summaryrefslogtreecommitdiff
path: root/source4/torture/ldap
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-12-31 22:45:11 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:53 -0500
commit9a6671cf9529fd7817c5ef266da3d3bea46a88c0 (patch)
treee6e943be7351713665c90f962078ac0676c2d036 /source4/torture/ldap
parentbe1bbf317b03b15c21ea0f41accfb285699e153f (diff)
downloadsamba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.tar.gz
samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.tar.bz2
samba-9a6671cf9529fd7817c5ef266da3d3bea46a88c0.zip
r4459: GENSEC refinements:
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
Diffstat (limited to 'source4/torture/ldap')
-rw-r--r--source4/torture/ldap/common.c57
1 files changed, 26 insertions, 31 deletions
diff --git a/source4/torture/ldap/common.c b/source4/torture/ldap/common.c
index eea3b12073..162934a38d 100644
--- a/source4/torture/ldap/common.c
+++ b/source4/torture/ldap/common.c
@@ -57,7 +57,7 @@ NTSTATUS torture_ldap_bind_sasl(struct ldap_connection *conn, const char *userna
result = ldap_bind_sasl(conn, username, domain, password);
if (result != LDAP_SUCCESS) {
- printf("Failed to bind with provided credentialsi and SASL mechanism\n");
+ printf("Failed to bind with provided credentials and SASL mechanism\n");
/* FIXME: what abut actually implementing an ldap_connection_free() function ?
:-) sss */
return status;
@@ -109,9 +109,9 @@ BOOL ldap_sasl_send_msg(struct ldap_connection *conn, struct ldap_message *msg,
NTSTATUS status;
DATA_BLOB request;
BOOL result;
- DATA_BLOB creds;
- DATA_BLOB pdu;
+ DATA_BLOB wrapped;
int len;
+ char length[4];
struct asn1_data asn1;
TALLOC_CTX *mem_ctx;
@@ -120,53 +120,48 @@ BOOL ldap_sasl_send_msg(struct ldap_connection *conn, struct ldap_message *msg,
if (!ldap_encode(msg, &request))
return False;
- status = gensec_seal_packet(conn->gensec,
- msg->mem_ctx,
- request.data, request.length,
- request.data, request.length,
- &creds);
+ status = gensec_wrap(conn->gensec,
+ msg->mem_ctx,
+ &request,
+ &wrapped);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("gensec_seal_packet: %s\n",nt_errstr(status)));
+ DEBUG(0,("gensec_wrap: %s\n",nt_errstr(status)));
return False;
}
- len = 4 + creds.length + request.length;
- pdu = data_blob_talloc(msg->mem_ctx, NULL, len);
- RSIVAL(pdu.data, 0, len-4);
- memcpy(pdu.data + 4, creds.data, creds.length);
- memcpy(pdu.data + 4 + creds.length, request.data, request.length);
+ RSIVAL(length, 0, wrapped.length);
- result = (write_data_until(conn->sock, pdu.data, pdu.length,
- endtime) == pdu.length);
+ result = (write_data_until(conn->sock, length, 4,
+ endtime) == 4);
if (!result)
return result;
- pdu = data_blob(NULL, 0x4000);
- data_blob_clear(&pdu);
-
- result = (read_data_until(conn->sock, pdu.data, 4, NULL) == 4);
+ result = (write_data_until(conn->sock, wrapped.data, wrapped.length,
+ endtime) == wrapped.length);
if (!result)
return result;
- len = RIVAL(pdu.data,0);
+ wrapped = data_blob(NULL, 0x4000);
+ data_blob_clear(&wrapped);
- result = (read_data_until(conn->sock, pdu.data + 4, MIN(0x4000,len), NULL) == len);
+ result = (read_data_until(conn->sock, length, 4, NULL) == 4);
if (!result)
return result;
- pdu.length = 4+len;
+ len = RIVAL(length,0);
- creds = data_blob(pdu.data + 4 , gensec_sig_size(conn->gensec));
+ result = (read_data_until(conn->sock, wrapped.data, MIN(wrapped.length,len), NULL) == len);
+ if (!result)
+ return result;
- request = data_blob(pdu.data + (4 + creds.length), pdu.length - (4 + creds.length));
+ wrapped.length = len;
- status = gensec_unseal_packet(conn->gensec,
- msg->mem_ctx,
- request.data, request.length,
- request.data, request.length,
- &creds);
+ status = gensec_unwrap(conn->gensec,
+ msg->mem_ctx,
+ &wrapped,
+ &request);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("gensec_unseal_packet: %s\n",nt_errstr(status)));
+ DEBUG(0,("gensec_unwrap: %s\n",nt_errstr(status)));
return False;
}