mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r22092: - make spnego_parse_auth_response() more generic and
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
metze
(This used to be commit e9f2aa22f9
)
This commit is contained in:
parent
bcab9254cc
commit
eceb926df9
@ -114,7 +114,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
|
||||
}
|
||||
data_blob_free(&tmp_blob);
|
||||
} else if (rc == LDAP_SASL_BIND_IN_PROGRESS) {
|
||||
if (!spnego_parse_auth_response(blob, nt_status,
|
||||
if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
|
||||
&blob_in)) {
|
||||
|
||||
ntlmssp_end(&ntlmssp_state);
|
||||
|
@ -722,7 +722,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
|
||||
}
|
||||
data_blob_free(&tmp_blob);
|
||||
} else {
|
||||
if (!spnego_parse_auth_response(blob, nt_status,
|
||||
if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
|
||||
&blob_in)) {
|
||||
DEBUG(3,("Failed to parse auth response\n"));
|
||||
if (NT_STATUS_IS_OK(nt_status)
|
||||
|
@ -518,9 +518,10 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status,
|
||||
}
|
||||
|
||||
/*
|
||||
parse a SPNEGO NTLMSSP auth packet. This contains the encrypted passwords
|
||||
parse a SPNEGO auth packet. This contains the encrypted passwords
|
||||
*/
|
||||
BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
|
||||
const char *mechOID,
|
||||
DATA_BLOB *auth)
|
||||
{
|
||||
ASN1_DATA data;
|
||||
@ -541,15 +542,21 @@ BOOL spnego_parse_auth_response(DATA_BLOB blob, NTSTATUS nt_status,
|
||||
asn1_check_enumerated(&data, negResult);
|
||||
asn1_end_tag(&data);
|
||||
|
||||
if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) {
|
||||
*auth = data_blob(NULL,0);
|
||||
|
||||
if (asn1_tag_remaining(&data)) {
|
||||
asn1_start_tag(&data,ASN1_CONTEXT(1));
|
||||
asn1_check_OID(&data, OID_NTLMSSP);
|
||||
asn1_check_OID(&data, mechOID);
|
||||
asn1_end_tag(&data);
|
||||
|
||||
if (asn1_tag_remaining(&data)) {
|
||||
asn1_start_tag(&data,ASN1_CONTEXT(2));
|
||||
asn1_read_OctetString(&data, auth);
|
||||
asn1_end_tag(&data);
|
||||
}
|
||||
} else if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) {
|
||||
data.has_error = 1;
|
||||
}
|
||||
|
||||
asn1_end_tag(&data);
|
||||
asn1_end_tag(&data);
|
||||
|
@ -2002,7 +2002,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli,
|
||||
prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len);
|
||||
|
||||
/* Check we got a valid auth response. */
|
||||
if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, &tmp_blob)) {
|
||||
if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) {
|
||||
data_blob_free(&server_spnego_response);
|
||||
data_blob_free(&tmp_blob);
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
|
Loading…
Reference in New Issue
Block a user