Changeset 587 for vendor/current/source3/libsmb
- Timestamp:
- Jun 29, 2011, 7:36:41 AM (14 years ago)
- Location:
- vendor/current/source3/libsmb
- Files:
-
- 5 edited
-
cliconnect.c (modified) (4 diffs)
-
clikrb5.c (modified) (9 diffs)
-
climessage.c (modified) (2 diffs)
-
clispnego.c (modified) (3 diffs)
-
nmblib.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/libsmb/cliconnect.c
r478 r587 1008 1008 * negprot reply, but right now we do it. If we don't receive one, 1009 1009 * we try to best guess, then fall back to NTLM. */ 1010 if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) { 1010 if (!spnego_parse_negTokenInit(blob, OIDs, &principal) || 1011 OIDs[0] == NULL) { 1011 1012 data_blob_free(&blob); 1012 1013 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); … … 1873 1874 char *p; 1874 1875 int len = 4; 1876 1875 1877 char *tmp; 1876 1878 … … 1891 1893 1892 1894 p = cli->outbuf+len; 1893 memcpy(p, tmp, name_len(tmp)); 1894 len += name_len(tmp); 1895 namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp)); 1896 if (namelen > 0) { 1897 memcpy(p, tmp, namelen); 1898 len += namelen; 1899 } 1895 1900 TALLOC_FREE(tmp); 1896 1901 … … 1904 1909 1905 1910 p = cli->outbuf+len; 1906 memcpy(p, tmp, name_len(tmp)); 1907 len += name_len(tmp); 1911 namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp)); 1912 if (namelen > 0) { 1913 memcpy(p, tmp, namelen); 1914 len += namelen; 1915 } 1908 1916 TALLOC_FREE(tmp); 1909 1917 -
vendor/current/source3/libsmb/clikrb5.c
r414 r587 29 29 #define GSSAPI_CHECKSUM 0x8003 /* Checksum type value for Kerberos */ 30 30 #define GSSAPI_BNDLENGTH 16 /* Bind Length (rfc-1964 pg.3) */ 31 #define GSSAPI_CHECKSUM_SIZE (12+GSSAPI_BNDLENGTH) 32 33 #if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY) 34 static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context, 35 krb5_auth_context *auth_context, 36 krb5_creds *credsp, 37 krb5_ccache ccache, 38 krb5_data *authenticator); 31 #define GSSAPI_CHECKSUM_SIZE (4+GSSAPI_BNDLENGTH+4) /* Length of bind length, 32 bind field, flags field. */ 33 34 /* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype, 35 but still has the symbol */ 36 #if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE 37 krb5_error_code krb5_auth_con_set_req_cksumtype( 38 krb5_context context, 39 krb5_auth_context auth_context, 40 krb5_cksumtype cksumtype); 39 41 #endif 40 42 … … 646 648 } 647 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 648 736 /* 649 737 we can't use krb5_mk_req because w2k wants the service to be in a particular format … … 666 754 bool creds_ready = False; 667 755 int i = 0, maxtries = 3; 668 756 uint32_t gss_flags = 0; 757 669 758 ZERO_STRUCT(in_data); 670 759 … … 736 825 } 737 826 738 #if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY) 827 /* Allocate the auth_context. */ 828 retval = setup_auth_context(context, auth_context); 829 if (retval) { 830 DEBUG(1,("setup_auth_context failed (%s)\n", 831 error_message(retval))); 832 goto cleanup_creds; 833 } 834 835 #if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY) 739 836 if( credsp->ticket_flags & TKT_FLG_OK_AS_DELEGATE ) { 740 837 /* Fetch a forwarded TGT from the KDC so that we can hand off a 2nd ticket … … 743 840 DEBUG( 3, ("ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT\n") ); 744 841 745 if( *auth_context == NULL ) { 746 /* Allocate if it has not yet been allocated. */ 747 retval = krb5_auth_con_init( context, auth_context ); 748 if (retval) { 749 DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_init failed (%s)\n", 750 error_message(retval))); 751 goto cleanup_creds; 752 } 753 } 754 755 retval = krb5_auth_con_setuseruserkey( context, *auth_context, &credsp->keyblock ); 842 retval = krb5_auth_con_setuseruserkey(context, 843 *auth_context, 844 &credsp->keyblock ); 756 845 if (retval) { 757 DEBUG(1,(" ads_krb5_mk_req:krb5_auth_con_setuseruserkey failed (%s)\n",846 DEBUG(1,("krb5_auth_con_setuseruserkey failed (%s)\n", 758 847 error_message(retval))); 759 848 goto cleanup_creds; … … 761 850 762 851 /* Must use a subkey for forwarded tickets. */ 763 retval = krb5_auth_con_setflags( context, *auth_context, KRB5_AUTH_CONTEXT_USE_SUBKEY); 852 retval = krb5_auth_con_setflags(context, 853 *auth_context, 854 KRB5_AUTH_CONTEXT_USE_SUBKEY); 764 855 if (retval) { 765 DEBUG(1,(" ads_krb5_mk_req:krb5_auth_con_setflags failed (%s)\n",856 DEBUG(1,("krb5_auth_con_setflags failed (%s)\n", 766 857 error_message(retval))); 767 858 goto cleanup_creds; 768 859 } 769 860 770 retval = ads_krb5_get_fwd_ticket( context, 771 auth_context, 772 credsp, 773 ccache, 774 &in_data ); 861 retval = krb5_fwd_tgt_creds(context,/* Krb5 context [in] */ 862 *auth_context, /* Authentication context [in] */ 863 CONST_DISCARD(char *, KRB5_TGS_NAME), /* Ticket service name ("krbtgt") [in] */ 864 credsp->client, /* Client principal for the tgt [in] */ 865 credsp->server, /* Server principal for the tgt [in] */ 866 ccache, /* Credential cache to use for storage [in] */ 867 1, /* Turn on for "Forwardable ticket" [in] */ 868 &in_data ); /* Resulting response [out] */ 869 775 870 if (retval) { 776 DEBUG( 3, (" ads_krb5_get_fwd_ticketfailed (%s)\n",871 DEBUG( 3, (" failed (%s)\n", 777 872 error_message( retval ) ) ); 778 873 … … 789 884 krb5_auth_con_free(context, *auth_context); 790 885 *auth_context = NULL; 791 } 886 retval = setup_auth_context(context, auth_context); 887 if (retval) { 888 DEBUG(1,("setup_auth_context failed (%s)\n", 889 error_message(retval))); 890 goto cleanup_creds; 891 } 892 } else { 893 /* We got a delegated ticket. */ 894 gss_flags |= GSS_C_DELEG_FLAG; 895 } 896 } 897 #endif 898 899 /* Frees and reallocates in_data into a GSS checksum blob. */ 900 retval = create_gss_checksum(&in_data, gss_flags); 901 if (retval) { 902 goto cleanup_data; 903 } 904 905 #if defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) 906 /* We always want GSS-checksum types. */ 907 retval = krb5_auth_con_set_req_cksumtype(context, *auth_context, GSSAPI_CHECKSUM ); 908 if (retval) { 909 DEBUG(1,("krb5_auth_con_set_req_cksumtype failed (%s)\n", 910 error_message(retval))); 911 goto cleanup_data; 792 912 } 793 913 #endif … … 800 920 } 801 921 922 802 923 if (in_data.data) { 803 924 free( in_data.data ); … … 1846 1967 return ret; 1847 1968 } 1848 1849 #if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)1850 /**************************************************************1851 Routine: ads_krb5_get_fwd_ticket1852 Description:1853 When a service ticket is flagged as trusted1854 for delegation we should provide a forwardable1855 ticket so that the remote host can act on our1856 behalf. This is done by taking the 2nd forwardable1857 TGT and storing it in the