This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
*/
static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
{
- DATA_BLOB msg1 = data_blob(NULL, 0);
- DATA_BLOB blob = data_blob(NULL, 0);
- DATA_BLOB blob_in = data_blob(NULL, 0);
- DATA_BLOB blob_out = data_blob(NULL, 0);
+ DATA_BLOB msg1 = data_blob_null;
+ DATA_BLOB blob = data_blob_null;
+ DATA_BLOB blob_in = data_blob_null;
+ DATA_BLOB blob_out = data_blob_null;
struct berval cred, *scred = NULL;
int rc;
NTSTATUS nt_status;
return ADS_ERROR_NT(nt_status);
}
- blob_in = data_blob(NULL, 0);
+ blob_in = data_blob_null;
do {
nt_status = ntlmssp_update(ntlmssp_state,
blob = data_blob(scred->bv_val, scred->bv_len);
ber_bvfree(scred);
} else {
- blob = data_blob(NULL, 0);
+ blob = data_blob_null;
}
} else {
if ((turn == 1) &&
(rc == LDAP_SASL_BIND_IN_PROGRESS)) {
- DATA_BLOB tmp_blob = data_blob(NULL, 0);
+ DATA_BLOB tmp_blob = data_blob_null;
/* the server might give us back two challenges */
if (!spnego_parse_challenge(blob, &blob_in,
&tmp_blob)) {
}
data_blob_free(&tmp_blob);
} else if (rc == LDAP_SASL_BIND_IN_PROGRESS) {
- if (!spnego_parse_auth_response(blob, nt_status,
+ if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
&blob_in)) {
ntlmssp_end(&ntlmssp_state);
*/
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
{
- DATA_BLOB blob = data_blob(NULL, 0);
+ DATA_BLOB blob = data_blob_null;
struct berval cred, *scred = NULL;
- DATA_BLOB session_key = data_blob(NULL, 0);
+ DATA_BLOB session_key = data_blob_null;
int rc;
rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key, 0,
gss_release_buffer(&minor_status, &output_token);
- output_token.value = SMB_MALLOC(strlen(ads->config.bind_path) + 8);
+ output_token.length = 4;
+ output_token.value = SMB_MALLOC(output_token.length);
p = (uint8 *)output_token.value;
*p++ = 1; /* no sign & seal selection */
*p++ = max_msg_size>>16;
*p++ = max_msg_size>>8;
*p++ = max_msg_size;
- snprintf((char *)p, strlen(ads->config.bind_path)+4, "dn:%s", ads->config.bind_path);
- p += strlen((const char *)p);
-
- output_token.length = PTR_DIFF(p, output_token.value);
+ /*
+ * we used to add sprintf("dn:%s", ads->config.bind_path) here.
+ * but using ads->config.bind_path is the wrong! It should be
+ * the DN of the user object!
+ *
+ * w2k3 gives an error when we send an incorrect DN, but sending nothing
+ * is ok and matches the information flow used in GSS-SPNEGO.
+ */
gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
&output_token, (int *)&conf_state,
gss_release_name(&minor_status, &serv_name);
if (context_handle != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&min_status, &context_handle, GSS_C_NO_BUFFER);
+ gss_delete_sec_context(&minor_status, &context_handle, GSS_C_NO_BUFFER);
krb5_free_principal(ctx, principal);
krb5_free_context(ctx);