sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3-libsmb: Use gensec_spnego in smb seal client

Browse Source 
This is intead of the inline, manual spnego code currently
in use.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2012-01-14 12:28:28 +11:00 committed by Stefan Metzmacher
parent d6b0d521ea
commit a1a667dd37
2 changed files with 7 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
source3/libsmb/clifsinfo.c
View File

@ -674,44 +674,6 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
return status;
}
/******************************************************************************
Get client gss blob to send to a server.
******************************************************************************/
static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
struct gensec_security *gensec_security,
NTSTATUS status_in,
DATA_BLOB spnego_blob_in,
DATA_BLOB *p_blob_out)
{
const char *krb_mechs[] = {OID_KERBEROS5, NULL};
DATA_BLOB blob_out = data_blob_null;
DATA_BLOB blob_in = data_blob_null;
NTSTATUS status = NT_STATUS_OK;
if (spnego_blob_in.length == 0) {
blob_in = spnego_blob_in;
} else {
/* Remove the SPNEGO wrapper */
if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) {
status = NT_STATUS_UNSUCCESSFUL;
goto fail;
}
}
status = gensec_update(gensec_security, ctx,
NULL, blob_in, &blob_out);
/* Wrap in an SPNEGO wrapper */
*p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL);
fail:
data_blob_free(&blob_out);
data_blob_free(&blob_in);
return status;
}
/******************************************************************************
Start a SPNEGO gssapi encryption context.
******************************************************************************/
@ -752,11 +714,13 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
goto fail;
}
if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_KERBEROS5))) {
if (!NT_STATUS_IS_OK(status = auth_generic_client_start(auth_generic_state, GENSEC_OID_SPNEGO))) {
goto fail;
}
status = make_cli_gss_blob(talloc_tos(), auth_generic_state->gensec_security, NT_STATUS_OK, blob_recv, &blob_send);
status = gensec_update(auth_generic_state->gensec_security, talloc_tos(),
NULL, blob_recv, &blob_send);
do {
data_blob_free(&blob_recv);
status = enc_blob_send_receive(cli, &blob_send, &blob_recv, &param_out);
@ -764,7 +728,8 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
es->enc_ctx_num = SVAL(param_out.data, 0);
}
data_blob_free(&blob_send);
status = make_cli_gss_blob(talloc_tos(), auth_generic_state->gensec_security, status, blob_recv, &blob_send);
status = gensec_update(auth_generic_state->gensec_security, talloc_tos(),
NULL, blob_recv, &blob_send);
} while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
data_blob_free(&blob_recv);

1
source3/param/loadparm_ctx.c
View File

@ -98,6 +98,7 @@ static const struct loadparm_s3_context s3_fns =
.client_plaintext_auth = lp_client_plaintext_auth,
.client_lanman_auth = lp_client_lanman_auth,
.client_ntlmv2_auth = lp_client_ntlmv2_auth,
.client_use_spnego_principal = lp_client_use_spnego_principal,
.private_dir = lp_private_dir,
.ncalrpc_dir = lp_ncalrpc_dir,