summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/libsmb/clispnego.c6
-rw-r--r--source3/smbd/globals.h2
-rw-r--r--source3/smbd/negprot.c55
-rw-r--r--source3/smbd/smb2_negprot.c3
5 files changed, 37 insertions, 32 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ad0c11fc9f..a0bb55c0a8 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2821,8 +2821,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
/* The following definitions come from libsmb/clispnego.c */
-DATA_BLOB spnego_gen_negTokenInit(char guid[16],
- const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
const char *principal);
DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob);
bool spnego_parse_negTokenInit(DATA_BLOB blob,
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 1f2081cb03..2cf276485e 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -24,11 +24,10 @@
#include "smb_krb5.h"
/*
- generate a negTokenInit packet given a GUID, a list of supported
+ generate a negTokenInit packet given a list of supported
OIDs (the mechanisms) and a principal name string
*/
-DATA_BLOB spnego_gen_negTokenInit(char guid[16],
- const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
const char *principal)
{
int i;
@@ -40,7 +39,6 @@ DATA_BLOB spnego_gen_negTokenInit(char guid[16],
return data_blob_null;
}
- asn1_write(data, guid, 16);
asn1_push_tag(data,ASN1_APPLICATION(0));
asn1_write_OID(data,OID_SPNEGO);
asn1_push_tag(data,ASN1_CONTEXT(0));
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index c618efad05..92a3f7660d 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -137,7 +137,7 @@ struct smbd_smb2_request;
struct smbd_smb2_session;
struct smbd_smb2_tcon;
-DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn);
+DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn);
void smbd_lock_socket(struct smbd_server_connection *sconn);
void smbd_unlock_socket(struct smbd_server_connection *sconn);
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 4d73216854..e7cf5b7591 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -176,15 +176,15 @@ static void reply_lanman2(struct smb_request *req, uint16 choice)
Generate the spnego negprot reply blob. Return the number of bytes used.
****************************************************************************/
-DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn)
+DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
{
- DATA_BLOB blob;
+ DATA_BLOB blob = data_blob_null;
+ DATA_BLOB blob_out = data_blob_null;
nstring dos_name;
fstring unix_name;
#ifdef DEVELOPER
size_t slen;
#endif
- char guid[17];
const char *OIDs_krb5[] = {OID_KERBEROS5,
OID_KERBEROS5_OLD,
OID_NTLMSSP,
@@ -192,22 +192,6 @@ DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn)
const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
sconn->smb1.negprot.spnego = true;
-
- memset(guid, '\0', sizeof(guid));
-
- safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1);
- strlower_m(unix_name);
- push_ascii_nstring(dos_name, unix_name);
- safe_strcpy(guid, dos_name, sizeof(guid)-1);
-
-#ifdef DEVELOPER
- /* Fix valgrind 'uninitialized bytes' issue. */
- slen = strlen(dos_name);
- if (slen < sizeof(guid)) {
- memset(guid+slen, '\0', sizeof(guid) - slen);
- }
-#endif
-
/* strangely enough, NT does not sent the single OID NTLMSSP when
not a ADS member, it sends no OIDs at all
@@ -227,7 +211,7 @@ DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn)
blob = data_blob(guid, 16);
#else
/* Code for standalone WXP client */
- blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
+ blob = spnego_gen_negTokenInit(OIDs_plain, "NONE");
#endif
} else {
fstring myname;
@@ -238,11 +222,36 @@ DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn)
== -1) {
return data_blob_null;
}
- blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s);
+ blob = spnego_gen_negTokenInit(OIDs_krb5, host_princ_s);
SAFE_FREE(host_princ_s);
}
- return blob;
+ blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
+ if (blob_out.data == NULL) {
+ data_blob_free(&blob);
+ return data_blob_null;
+ }
+
+ memset(blob_out.data, '\0', 16);
+
+ safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1);
+ strlower_m(unix_name);
+ push_ascii_nstring(dos_name, unix_name);
+ safe_strcpy((char *)blob_out.data, dos_name, 16);
+
+#ifdef DEVELOPER
+ /* Fix valgrind 'uninitialized bytes' issue. */
+ slen = strlen(dos_name);
+ if (slen < sizeof(16)) {
+ memset(blob_out.data+slen, '\0', 16 - slen);
+ }
+#endif
+
+ memcpy(&blob_out.data[16], blob.data, blob.length);
+
+ data_blob_free(&blob);
+
+ return blob_out;
}
/****************************************************************************
@@ -381,7 +390,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
}
DEBUG(3,("not using SPNEGO\n"));
} else {
- DATA_BLOB spnego_blob = negprot_spnego(req->sconn);
+ DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn);
if (spnego_blob.data == NULL) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index fc20eac82c..db392f4075 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -119,11 +119,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
/* negprot_spnego() returns a the server guid in the first 16 bytes */
- negprot_spnego_blob = negprot_spnego(req->sconn);
+ negprot_spnego_blob = negprot_spnego(req, req->sconn);
if (negprot_spnego_blob.data == NULL) {
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
- talloc_steal(req, negprot_spnego_blob.data);
if (negprot_spnego_blob.length < 16) {
return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);