GSS-API authenticator1858 "checksum". This routine will populate1859 the krb5_data authenticator with this TGT.1860 Parameters:1861 krb5_context context: The kerberos context for this authentication.1862 krb5_auth_context: The authentication context.1863 krb5_creds *credsp: The ticket credentials (AS-REP).1864 krb5_ccache ccache: The credentials cache.1865 krb5_data &authenticator: The checksum field that will store the TGT, and1866 authenticator.data must be freed by the caller.1867 1868 Returns:1869 krb5_error_code: 0 if no errors, otherwise set.1870 **************************************************************/1871 1872 static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,1873 krb5_auth_context *auth_context,1874 krb5_creds *credsp,1875 krb5_ccache ccache,1876 krb5_data *authenticator)1877 {1878 krb5_data fwdData;1879 krb5_error_code retval = 0;1880 char *pChksum = NULL;1881 char *p = NULL;1882 1883 /* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype,1884 but still has the symbol */1885 #if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE1886 krb5_error_code krb5_auth_con_set_req_cksumtype(1887 krb5_context context,1888 krb5_auth_context auth_context,1889 krb5_cksumtype cksumtype);1890 #endif1891 1892 ZERO_STRUCT(fwdData);1893 ZERO_STRUCTP(authenticator);1894 1895 retval = krb5_fwd_tgt_creds(context,/* Krb5 context [in] */1896 *auth_context, /* Authentication context [in] */1897 CONST_DISCARD(char *, KRB5_TGS_NAME), /* Ticket service name ("krbtgt") [in] */1898 credsp->client, /* Client principal for the tgt [in] */1899 credsp->server, /* Server principal for the tgt [in] */1900 ccache, /* Credential cache to use for storage [in] */1901 1, /* Turn on for "Forwardable ticket" [in] */1902 &fwdData ); /* Resulting response [out] */1903 1904 1905 if (retval) {1906 DEBUG(1,("ads_krb5_get_fwd_ticket: krb5_fwd_tgt_creds failed (%s)\n",1907 error_message(retval)));1908 goto out;1909 }1910 1911 if ((unsigned int)GSSAPI_CHECKSUM_SIZE + (unsigned int)fwdData.length <1912 (unsigned int)GSSAPI_CHECKSUM_SIZE) {1913 retval = EINVAL;1914 goto out;1915 }1916 1917 /* We're going to allocate a gssChecksum structure with a little1918 extra data the length of the kerberos credentials length1919 (APPLICATION 22) so that we can pack it on the end of the structure.1920 */1921 1922 pChksum = (char *)SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length );1923 if (!pChksum) {1924 retval = ENOMEM;1925 goto out;1926 }1927 1928 p = pChksum;1929 1930 SIVAL(p, 0, GSSAPI_BNDLENGTH);1931 p += 4;1932 1933 /* Zero out the bindings fields */1934 memset(p, '\0', GSSAPI_BNDLENGTH );1935 p += GSSAPI_BNDLENGTH;1936 1937 SIVAL(p, 0, GSS_C_DELEG_FLAG );1938 p += 4;1939 SSVAL(p, 0, 1 );1940 p += 2;1941 SSVAL(p, 0, fwdData.length );1942 p += 2;1943 1944 /* Migrate the kerberos KRB_CRED data to the checksum delegation */1945 memcpy(p, fwdData.data, fwdData.length );1946 p += fwdData.length;1947 1948 /* We need to do this in order to allow our GSS-API */1949 retval = krb5_auth_con_set_req_cksumtype( context, *auth_context, GSSAPI_CHECKSUM );1950 if (retval) {1951 goto out;1952 }1953 1954 /* We now have a service ticket, now turn it into an AP-REQ. */1955 authenticator->length = fwdData.length + GSSAPI_CHECKSUM_SIZE;1956 1957 /* Caller should call free() when they're done with this. */1958 authenticator->data = (char *)pChksum;1959 1960 out:1961 1962 /* Remove that input data, we never needed it anyway. */1963 if (fwdData.length > 0) {1964 krb5_free_data_contents( context, &fwdData );1965 }1966 1967 return retval;1968 }1969 #endif1970 1969 1971 1970 #if defined(HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE) && \ -
