diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-10-21 08:52:01 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:02:22 -0500 |
| commit | 6a304256d00e225872a06d1ec10152629352f41c (patch) | |
| tree | a02b0f4aacd79f2f530672d497210d95676860b5 /source4/libcli/auth/spnego.c | |
| parent | 1d990b526ea2844263a40c734b7d7aaabcb26822 (diff) | |
| download | samba-6a304256d00e225872a06d1ec10152629352f41c.tar.gz samba-6a304256d00e225872a06d1ec10152629352f41c.tar.bz2 samba-6a304256d00e225872a06d1ec10152629352f41c.zip | |
r3110: Fix the krb5 client and server, so that it doesn't segfault. There
were also gensec bugs that didn't turn up until we hit error paths in
the krb5 code.
Andrew Bartlett
(This used to be commit e08366ffeb52e8c522d3808a2af1aa0bc632b55f)
Diffstat (limited to 'source4/libcli/auth/spnego.c')
| -rw-r--r-- | source4/libcli/auth/spnego.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c index 4409f5ea9d..dff9cb0c51 100644 --- a/source4/libcli/auth/spnego.c +++ b/source4/libcli/auth/spnego.c @@ -277,19 +277,17 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ null_data_blob, unwrapped_out); } - if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) - && (!NT_STATUS_IS_OK(nt_status))) { + if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("SPNEGO(%s) NEG_TOKEN_INIT failed: %s\n", spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); - gensec_end(&spnego_state->sub_sec_security); - } else { - break; + gensec_end(&spnego_state->sub_sec_security); } + return nt_status; } if (!mechType || !mechType[i]) { DEBUG(1, ("SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT\n")); } - return nt_status; + return NT_STATUS_INVALID_PARAMETER; } /** create a client negTokenInit @@ -369,22 +367,23 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec /* compose reply */ spnego_out.type = SPNEGO_NEG_TOKEN_TARG; - spnego_out.negTokenTarg.supportedMech - = spnego_state->sub_sec_security->ops->oid; spnego_out.negTokenTarg.responseToken = unwrapped_out; spnego_out.negTokenTarg.mechListMIC = null_data_blob; if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + spnego_out.negTokenTarg.supportedMech + = spnego_state->sub_sec_security->ops->oid; spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE; spnego_state->state_position = SPNEGO_SERVER_TARG; } else if (NT_STATUS_IS_OK(nt_status)) { + spnego_out.negTokenTarg.supportedMech + = spnego_state->sub_sec_security->ops->oid; spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED; spnego_state->state_position = SPNEGO_DONE; } else { + spnego_out.negTokenTarg.supportedMech = NULL; spnego_out.negTokenTarg.negResult = SPNEGO_REJECT; - DEBUG(1, ("SPNEGO(%s) login failed: %s\n", - spnego_state->sub_sec_security->ops->name, - nt_errstr(nt_status))); + DEBUG(1, ("SPNEGO login failed: %s\n", nt_errstr(nt_status))); spnego_state->state_position = SPNEGO_DONE; } |