auth/spnego: split out a gensec_spnego_client_negTokenInit() function.

Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2017-07-07 08:11:32 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2017-07-25 13:51:07 +0200
commit: 3ed3d81eee47821f97b593a9d7beaf3faf0cd745 (patch)
tree: 8a1712944deb9a0299fea9f630dedfcb9563a4f6 /auth
parent: ce6c80ab0dac167f554d021f02166005a0ca95bb (diff)
download: samba-3ed3d81eee47821f97b593a9d7beaf3faf0cd745.tar.gz
1 files changed, 68 insertions, 55 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 29f0b01a3af..f730845fbea 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -578,6 +578,70 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
 	return nt_status;
 }
 
+static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec_security,
+						  struct spnego_state *spnego_state,
+						  struct tevent_context *ev,
+						  struct spnego_data *spnego_in,
+						  TALLOC_CTX *out_mem_ctx,
+						  DATA_BLOB *out)
+{
+	DATA_BLOB sub_out = data_blob_null;
+	const char *tp = NULL;
+	struct spnego_data spnego_out;
+	const char *my_mechs[] = {NULL, NULL};
+	NTSTATUS status;
+	bool ok;
+
+	*out = data_blob_null;
+
+	/* The server offers a list of mechanisms */
+
+	tp = spnego_in->negTokenInit.targetPrincipal;
+	if (tp != NULL && strcmp(tp, ADS_IGNORE_PRINCIPAL) != 0) {
+		DBG_INFO("Server claims it's principal name is %s\n", tp);
+		if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
+			gensec_set_target_principal(gensec_security, tp);
+		}
+	}
+
+	status = gensec_spnego_parse_negTokenInit(gensec_security,
+						  spnego_state,
+						  out_mem_ctx,
+						  ev,
+						  spnego_in,
+						  &sub_out);
+	if (GENSEC_UPDATE_IS_NTERROR(status)) {
+		return status;
+	}
+
+	my_mechs[0] = spnego_state->neg_oid;
+	/* compose reply */
+	spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
+	spnego_out.negTokenInit.mechTypes = my_mechs;
+	spnego_out.negTokenInit.reqFlags = data_blob_null;
+	spnego_out.negTokenInit.reqFlagsPadding = 0;
+	spnego_out.negTokenInit.mechListMIC = data_blob_null;
+	spnego_out.negTokenInit.mechToken = sub_out;
+
+	if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
+		DBG_ERR("Failed to write SPNEGO reply to NEG_TOKEN_INIT\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ok = spnego_write_mech_types(spnego_state,
+				     my_mechs,
+				     &spnego_state->mech_types);
+	if (!ok) {
+		DBG_ERR("failed to write mechTypes\n");
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* set next state */
+	spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
+	spnego_state->state_position = SPNEGO_CLIENT_TARG;
+
+	return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
 
 /** create a server negTokenTarg 
  *
@@ -649,61 +713,10 @@ static NTSTATUS gensec_spnego_update_client(struct gensec_security *gensec_secur
 
 	switch (spnego_state->state_position) {
 	case SPNEGO_CLIENT_START:
-	{
-		/* The server offers a list of mechanisms */
-
-		const char *my_mechs[] = {NULL, NULL};
-		NTSTATUS nt_status = NT_STATUS_INVALID_PARAMETER;
-		bool ok;
-		const char *tp = NULL;
-
-		tp = spnego_in->negTokenInit.targetPrincipal;
-		if (tp != NULL && strcmp(tp, ADS_IGNORE_PRINCIPAL) != 0) {
-			DEBUG(5, ("Server claims it's principal name is %s\n", tp));
-			if (lpcfg_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
-				gensec_set_target_principal(gensec_security, tp);
-			}
-		}
-
-		nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
-							     spnego_state,
-							     out_mem_ctx, 
-							     ev,
-							     spnego_in,
-							     &unwrapped_out);
-
-		if (GENSEC_UPDATE_IS_NTERROR(nt_status)) {
-			return nt_status;
-		}
-
-		my_mechs[0] = spnego_state->neg_oid;
-		/* compose reply */
-		spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
-		spnego_out.negTokenInit.mechTypes = my_mechs;
-		spnego_out.negTokenInit.reqFlags = data_blob_null;
-		spnego_out.negTokenInit.reqFlagsPadding = 0;
-		spnego_out.negTokenInit.mechListMIC = data_blob_null;
-		spnego_out.negTokenInit.mechToken = unwrapped_out;
-
-		if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
-			DEBUG(1, ("Failed to write SPNEGO reply to NEG_TOKEN_INIT\n"));
-				return NT_STATUS_INVALID_PARAMETER;
-		}
-
-		ok = spnego_write_mech_types(spnego_state,
-					     my_mechs,
-					     &spnego_state->mech_types);
-		if (!ok) {
-			DEBUG(1, ("SPNEGO: Failed to write mechTypes\n"));
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		/* set next state */
-		spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
-		spnego_state->state_position = SPNEGO_CLIENT_TARG;
-
-		return NT_STATUS_MORE_PROCESSING_REQUIRED;
-	}
+		return gensec_spnego_client_negTokenInit(gensec_security,
+							 spnego_state,
+							 ev, spnego_in,
+							 out_mem_ctx, out);
 
 	case SPNEGO_CLIENT_TARG:
 	{
author	Stefan Metzmacher <metze@samba.org>	2017-07-07 08:11:32 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2017-07-25 13:51:07 +0200
commit	3ed3d81eee47821f97b593a9d7beaf3faf0cd745 (patch)
tree	8a1712944deb9a0299fea9f630dedfcb9563a4f6 /auth
parent	ce6c80ab0dac167f554d021f02166005a0ca95bb (diff)
download	samba-3ed3d81eee47821f97b593a9d7beaf3faf0cd745.tar.gz