From eceb926df94063e91c5abc96f52a1bc7b45ce290 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 5 Apr 2007 12:30:23 +0000 Subject: r22092: - make spnego_parse_auth_response() more generic and not specific for NTLMSSP - it's possible that the server sends a mechOID and authdata if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE metze (This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22) --- source3/libsmb/clispnego.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'source3/libsmb/clispnego.c') diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 6aca217e25..0c4217c417 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -518,9 +518,10 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status, } /* - parse a SPNEGO NTLMSSP auth packet. This contains the encrypted passwords + parse a SPNEGO auth packet. This contains the encrypted passwords */ -BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, +BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, + const char *mechOID, DATA_BLOB *auth) { ASN1_DATA data; @@ -541,14 +542,20 @@ BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status, asn1_check_enumerated(&data, negResult); asn1_end_tag(&data); - if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) { + *auth = data_blob(NULL,0); + + if (asn1_tag_remaining(&data)) { asn1_start_tag(&data,ASN1_CONTEXT(1)); - asn1_check_OID(&data, OID_NTLMSSP); - asn1_end_tag(&data); - - asn1_start_tag(&data,ASN1_CONTEXT(2)); - asn1_read_OctetString(&data, auth); + asn1_check_OID(&data, mechOID); asn1_end_tag(&data); + + if (asn1_tag_remaining(&data)) { + asn1_start_tag(&data,ASN1_CONTEXT(2)); + asn1_read_OctetString(&data, auth); + asn1_end_tag(&data); + } + } else if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) { + data.has_error = 1; } asn1_end_tag(&data); -- cgit