From f2c85595dae81e119d0f7f9ec769ff865916a052 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 12 Aug 2003 19:00:08 +0000 Subject: [PATCH] Some more shuffling around gss-spnego server --- source/utils/ntlm_auth.c | 79 +++++++++++++++++++++------------------- 1 file changed, 41 insertions(+), 38 deletions(-) diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c index da41f9dd080..5154744ed1e 100644 --- a/source/utils/ntlm_auth.c +++ b/source/utils/ntlm_auth.c @@ -410,6 +410,9 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode, NTSTATUS status; ssize_t len; + char *user = NULL; + char *domain = NULL; + const char *reply_code; char *reply_base64; pstring reply_argument; @@ -470,40 +473,36 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode, return; } - if ( strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) != 0 ) { - DEBUG(1, ("Client did not choose NTLMSSP but %s\n", - request.negTokenInit.mechTypes[0])); - x_fprintf(x_stdout, "BH\n"); - return; + if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) { + + if ( request.negTokenInit.mechToken.data == NULL ) { + DEBUG(1, ("Client did not provide NTLMSSP data\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if ( ntlmssp_state != NULL ) { + DEBUG(1, ("Client wants a new NTLMSSP challenge, but " + "already got one\n")); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_server_end(&ntlmssp_state); + return; + } + + ntlmssp_server_start(&ntlmssp_state); + ntlmssp_state->check_password = winbind_pw_check; + ntlmssp_state->get_domain = get_winbind_domain; + ntlmssp_state->get_global_myname = get_winbind_netbios_name; + + DEBUG(10, ("got NTLMSSP packet:\n")); + dump_data(10, request.negTokenInit.mechToken.data, + request.negTokenInit.mechToken.length); + + status = ntlmssp_server_update(ntlmssp_state, + request.negTokenInit.mechToken, + &response.negTokenTarg.responseToken); } - if ( request.negTokenInit.mechToken.data == NULL ) { - DEBUG(1, ("Client did not provide NTLMSSP data\n")); - x_fprintf(x_stdout, "BH\n"); - return; - } - - if ( ntlmssp_state != NULL ) { - DEBUG(1, ("Client wants a new NTLMSSP challenge, but " - "already got one\n")); - x_fprintf(x_stdout, "BH\n"); - ntlmssp_server_end(&ntlmssp_state); - return; - } - - ntlmssp_server_start(&ntlmssp_state); - ntlmssp_state->check_password = winbind_pw_check; - ntlmssp_state->get_domain = get_winbind_domain; - ntlmssp_state->get_global_myname = get_winbind_netbios_name; - - DEBUG(10, ("got NTLMSSP packet:\n")); - dump_data(10, request.negTokenInit.mechToken.data, - request.negTokenInit.mechToken.length); - - status = ntlmssp_server_update(ntlmssp_state, - request.negTokenInit.mechToken, - &response.negTokenTarg.responseToken); - } else { /* request.type == SPNEGO_NEG_TOKEN_TARG */ @@ -517,6 +516,12 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode, status = ntlmssp_server_update(ntlmssp_state, request.negTokenTarg.responseToken, &response.negTokenTarg.responseToken); + + if (NT_STATUS_IS_OK(status)) { + user = strdup(ntlmssp_state->user); + domain = strdup(ntlmssp_state->domain); + ntlmssp_server_end(&ntlmssp_state); + } } free_spnego_data(&request); @@ -528,8 +533,7 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode, if (NT_STATUS_IS_OK(status)) { response.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED; reply_code = "AF"; - pstr_sprintf(reply_argument, "%s\\%s", - ntlmssp_state->domain, ntlmssp_state->user); + pstr_sprintf(reply_argument, "%s\\%s", domain, user); } else if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { response.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE; @@ -541,6 +545,9 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode, pstrcpy(reply_argument, nt_errstr(status)); } + SAFE_FREE(user); + SAFE_FREE(domain); + len = write_spnego_data(&token, &response); free_spnego_data(&response); @@ -558,10 +565,6 @@ static void manage_gss_spnego_request(enum squid_mode squid_mode, SAFE_FREE(reply_base64); data_blob_free(&token); - if (NT_STATUS_IS_OK(status)) { - ntlmssp_server_end(&ntlmssp_state); - } - return; }