diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-06-14 03:29:58 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-06-29 20:15:05 +0200 |
commit | 6cddaa577bf402eccac1bd1240c7cf83549564fe (patch) | |
tree | 16c1cd3cb375214215783564ea0c1298033ba101 /auth/gensec/spnego.c | |
parent | e9f1daa6f43fcb2c6db35c66d786947cf2af9bc5 (diff) | |
download | samba-6cddaa577bf402eccac1bd1240c7cf83549564fe.tar.gz |
auth/spnego: do basic state_position checking in gensec_spnego_update_in()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 20:15:05 CEST 2017 on sn-devel-144
Diffstat (limited to 'auth/gensec/spnego.c')
-rw-r--r-- | auth/gensec/spnego.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index bb2aa70a4d8..964f44f1662 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -1383,14 +1383,9 @@ static struct tevent_req *gensec_spnego_update_send(TALLOC_CTX *mem_ctx, &spnego_state->out_frag); break; - case SPNEGO_DONE: - /* We should not be called after we are 'done' */ - tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); - return tevent_req_post(req, ev); - default: - tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); - return tevent_req_post(req, ev); + smb_panic(__location__); + return NULL; } if (NT_STATUS_IS_OK(status)) { @@ -1434,6 +1429,23 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security, *full_in = data_blob_null; + switch (spnego_state->state_position) { + case SPNEGO_FALLBACK: + *full_in = in; + spnego_state->in_needed = 0; + return NT_STATUS_OK; + + case SPNEGO_CLIENT_START: + case SPNEGO_CLIENT_TARG: + case SPNEGO_SERVER_START: + case SPNEGO_SERVER_TARG: + break; + + case SPNEGO_DONE: + default: + return NT_STATUS_INVALID_PARAMETER; + } + if (spnego_state->in_needed == 0) { size_t size = 0; int ret; |