summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/spnego.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-07-29 10:33:36 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:57:44 -0500
commit188a8014ea77e8d03916da8b6bc103bc49086155 (patch)
tree592727abcbe3fab36a0ff2d00e7186d5348d9d19 /source4/libcli/auth/spnego.c
parentf1a215f5cb174a0bfe50f288fbd998c8fabb0b63 (diff)
downloadsamba-188a8014ea77e8d03916da8b6bc103bc49086155.tar.gz
samba-188a8014ea77e8d03916da8b6bc103bc49086155.tar.bz2
samba-188a8014ea77e8d03916da8b6bc103bc49086155.zip
r1605: GENSEC krb5 updates - fix a valgrind found uninitialised variable, and
allow tests for 'unwrapped' krb5, allowed by Win2k3. SPENGO changes, trying to get the logic right (when and what sub-mechanisms to wrap). Andrew Bartlett (This used to be commit 8a0f7bf5e282d021afe93994a91fd76fa9c05f42)
Diffstat (limited to 'source4/libcli/auth/spnego.c')
-rw-r--r--source4/libcli/auth/spnego.c32
1 files changed, 20 insertions, 12 deletions
diff --git a/source4/libcli/auth/spnego.c b/source4/libcli/auth/spnego.c
index c16d77dad9..23f0b1c070 100644
--- a/source4/libcli/auth/spnego.c
+++ b/source4/libcli/auth/spnego.c
@@ -511,15 +511,16 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
&unwrapped_out);
- if ((spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_COMPLETED)
- && !NT_STATUS_IS_OK(nt_status)) {
+ if (NT_STATUS_IS_OK(nt_status)
+ && (spnego.negTokenTarg.negResult != SPNEGO_ACCEPT_COMPLETED)) {
DEBUG(1,("gensec_update ok but not accepted\n"));
nt_status = NT_STATUS_INVALID_PARAMETER;
}
spnego_free_data(&spnego);
- if (unwrapped_out.length) {
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ /* compose reply */
spnego_out.type = SPNEGO_NEG_TOKEN_TARG;
spnego_out.negTokenTarg.negResult = SPNEGO_NONE_RESULT;
spnego_out.negTokenTarg.supportedMech = NULL;
@@ -530,24 +531,31 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
DEBUG(1, ("Failed to write SPNEGO reply to NEG_TOKEN_TARG\n"));
return NT_STATUS_INVALID_PARAMETER;
}
- } else {
- *out = null_data_blob;
- }
-
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- /* compose reply */
-
spnego_state->state_position = SPNEGO_CLIENT_TARG;
} else if (NT_STATUS_IS_OK(nt_status)) {
/* all done - server has accepted, and we agree */
+
+ if (unwrapped_out.length) {
+ spnego_out.type = SPNEGO_NEG_TOKEN_TARG;
+ spnego_out.negTokenTarg.negResult = SPNEGO_NONE_RESULT;
+ spnego_out.negTokenTarg.supportedMech = NULL;
+ spnego_out.negTokenTarg.responseToken = unwrapped_out;
+ spnego_out.negTokenTarg.mechListMIC = null_data_blob;
+
+ if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
+ DEBUG(1, ("Failed to write SPNEGO reply to NEG_TOKEN_TARG\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ } else {
+ *out = null_data_blob;
+ }
+
spnego_state->state_position = SPNEGO_DONE;
- return NT_STATUS_OK;
} else {
DEBUG(1, ("SPNEGO(%s) login failed: %s\n",
spnego_state->sub_sec_security->ops->name,
nt_errstr(nt_status)));
- return nt_status;
}
return nt_status;
}