vendor/current/source3/libsmb/climessage.c
r414 r587 64 64 *p++ = 4; 65 65 memcpy(p, utmp, ulen); 66 66 67 *p++ = 4; 67 68 memcpy(p, htmp, hlen); 69 68 70 TALLOC_FREE(htmp); 69 71 TALLOC_FREE(utmp); … … 164 166 return tevent_req_post(req, ev); 165 167 } 166 SCVAL(bytes, 0, 0); /* pad */167 SSVAL(bytes , 1, msglen);168 SCVAL(bytes, 0, ); /* pad */ 169 SSVAL(bytes, msglen); 168 170 memcpy(bytes+3, msg, msglen); 169 171 TALLOC_FREE(tmp); -
vendor/current/source3/libsmb/clispnego.c
r414 r587 5 5 Copyright (C) Jim McDonough <[email protected]> 2002 6 6 Copyright (C) Luke Howard 2003 7 7 8 8 This program is free software; you can redistribute it and/or modify 9 9 it under the terms of the GNU General Public License as published by … … 147 147 148 148 asn1_check_OID(data,OID_SPNEGO); 149 150 149 151 asn1_start_tag(data,ASN1_CONTEXT(0)); 150 152 asn1_start_tag(data,ASN1_SEQUENCE(0)); 153 154 155 156 157 151 158 152 159 asn1_start_tag(data,ASN1_CONTEXT(0)); … … 162 169 163 170 *principal = NULL; 164 if (asn1_tag_remaining(data) > 0) { 171 172 /* 173 Win7 + Live Sign-in Assistant attaches a mechToken 174 ASN1_CONTEXT(2) to the negTokenInit packet 175 which breaks our negotiation if we just assume 176 the next tag is ASN1_CONTEXT(3). 177 */ 178 179 if (asn1_peek_tag(data, ASN1_CONTEXT(1))) { 180 uint8 flags; 181 182 /* reqFlags [1] ContextFlags OPTIONAL */ 183 asn1_start_tag(data, ASN1_CONTEXT(1)); 184 asn1_start_tag(data, ASN1_BIT_STRING); 185 while (asn1_tag_remaining(data) > 0) { 186 asn1_read_uint8(data, &flags); 187 } 188 asn1_end_tag(data); 189 asn1_end_tag(data); 190 } 191 192 if (asn1_peek_tag(data, ASN1_CONTEXT(2))) { 193 /* mechToken [2] OCTET STRING OPTIONAL */ 194 DATA_BLOB token; 195 asn1_start_tag(data, ASN1_CONTEXT(2)); 196 asn1_read_OctetString(data, talloc_autofree_context(), 197 &token); 198 asn1_end_tag(data); 199 /* Throw away the token - not used. */ 200 data_blob_free(&token); 201 } 202 203 if (asn1_peek_tag(data, ASN1_CONTEXT(3))) { 204 /* mechListMIC [3] OCTET STRING OPTIONAL */ 165 205 asn1_start_tag(data, ASN1_CONTEXT(3)); 166 206 asn1_start_tag(data, ASN1_SEQUENCE(0)); 167 207 asn1_start_tag(data, ASN1_CONTEXT(0)); 168 asn1_read_GeneralString(data,talloc_autofree_context(),principal); 208 asn1_read_GeneralString(data,talloc_autofree_context(), 209 principal); 169 210 asn1_end_tag(data); 170 211 asn1_end_tag(data); -
vendor/current/source3/libsmb/nmblib.c
r414 r587 1238 1238 /**************************************************************************** 1239 1239 Interpret the weird netbios "name" into a unix fstring. Return the name type. 1240 1240 1241 ****************************************************************************/ 1241 1242 1242 static int name_interpret(char *in, fstring name) 1243 { 1243 static int name_interpret(unsigned char *buf, size_t buf_len, 1244 unsigned char *in, fstring name) 1245 { 1246 unsigned char *end_ptr = buf + buf_len; 1244 1247 int ret; 1245 int len = (*in++) / 2;1248 ; 1246 1249 fstring out_string; 1247 char *out =out_string;1250 