diff options
| author | Günther Deschner <gd@samba.org> | 2009-10-15 16:01:36 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2009-10-20 15:00:36 +0200 |
| commit | e9797070e29898d1ceb8caa6d591d16558acf834 (patch) | |
| tree | 9714e7e59a2a51bf3de84d3cdfb02d70330846e7 | |
| parent | 6ed52d80565c5558a70a75cb634dff8b62b8794c (diff) | |
| download | samba-e9797070e29898d1ceb8caa6d591d16558acf834.tar.gz | |
s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.
Guenther
(cherry picked from commit 78ba2e1b9e5a63443f4cd51d34c16bc7cc9c6941)
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/libsmb/clispnego.c | 35 |
2 files changed, 17 insertions, 20 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 1484e111d94..fb45056a96a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -465,7 +465,7 @@ LIBCLI_LDAP_NDR_OBJ = ../libcli/ldap/ldap_ndr.o CLDAP_OBJ = libads/cldap.o $(LIBCLI_LDAP_MESSAGE_OBJ) $(LIBCLI_LDAP_NDR_OBJ) LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ - libsmb/clikrb5.o libsmb/clispnego.o ../lib/util/asn1.o \ + libsmb/clikrb5.o libsmb/clispnego.o libsmb/spnego.o ../lib/util/asn1.o \ libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \ libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index fb95d719259..b531c3976ef 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -494,31 +494,28 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) */ bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) { - ASN1_DATA *data; + SPNEGO_DATA token; + ssize_t len; - data = asn1_init(talloc_tos()); - if (data == NULL) { + len = read_spnego_data(talloc_tos(), blob, &token); + if (len == -1) { + DEBUG(3,("spnego_parse_auth: read_spnego_data failed\n")); return false; } - asn1_load(data, blob); - asn1_start_tag(data, ASN1_CONTEXT(1)); - asn1_start_tag(data, ASN1_SEQUENCE(0)); - asn1_start_tag(data, ASN1_CONTEXT(2)); - asn1_read_OctetString(data, NULL, auth); - asn1_end_tag(data); - asn1_end_tag(data); - asn1_end_tag(data); - - if (data->has_error) { - DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data->ofs)); - data_blob_free(auth); - asn1_free(data); - return False; + if (token.type != SPNEGO_NEG_TOKEN_TARG) { + DEBUG(3,("spnego_parse_auth: wrong token type: %d\n", + token.type)); + free_spnego_data(&token); + return false; } - asn1_free(data); - return True; + *auth = data_blob_talloc(talloc_tos(), + token.negTokenTarg.responseToken.data, + token.negTokenTarg.responseToken.length); + free_spnego_data(&token); + + return true; } /* |