diff options
| author | Stefan Metzmacher <metze@samba.org> | 2016-12-30 16:06:49 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2017-07-05 06:43:17 +0200 |
| commit | 79faf30151297c2c0557d7707207589d49c81cfb (patch) | |
| tree | d2869cfc0ae7e05490c708b6379dc2eddbfc088d /auth | |
| parent | f266b3550130b2c9dfd8fe3822c2ed4dd74e3826 (diff) | |
| download | samba-79faf30151297c2c0557d7707207589d49c81cfb.tar.gz | |
auth/spnego: pass spnego_in to gensec_spnego_parse_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 5 06:43:17 CEST 2017 on sn-devel-144
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/gensec/spnego.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index c66cb4042a5..6168c93a810 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -212,15 +212,24 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ struct spnego_state *spnego_state, TALLOC_CTX *out_mem_ctx, struct tevent_context *ev, - const char * const *mechType, - const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out) + struct spnego_data *spnego_in, + DATA_BLOB *unwrapped_out) { int i; NTSTATUS nt_status = NT_STATUS_INVALID_PARAMETER; + const char * const *mechType = NULL; + DATA_BLOB unwrapped_in = data_blob_null; bool ok; + const struct gensec_security_ops_wrapper *all_sec = NULL; - const struct gensec_security_ops_wrapper *all_sec - = gensec_security_by_oid_list(gensec_security, + if (spnego_in->type != SPNEGO_NEG_TOKEN_INIT) { + return NT_STATUS_INTERNAL_ERROR; + } + + mechType = spnego_in->negTokenInit.mechTypes; + unwrapped_in = spnego_in->negTokenInit.mechToken; + + all_sec = gensec_security_by_oid_list(gensec_security, out_mem_ctx, mechType, GENSEC_OID_SPNEGO); @@ -310,6 +319,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ /* Having tried any optimistic token from the client (if we * were the server), if we didn't get anywhere, walk our list * in our preference order */ + unwrapped_in = data_blob_null; if (!spnego_state->sub_sec_security) { for (i=0; all_sec && all_sec[i].op; i++) { @@ -336,7 +346,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ nt_status = gensec_update_ev(spnego_state->sub_sec_security, out_mem_ctx, ev, - data_blob_null, + unwrapped_in, unwrapped_out); if (NT_STATUS_IS_OK(nt_status)) { spnego_state->sub_sec_ready = true; @@ -688,8 +698,7 @@ static NTSTATUS gensec_spnego_update_client(struct gensec_security *gensec_secur spnego_state, out_mem_ctx, ev, - spnego.negTokenInit.mechTypes, - spnego.negTokenInit.mechToken, + &spnego, &unwrapped_out); if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) { @@ -1105,8 +1114,7 @@ static NTSTATUS gensec_spnego_update_server(struct gensec_security *gensec_secur spnego_state, out_mem_ctx, ev, - spnego.negTokenInit.mechTypes, - spnego.negTokenInit.mechToken, + &spnego, &unwrapped_out); if (spnego_state->simulate_w2k) { |