out_string; 1248 1251 1249 1252 *out=0; 1250 1253 1251 if (len > 30 || len<1) 1252 return(0); 1254 if (in >= end_ptr) { 1255 return -1; 1256 } 1257 len = (*in++) / 2; 1258 1259 if (len<1) { 1260 return -1; 1261 } 1253 1262 1254 1263 while (len--) { 1264 1265 1266 1255 1267 if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') { 1256 1268 *out = 0; … … 1260 1272 in += 2; 1261 1273 out++; 1274 1275 1276 1262 1277 } 1263 1278 ret = out[-1]; 1264 1279 out[-1] = 0; 1265 1280 1266 #ifdef NETBIOS_SCOPE1267 /* Handle any scope names */1268 while(*in) {1269 *out++ = '.'; /* Scope names are separated by periods */1270 len = *(unsigned char *)in++;1271 StrnCpy(out, in, len);1272 out += len;1273 *out=0;1274 in += len;1275 }1276 #endif1277 1281 pull_ascii_fstring(name, out_string); 1278 1282 … … 1353 1357 ****************************************************************************/ 1354 1358 1355 static char *name_ptr(char *buf,int ofs) 1356 { 1357 unsigned char c = *(unsigned char *)(buf+ofs); 1358 1359 static unsigned char *name_ptr(unsigned char *buf, size_t buf_len, unsigned int ofs) 1360 { 1361 unsigned char c = 0; 1362 1363 if (ofs > buf_len || buf_len < 1) { 1364 return NULL; 1365 } 1366 1367 c = *(unsigned char *)(buf+ofs); 1359 1368 if ((c & 0xC0) == 0xC0) { 1360 uint16 l = RSVAL(buf, ofs) & 0x3FFF; 1369 uint16 l = 0; 1370 1371 if (ofs > buf_len - 1) { 1372 return NULL; 1373 } 1374 l = RSVAL(buf, ofs) & 0x3FFF; 1375 if (l > buf_len) { 1376 return NULL; 1377 } 1361 1378 DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l)); 1362 1379 return(buf + l); … … 1368 1385 /**************************************************************************** 1369 1386 Extract a netbios name from a buf (into a unix string) return name type. 1387 1370 1388 ****************************************************************************/ 1371 1389 1372 int name_extract(char *buf,int ofs, fstring name) 1373 { 1374 char *p = name_ptr(buf,ofs); 1375 int d = PTR_DIFF(p,buf+ofs); 1390 int name_extract(unsigned char *buf, size_t buf_len, unsigned int ofs, fstring name) 1391 { 1392 unsigned char *p = name_ptr(buf,buf_len,ofs); 1376 1393 1377 1394 name[0] = '\0'; 1378 if (d < -50 || d > 50) 1379 return(0); 1380 return(name_interpret(p,name)); 1395 if (p == NULL) { 1396 return -1; 1397 } 1398 return(name_interpret(buf,buf_len,p,name)); 1381 1399 } 1382 1400 1383 1401 /**************************************************************************** 1384 1402 Return the total storage length of a mangled name. 1403 1385 1404 ****************************************************************************/ 1386 1405 1387 int name_len( char *s1)1406 int name_len() 1388 1407 { 1389 1408 /* NOTE: this argument _must_ be unsigned */ 1390 1409 unsigned char *s = (unsigned char *)s1; 1391 int len; 1392 1410 int len = 0; 1411 1412 if (buf_len < 1) { 1413 return -1; 1414 } 1393 1415 /* If the two high bits of the byte are set, return 2. */ 1394 if (0xC0 == (*s & 0xC0)) 1416 if (0xC0 == (*s & 0xC0)) { 1417 if (buf_len < 2) { 1418 return -1; 1419 } 1395 1420 return(2); 1421 1396 1422 1397 1423 /* Add up the length bytes. */ 1398 1424 for (len = 1; (*s); s += (*s) + 1) { 1399 1425 len += *s + 1; 1400 SMB_ASSERT(len < 80); 1426 if (len > buf_len) { 1427 return -1; 1428 } 1401 1429 } 1402 1430
Note:
See TracChangeset
for help on using the changeset viewer.
