diff options
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/libsmb/clispnego.c | 6 | ||||
-rw-r--r-- | source3/smbd/globals.h | 2 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 55 | ||||
-rw-r--r-- | source3/smbd/smb2_negprot.c | 3 |
5 files changed, 37 insertions, 32 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index ad0c11fc9f..a0bb55c0a8 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2821,8 +2821,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr /* The following definitions come from libsmb/clispnego.c */ -DATA_BLOB spnego_gen_negTokenInit(char guid[16], - const char *OIDs[], +DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[], const char *principal); DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob); bool spnego_parse_negTokenInit(DATA_BLOB blob, diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 1f2081cb03..2cf276485e 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -24,11 +24,10 @@ #include "smb_krb5.h" /* - generate a negTokenInit packet given a GUID, a list of supported + generate a negTokenInit packet given a list of supported OIDs (the mechanisms) and a principal name string */ -DATA_BLOB spnego_gen_negTokenInit(char guid[16], - const char *OIDs[], +DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[], const char *principal) { int i; @@ -40,7 +39,6 @@ DATA_BLOB spnego_gen_negTokenInit(char guid[16], return data_blob_null; } - asn1_write(data, guid, 16); asn1_push_tag(data,ASN1_APPLICATION(0)); asn1_write_OID(data,OID_SPNEGO); asn1_push_tag(data,ASN1_CONTEXT(0)); diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index c618efad05..92a3f7660d 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -137,7 +137,7 @@ struct smbd_smb2_request; struct smbd_smb2_session; struct smbd_smb2_tcon; -DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn); +DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn); void smbd_lock_socket(struct smbd_server_connection *sconn); void smbd_unlock_socket(struct smbd_server_connection *sconn); diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 4d73216854..e7cf5b7591 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -176,15 +176,15 @@ static void reply_lanman2(struct smb_request *req, uint16 choice) Generate the spnego negprot reply blob. Return the number of bytes used. ****************************************************************************/ -DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn) +DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) { - DATA_BLOB blob; + DATA_BLOB blob = data_blob_null; + DATA_BLOB blob_out = data_blob_null; nstring dos_name; fstring unix_name; #ifdef DEVELOPER size_t slen; #endif - char guid[17]; const char *OIDs_krb5[] = {OID_KERBEROS5, OID_KERBEROS5_OLD, OID_NTLMSSP, @@ -192,22 +192,6 @@ DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn) const char *OIDs_plain[] = {OID_NTLMSSP, NULL}; sconn->smb1.negprot.spnego = true; - - memset(guid, '\0', sizeof(guid)); - - safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1); - strlower_m(unix_name); - push_ascii_nstring(dos_name, unix_name); - safe_strcpy(guid, dos_name, sizeof(guid)-1); - -#ifdef DEVELOPER - /* Fix valgrind 'uninitialized bytes' issue. */ - slen = strlen(dos_name); - if (slen < sizeof(guid)) { - memset(guid+slen, '\0', sizeof(guid) - slen); - } -#endif - /* strangely enough, NT does not sent the single OID NTLMSSP when not a ADS member, it sends no OIDs at all @@ -227,7 +211,7 @@ DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn) blob = data_blob(guid, 16); #else /* Code for standalone WXP client */ - blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE"); + blob = spnego_gen_negTokenInit(OIDs_plain, "NONE"); #endif } else { fstring myname; @@ -238,11 +222,36 @@ DATA_BLOB negprot_spnego(struct smbd_server_connection *sconn) == -1) { return data_blob_null; } - blob = spnego_gen_negTokenInit(guid, OIDs_krb5, host_princ_s); + blob = spnego_gen_negTokenInit(OIDs_krb5, host_princ_s); SAFE_FREE(host_princ_s); } - return blob; + blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length); + if (blob_out.data == NULL) { + data_blob_free(&blob); + return data_blob_null; + } + + memset(blob_out.data, '\0', 16); + + safe_strcpy(unix_name, global_myname(), sizeof(unix_name)-1); + strlower_m(unix_name); + push_ascii_nstring(dos_name, unix_name); + safe_strcpy((char *)blob_out.data, dos_name, 16); + +#ifdef DEVELOPER + /* Fix valgrind 'uninitialized bytes' issue. */ + slen = strlen(dos_name); + if (slen < sizeof(16)) { + memset(blob_out.data+slen, '\0', 16 - slen); + } +#endif + + memcpy(&blob_out.data[16], blob.data, blob.length); + + data_blob_free(&blob); + + return blob_out; } /**************************************************************************** @@ -381,7 +390,7 @@ static void reply_nt1(struct smb_request *req, uint16 choice) } DEBUG(3,("not using SPNEGO\n")); } else { - DATA_BLOB spnego_blob = negprot_spnego(req->sconn); + DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn); if (spnego_blob.data == NULL) { reply_nterror(req, NT_STATUS_NO_MEMORY); diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index fc20eac82c..db392f4075 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -119,11 +119,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } /* negprot_spnego() returns a the server guid in the first 16 bytes */ - negprot_spnego_blob = negprot_spnego(req->sconn); + negprot_spnego_blob = negprot_spnego(req, req->sconn); if (negprot_spnego_blob.data == NULL) { return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY); } - talloc_steal(req, negprot_spnego_blob.data); if (negprot_spnego_blob.length < 16) { return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR); |