auth/spnego: move the output generation to the end of gensec_spnego_create_negTokenInit()

This will simplify the diff of future patches. Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2017-07-13 15:41:23 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2017-07-25 13:51:10 +0200
commit: 248be3bfa63aa52a41993ee70dcf5380be394f20 (patch)
tree: 408202405c2864fd3c632e6315f28f0227910e79 /auth
parent: 81df16a54ab28b0e4925623aaec93ac6238eb4be (diff)
download: samba-248be3bfa63aa52a41993ee70dcf5380be394f20.tar.gz
1 files changed, 44 insertions, 42 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0e37c3faf21..bface127545 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -218,6 +218,9 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
 	const char **mechTypes = NULL;
 	DATA_BLOB unwrapped_out = data_blob_null;
 	const struct gensec_security_ops_wrapper *all_sec;
+	const char **send_mech_types = NULL;
+	struct spnego_data spnego_out;
+	bool ok;
 
 	mechTypes = gensec_security_oids(gensec_security, 
 					 out_mem_ctx, GENSEC_OID_SPNEGO);
@@ -227,10 +230,6 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
 					      mechTypes,
 					      GENSEC_OID_SPNEGO);
 	for (i=0; all_sec && all_sec[i].op; i++) {
-		struct spnego_data spnego_out;
-		const char **send_mech_types;
-		bool ok;
-
 		nt_status = gensec_subcontext_start(spnego_state,
 						    gensec_security,
 						    &spnego_state->sub_sec_security);
@@ -292,55 +291,58 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
 			}
 		}
 
-		spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
+		goto reply;
+	}
+	gensec_spnego_update_sub_abort(spnego_state);
 
-		send_mech_types = gensec_security_oids_from_ops_wrapped(out_mem_ctx,
-									&all_sec[i]);
+	DEBUG(10, ("Failed to setup SPNEGO negTokenInit request: %s\n", nt_errstr(nt_status)));
+	return nt_status;
 
-		ok = spnego_write_mech_types(spnego_state,
-					     send_mech_types,
-					     &spnego_state->mech_types);
-		if (!ok) {
-			DEBUG(1, ("SPNEGO: Failed to write mechTypes\n"));
-			return NT_STATUS_NO_MEMORY;
-		}
+reply:
+	spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
 
-		/* List the remaining mechs as options */
-		spnego_out.negTokenInit.mechTypes = send_mech_types;
-		spnego_out.negTokenInit.reqFlags = data_blob_null;
-		spnego_out.negTokenInit.reqFlagsPadding = 0;
+	send_mech_types = gensec_security_oids_from_ops_wrapped(out_mem_ctx,
+								&all_sec[i]);
 
-		if (spnego_state->state_position == SPNEGO_SERVER_START) {
-			spnego_out.negTokenInit.mechListMIC
-				= data_blob_string_const(ADS_IGNORE_PRINCIPAL);
-		} else {
-			spnego_out.negTokenInit.mechListMIC = data_blob_null;
-		}
+	ok = spnego_write_mech_types(spnego_state,
+				     send_mech_types,
+				     &spnego_state->mech_types);
+	if (!ok) {
+		DEBUG(1, ("SPNEGO: Failed to write mechTypes\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
 
-		spnego_out.negTokenInit.mechToken = unwrapped_out;
+	/* List the remaining mechs as options */
+	spnego_out.negTokenInit.mechTypes = send_mech_types;
+	spnego_out.negTokenInit.reqFlags = data_blob_null;
+	spnego_out.negTokenInit.reqFlagsPadding = 0;
 
-		if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
-			DEBUG(1, ("Failed to write NEG_TOKEN_INIT\n"));
-				return NT_STATUS_INVALID_PARAMETER;
-		}
+	if (spnego_state->state_position == SPNEGO_SERVER_START) {
+		spnego_out.negTokenInit.mechListMIC
+			= data_blob_string_const(ADS_IGNORE_PRINCIPAL);
+	} else {
+		spnego_out.negTokenInit.mechListMIC = data_blob_null;
+	}
 
-		/* set next state */
-		spnego_state->neg_oid = all_sec[i].oid;
+	spnego_out.negTokenInit.mechToken = unwrapped_out;
 
-		if (spnego_state->state_position == SPNEGO_SERVER_START) {
-			spnego_state->state_position = SPNEGO_SERVER_START;
-			spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
-		} else {
-			spnego_state->state_position = SPNEGO_CLIENT_TARG;
-			spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
-		}
+	if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
+		DEBUG(1, ("Failed to write NEG_TOKEN_INIT\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+	}
 
-		return NT_STATUS_MORE_PROCESSING_REQUIRED;
+	/* set next state */
+	spnego_state->neg_oid = all_sec[i].oid;
+
+	if (spnego_state->state_position == SPNEGO_SERVER_START) {
+		spnego_state->state_position = SPNEGO_SERVER_START;
+		spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
+	} else {
+		spnego_state->state_position = SPNEGO_CLIENT_TARG;
+		spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
 	}
-	gensec_spnego_update_sub_abort(spnego_state);
 
-	DEBUG(10, ("Failed to setup SPNEGO negTokenInit request: %s\n", nt_errstr(nt_status)));
-	return nt_status;
+	return NT_STATUS_MORE_PROCESSING_REQUIRED;
 }
 
 static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec_security,
author	Stefan Metzmacher <metze@samba.org>	2017-07-13 15:41:23 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2017-07-25 13:51:10 +0200
commit	248be3bfa63aa52a41993ee70dcf5380be394f20 (patch)
tree	408202405c2864fd3c632e6315f28f0227910e79 /auth
parent	81df16a54ab28b0e4925623aaec93ac6238eb4be (diff)
download	samba-248be3bfa63aa52a41993ee70dcf5380be394f20.tar.gz