From 9812a7e32e515315302d3040a4145592640de7f7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 18 Apr 2007 00:34:10 +0000
Subject: r22327: Finish the gss-spnego part of the seal code. Now for
 testing.... Jeremy. (This used to be commit
 1c1f5360b67792f14b50835a2c5a4d4ac68aca8f)

---
 source3/smbd/seal.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

(limited to 'source3/smbd/seal.c')

diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 259aff014a..c6fab5f078 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -333,9 +333,12 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
 	OM_uint32 flags = 0;
 	gss_buffer_desc in_buf, out_buf;
 	struct smb_tran_enc_state_gss *gss_state;
+	DATA_BLOB auth_reply = data_blob(NULL,0);
+	DATA_BLOB response = data_blob(NULL,0);
+	NTSTATUS status;
 
 	if (!partial_srv_trans_enc_ctx) {
-		NTSTATUS status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx);
+		status = make_srv_encryption_context(SMB_TRANS_ENC_GSS, &partial_srv_trans_enc_ctx);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -361,8 +364,9 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
 				NULL,		/* Ingore time. */
 				NULL);		/* Ignore delegated creds. */
 
+	status = gss_err_to_ntstatus(ret, min);
 	if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
-		return gss_err_to_ntstatus(ret, min);
+		return status;
 	}
 
 	/* Ensure we've got sign+seal available. */
@@ -376,20 +380,18 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
 		}
 	}
 
-	SAFE_FREE(*ppdata);
-	*ppdata = memdup(out_buf.value, out_buf.length);
-	if (!*ppdata) {
-		gss_release_buffer(&min, &out_buf);
-		return NT_STATUS_NO_MEMORY;
-	}
-	*p_data_size = out_buf.length;
+	auth_reply = data_blob(out_buf.value, out_buf.length);
 	gss_release_buffer(&min, &out_buf);
 
-	if (ret != GSS_S_CONTINUE_NEEDED) {
-		return NT_STATUS_MORE_PROCESSING_REQUIRED;
-	} else {
-		return NT_STATUS_OK;
-	}
+	/* Wrap in SPNEGO. */
+	response = spnego_gen_auth_response(&auth_reply, status, OID_KERBEROS5);
+	data_blob_free(&auth_reply);
+
+	SAFE_FREE(*ppdata);
+	*ppdata = response.data;
+	*p_data_size = response.length;
+
+	return status;
 }
 #endif
 
-- 
cgit