Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit().

We now have one function to do this in all calling code. More rationalization
to follow.

Jeremy.

source3/include/proto.h

@@ -2821,9 +2821,9 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
 
 /* The following definitions come from libsmb/clispnego.c  */
 
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[], 
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+				  DATA_BLOB *psecblob,
 				  const char *principal);
-DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob);
 bool spnego_parse_negTokenInit(DATA_BLOB blob,
 			       char *OIDs[ASN1_MAX_OIDS],
 			       char **principal,

source3/libads/sasl.c

@@ -190,8 +190,9 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
 		     || NT_STATUS_IS_OK(nt_status))
 		    && blob_out.length) {
 			if (turn == 1) {
+				const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 				/* and wrap it in a SPNEGO wrapper */
-				msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
+				msg1 = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
 			} else {
 				/* wrap it in SPNEGO */
 				msg1 = spnego_gen_auth(blob_out);

source3/libsmb/cliconnect.c

@@ -984,6 +984,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
 	struct cli_session_setup_ntlmssp_state *state;
 	NTSTATUS status;
 	DATA_BLOB blob_out;
+	const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
 	req = tevent_req_create(mem_ctx, &state,
 				struct cli_session_setup_ntlmssp_state);
@@ -1032,7 +1033,7 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
 		goto fail;
 	}
 
-	state->blob_out = gen_negTokenInit(OID_NTLMSSP, blob_out);
+	state->blob_out = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
 	data_blob_free(&blob_out);
 
 	subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);

source3/libsmb/clispnego.c

@@ -25,9 +25,11 @@
 
 /*
   generate a negTokenInit packet given a list of supported
-  OIDs (the mechanisms) and a principal name string 
+  OIDs (the mechanisms) a blob, and a principal name string
 */
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[], 
+
+DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+				  DATA_BLOB *psecblob,
 				  const char *principal)
 {
 	int i;
@@ -52,61 +54,23 @@ DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
 	asn1_pop_tag(data);
 	asn1_pop_tag(data);
 
-	asn1_push_tag(data, ASN1_CONTEXT(3));
-	asn1_push_tag(data, ASN1_SEQUENCE(0));
-	asn1_push_tag(data, ASN1_CONTEXT(0));
-	asn1_write_GeneralString(data,principal);
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-
-	asn1_pop_tag(data);
-
-	if (data->has_error) {
-		DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
+	if (psecblob && psecblob->length && psecblob->data) {
+		asn1_push_tag(data, ASN1_CONTEXT(2));
+		asn1_write_OctetString(data,psecblob->data,
+			psecblob->length);
+		asn1_pop_tag(data);
 	}
 
-	ret = data_blob(data->data, data->length);
-	asn1_free(data);
-
-	return ret;
-}
-
-/*
-  Generate a negTokenInit as used by the client side ... It has a mechType
-  (OID), and a mechToken (a security blob) ... 
-
-  Really, we need to break out the NTLMSSP stuff as well, because it could be
-  raw in the packets!
-*/
-DATA_BLOB gen_negTokenInit(const char *OID, DATA_BLOB blob)
-{
-	ASN1_DATA *data;
-	DATA_BLOB ret;
-
-	data = asn1_init(talloc_tos());
-	if (data == NULL) {
-		return data_blob_null;
+	if (principal) {
+		asn1_push_tag(data, ASN1_CONTEXT(3));
+		asn1_push_tag(data, ASN1_SEQUENCE(0));
+		asn1_push_tag(data, ASN1_CONTEXT(0));
+		asn1_write_GeneralString(data,principal);
+		asn1_pop_tag(data);
+		asn1_pop_tag(data);
+		asn1_pop_tag(data);
 	}
 
-	asn1_push_tag(data, ASN1_APPLICATION(0));
-	asn1_write_OID(data,OID_SPNEGO);
-	asn1_push_tag(data, ASN1_CONTEXT(0));
-	asn1_push_tag(data, ASN1_SEQUENCE(0));
-
-	asn1_push_tag(data, ASN1_CONTEXT(0));
-	asn1_push_tag(data, ASN1_SEQUENCE(0));
-	asn1_write_OID(data, OID);
-	asn1_pop_tag(data);
-	asn1_pop_tag(data);
-
-	asn1_push_tag(data, ASN1_CONTEXT(2));
-	asn1_write_OctetString(data,blob.data,blob.length);
-	asn1_pop_tag(data);
-
 	asn1_pop_tag(data);
 	asn1_pop_tag(data);
 

source3/rpc_client/cli_pipe.c

@@ -1338,6 +1338,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 	DATA_BLOB null_blob = data_blob_null;
 	DATA_BLOB request = data_blob_null;
 	DATA_BLOB spnego_msg = data_blob_null;
+	const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
 	DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
 	status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
@@ -1350,7 +1351,7 @@ static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *
 	}
 
 	/* Wrap this in SPNEGO. */
-	spnego_msg = gen_negTokenInit(OID_NTLMSSP, request);
+	spnego_msg = spnego_gen_negTokenInit(OIDs_ntlm, &request, NULL);
 
 	data_blob_free(&request);
 

source3/smbd/negprot.c

@@ -189,7 +189,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 				   OID_KERBEROS5_OLD,
 				   OID_NTLMSSP,
 				   NULL};
-	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
+	const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
 
 	sconn->smb1.negprot.spnego = true;
 	/* strangely enough, NT does not sent the single OID NTLMSSP when
@@ -211,7 +211,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		blob = data_blob(guid, 16);
 #else
 		/* Code for standalone WXP client */
-		blob = spnego_gen_negTokenInit(OIDs_plain, "NONE");
+		blob = spnego_gen_negTokenInit(OIDs_ntlm, NULL, "NONE");
 #endif
 	} else {
 		fstring myname;
@@ -222,7 +222,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 		    == -1) {
 			return data_blob_null;
 		}
-		blob = spnego_gen_negTokenInit(OIDs_krb5, host_princ_s);
+		blob = spnego_gen_negTokenInit(OIDs_krb5, NULL, host_princ_s);
 		SAFE_FREE(host_princ_s);
 	}