diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-12-30 09:04:47 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-06-29 15:59:22 +0200 |
commit | b75cc98c18015848446c1e6d49db53ea8bf684f2 (patch) | |
tree | 40525d796dfbe1f88c27b7ae7c86950eb8af1043 /auth | |
parent | 7085d2bf15e167c45ff081b36b5fb41689acb9ea (diff) | |
download | samba-b75cc98c18015848446c1e6d49db53ea8bf684f2.tar.gz |
auth/spnego: consitently set spnego_state->sub_sec_ready = true after gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/spnego.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index f8be4232a2d..c548db4efb1 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -270,6 +270,9 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ ev, unwrapped_in, unwrapped_out); + if (NT_STATUS_IS_OK(nt_status)) { + spnego_state->sub_sec_ready = true; + } if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) { /* Pretend we never started it (lets the first run find some incompatible demand) */ @@ -324,6 +327,9 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ ev, data_blob_null, unwrapped_out); + if (NT_STATUS_IS_OK(nt_status)) { + spnego_state->sub_sec_ready = true; + } /* it is likely that a NULL input token will * not be liked by most server mechs, but if @@ -463,6 +469,9 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec ev, data_blob_null, &unwrapped_out); + if (NT_STATUS_IS_OK(nt_status)) { + spnego_state->sub_sec_ready = true; + } if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(nt_status)) { @@ -535,10 +544,6 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec /* set next state */ spnego_state->neg_oid = all_sec[i].oid; - if (NT_STATUS_IS_OK(nt_status)) { - spnego_state->sub_sec_ready = true; - } - return NT_STATUS_MORE_PROCESSING_REQUIRED; } talloc_free(spnego_state->sub_sec_security); @@ -768,10 +773,6 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG; spnego_state->state_position = SPNEGO_CLIENT_TARG; - if (NT_STATUS_IS_OK(nt_status)) { - spnego_state->sub_sec_ready = true; - } - spnego_free_data(&spnego); return NT_STATUS_MORE_PROCESSING_REQUIRED; } @@ -837,6 +838,9 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA out_mem_ctx, ev, spnego.negTokenTarg.responseToken, &unwrapped_out); + if (NT_STATUS_IS_OK(nt_status)) { + spnego_state->sub_sec_ready = true; + } if (!NT_STATUS_IS_OK(nt_status)) { goto server_response; } @@ -1046,11 +1050,12 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA out_mem_ctx, ev, spnego.negTokenTarg.responseToken, &unwrapped_out); + if (NT_STATUS_IS_OK(nt_status)) { + spnego_state->sub_sec_ready = true; + } if (!NT_STATUS_IS_OK(nt_status)) { goto client_response; } - - spnego_state->sub_sec_ready = true; } else { nt_status = NT_STATUS_OK; } |