From 0bb8d133c9a39873828dbe977513edd31e1a7045 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 19 Jul 2010 17:14:26 -0700
Subject: Remove gen_negTokenInit() - change all callers to
 spnego_gen_negTokenInit(). We now have one function to do this in all calling
 code. More rationalization to follow.

Jeremy.
---
 source3/include/proto.h       |  4 +--
 source3/libads/sasl.c         |  3 +-
 source3/libsmb/cliconnect.c   |  3 +-
 source3/libsmb/clispnego.c    | 70 +++++++++++--------------------------------
 source3/rpc_client/cli_pipe.c |  3 +-
 source3/smbd/negprot.c        |  6 ++--
 6 files changed, 28 insertions(+), 61 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index a0bb55c0a8..a85f7b5434 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2821,9 +2821,9 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
 
 /* The following definitions come from libsmb/clispnego.c  */
 
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[], 
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+				  DATA_BLOB *psecblob,
 				  const char *principal);
-DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob);
 bool spnego_parse_negTokenInit(DATA_BLOB blob,
 			       char *OIDs[ASN1_MAX_OIDS],
 			       char **principal,
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index aa3acbd9ae..b314eb9c0f 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -190,8 +190,9 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
 		     || NT_STATUS_IS_OK(nt_status))
 		    && blob_out.length) {
 			if (turn == 1) {
+				const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 				/* and wrap it in a SPNEGO wrapper */
-				msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
+				msg1 = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
 			} else {
 				/* wrap it in SPNEGO */
 				msg1 = spnego_gen_auth(blob_out);
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 7fe359b9ae..a8e359dab1 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -984,6 +984,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
 	struct cli_session_setup_ntlmssp_state *state;
 	NTSTATUS status;
 	DATA_BLOB blob_out;
+	const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
 	req = tevent_req_create(mem_ctx, &state,
 				struct cli_session_setup_ntlmssp_state);
@@ -1032,7 +1033,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
 		goto fail;
 	}
 
-	state->blob_out = gen_negTokenInit(OID_NTLMSSP, blob_out);
+	state->blob_out = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
 	data_blob_free(&blob_out);
 
 	subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 2cf276485e..e1eb03bb6f 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -25,9 +25,11 @@
 
 /*
   generate a negTokenInit packet given a list of supported
-  OIDs (the mechanisms) and a principal name string 
+  OIDs (the mechanisms) a blob, and a principal name string
 */
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[], 
+
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+				  DATA_BLOB *psecblob,
 				  const char *principal)
 {
 	int i;
@@ -52,61 +54,23 @@ DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
 	asn1_pop_tag(data);
 	asn1_pop_tag(data);
 
-	asn1_push_tag(data, ASN1_CONTEXT(3));
-	asn1_push_tag(data, ASN1_SEQUENCE(0));
-	asn1_push_tag(data, ASN1_CONTEXT(0));
-	asn1_write_GeneralString(data,principal);
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-
-	asn1_pop_tag(data);
-
-	if (data->has_error) {
-		DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
+	if (psecblob && psecblob->length && psecblob->data) {
+		asn1_push_tag(data, ASN1_CONTEXT(2));
+		asn1_write_OctetString(data,psecblob->data,
+			psecblob->length);
+		asn1_pop_tag(data);
 	}
 
-	ret = data_blob(data->data, data->length);
-	asn1_free(data);
-
-	return ret;
-}
-
-/*
-  Generate a negTokenInit as used by the client side ... It has a mechType
-  (OID), and a mechToken (a security blob) ... 
-
-  Really, we need to break out the NTLMSSP stuff as well, because it could be
-  raw in the packets!
-*/
-DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
-{
-	ASN1_DATA *data;
-	DATA_BLOB ret;
-
-	data = asn1_init(talloc_tos());
-	if (data == NULL) {
-		return data_blob_null;
+	if (principal) {
+		asn1_push_tag(data, ASN1_CONTEXT(3));
+		asn1_push_tag(data, ASN1_SEQUENCE(0));
+		asn1_push_tag(data, ASN1_CONTEXT(0));
+		asn1_write_GeneralString(data,principal);
+		asn1_pop_tag(data);
+		asn1_pop_tag(data);
+		asn1_pop_tag(data);
 	}
 
-	asn1_push_tag(data, ASN1_APPLICATION(0));
-	asn1_write_OID(data,OID_SPNEGO);
-	asn1_push_tag(data, ASN1_CONTEXT(0));
-	asn1_push_tag(data, ASN1_SEQUENCE(0));
-
-	asn1_push_tag(data, ASN1_CONTEXT(0));
-	asn1_push_tag(data, ASN1_SEQUENCE(0));
-	asn1_write_OID(data, OID);
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-
-	asn1_push_tag(data, ASN1_CONTEXT(2));
-	asn1_write_OctetString(data,blob.data,blob.length);
-	asn1_pop_tag(data);
-
 	asn1_pop_tag(data);
 	asn1_pop_tag(data);
 
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8dd9386eab..2e777466c4 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1338,6 +1338,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 	DATA_BLOB null_blob = data_blob_null;
 	DATA_BLOB request = data_blob_null;
 	DATA_BLOB spnego_msg = data_blob_null;
+	const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
 	DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
 	status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
@@ -1350,7 +1351,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 	}
 
 	/* Wrap this in SPNEGO. */
-	spnego_msg = gen_negTokenInit(OID_NTLMSSP, request);
+	spnego_msg = spnego_gen_negTokenInit(OIDs_ntlm, &request, NULL);
 
 	data_blob_free(&request);
 
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index e7cf5b7591..c5c83cac30 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -189,7 +189,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 				   OID_KERBEROS5_OLD,
 				   OID_NTLMSSP,
 				   NULL};
-	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
+	const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
 	sconn->smb1.negprot.spnego = true;
 	/* strangely enough, NT does not sent the single OID NTLMSSP when
@@ -211,7 +211,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		blob = data_blob(guid, 16);
 #else
 		/* Code for standalone WXP client */
-		blob = spnego_gen_negTokenInit(OIDs_plain, "NONE");
+		blob = spnego_gen_negTokenInit(OIDs_ntlm, NULL, "NONE");
 #endif
 	} else {
 		fstring myname;
@@ -222,7 +222,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		    == -1) {
 			return data_blob_null;
 		}
-		blob = spnego_gen_negTokenInit(OIDs_krb5, host_princ_s);
+		blob = spnego_gen_negTokenInit(OIDs_krb5, NULL, host_princ_s);
 		SAFE_FREE(host_princ_s);
 	}
 
-- 
cgit