenther
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 4 | ||||
| -rw-r--r-- | source3/libsmb/clispnego.c | 31 |
2 files changed, 15 insertions, 20 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 90faadf001..d12c9911c3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -506,7 +506,9 @@ SCHANNEL_OBJ = ../libcli/auth/credentials.o \ passdb/secrets_schannel.o LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ - libsmb/clikrb5.o libsmb/clispnego.o ../lib/util/asn1.o \ + libsmb/clikrb5.o libsmb/clispnego.o \ + ../libcli/auth/spnego_parse.o \ + ../lib/util/asn1.o \ libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \ libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 5d7e43d941..1103ef84b6 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -495,31 +495,24 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) */ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) { - ASN1_DATA *data; + ssize_t len; + struct spnego_data token; - data = asn1_init(talloc_tos()); - if (data == NULL) { + len = spnego_read_data(talloc_tos(), blob, &token); + if (len == -1) { + DEBUG(3,("spnego_parse_auth: spnego_read_data failed\n")); return false; } - asn1_load(data, blob); - asn1_start_tag(data, ASN1_CONTEXT(1)); - asn1_start_tag(data, ASN1_SEQUENCE(0)); - asn1_start_tag(data, ASN1_CONTEXT(2)); - asn1_read_OctetString(data, talloc_autofree_context(), auth); - asn1_end_tag(data); - asn1_end_tag(data); - asn1_end_tag(data); - - if (data->has_error) { - DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data->ofs)); - data_blob_free(auth); - asn1_free(data); - return False; + if (token.type != SPNEGO_NEG_TOKEN_TARG) { + DEBUG(3,("spnego_parse_auth: wrong token type: %d\n", + token.type)); + return false; } - asn1_free(data); - return True; + *auth = token.negTokenTarg.responseToken; + + return true; } /* |