diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-07-07 10:54:54 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-07-25 13:51:09 +0200 |
commit | 1c2ed3dec96cb201cd78b7a324dbe96ab7ac26e9 (patch) | |
tree | cf290ac11887e2a1f8fce1f643f3a6b9c7f46211 /auth | |
parent | 8ddfafdb7e6df21b83475b593e908ee11d1304b6 (diff) | |
download | samba-1c2ed3dec96cb201cd78b7a324dbe96ab7ac26e9.tar.gz |
auth/spnego: remove unused indentation level from gensec_spnego_parse_negTokenInit()
gensec_spnego_parse_negTokenInit() is only used as server now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/spnego.c | 128 |
1 files changed, 65 insertions, 63 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 80f0af3f8b7..f943463ba30 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -221,6 +221,11 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ DATA_BLOB unwrapped_in = data_blob_null; bool ok; const struct gensec_security_ops_wrapper *all_sec = NULL; + uint32_t j; + + if (spnego_state->state_position != SPNEGO_SERVER_START) { + return NT_STATUS_INTERNAL_ERROR; + } if (spnego_in->type != SPNEGO_NEG_TOKEN_INIT) { return NT_STATUS_INTERNAL_ERROR; @@ -249,80 +254,77 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ return NT_STATUS_NO_MEMORY; } - if (spnego_state->state_position == SPNEGO_SERVER_START) { - uint32_t j; - for (j=0; mechType && mechType[j]; j++) { - for (i=0; all_sec && all_sec[i].op; i++) { - if (strcmp(mechType[j], all_sec[i].oid) != 0) { - continue; - } - - nt_status = gensec_subcontext_start(spnego_state, - gensec_security, - &spnego_state->sub_sec_security); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - /* select the sub context */ - nt_status = gensec_start_mech_by_ops(spnego_state->sub_sec_security, - all_sec[i].op); - if (!NT_STATUS_IS_OK(nt_status)) { - /* - * Pretend we never started it - */ - gensec_spnego_update_sub_abort(spnego_state); - break; - } - - if (j > 0) { - /* no optimistic token */ - spnego_state->neg_oid = all_sec[i].oid; - *unwrapped_out = data_blob_null; - nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED; - /* - * Indicate the downgrade and request a - * mic. - */ - spnego_state->downgraded = true; - spnego_state->mic_requested = true; - break; - } - - nt_status = gensec_update_ev(spnego_state->sub_sec_security, - out_mem_ctx, - ev, - unwrapped_in, - unwrapped_out); - if (NT_STATUS_IS_OK(nt_status)) { - spnego_state->sub_sec_ready = true; - } - if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || - NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { - - DEBUG(1, ("SPNEGO(%s) NEG_TOKEN_INIT failed to parse contents: %s\n", - spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); + for (j=0; mechType && mechType[j]; j++) { + for (i=0; all_sec && all_sec[i].op; i++) { + if (strcmp(mechType[j], all_sec[i].oid) != 0) { + continue; + } - /* - * Pretend we never started it - */ - gensec_spnego_update_sub_abort(spnego_state); - break; - } + nt_status = gensec_subcontext_start(spnego_state, + gensec_security, + &spnego_state->sub_sec_security); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + /* select the sub context */ + nt_status = gensec_start_mech_by_ops(spnego_state->sub_sec_security, + all_sec[i].op); + if (!NT_STATUS_IS_OK(nt_status)) { + /* + * Pretend we never started it + */ + gensec_spnego_update_sub_abort(spnego_state); + break; + } + if (j > 0) { + /* no optimistic token */ spnego_state->neg_oid = all_sec[i].oid; + *unwrapped_out = data_blob_null; + nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED; + /* + * Indicate the downgrade and request a + * mic. + */ + spnego_state->downgraded = true; + spnego_state->mic_requested = true; break; } - if (spnego_state->sub_sec_security) { + + nt_status = gensec_update_ev(spnego_state->sub_sec_security, + out_mem_ctx, + ev, + unwrapped_in, + unwrapped_out); + if (NT_STATUS_IS_OK(nt_status)) { + spnego_state->sub_sec_ready = true; + } + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || + NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { + + DEBUG(1, ("SPNEGO(%s) NEG_TOKEN_INIT failed to parse contents: %s\n", + spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status))); + + /* + * Pretend we never started it + */ + gensec_spnego_update_sub_abort(spnego_state); break; } - } - if (!spnego_state->sub_sec_security) { - DEBUG(1, ("SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT\n")); - return NT_STATUS_INVALID_PARAMETER; + spnego_state->neg_oid = all_sec[i].oid; + break; + } + if (spnego_state->sub_sec_security) { + break; } } + if (!spnego_state->sub_sec_security) { + DEBUG(1, ("SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT\n")); + return NT_STATUS_INVALID_PARAMETER; + } + /* Having tried any optimistic token from the client (if we * were the server), if we didn't get anywhere, walk our list * in our preference order */ |