Jeremy.
/* The following definitions come from libsmb/clispnego.c */
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(TALLOC_CTX *ctx,
+ const char *OIDs[],
DATA_BLOB *psecblob,
const char *principal);
bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob);
DATA_BLOB spnego_gen_krb5_wrap(const DATA_BLOB ticket, const uint8 tok_id[2]);
bool spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]);
-int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset,
- DATA_BLOB *targ,
+int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
+ const char *principal, int time_offset,
+ DATA_BLOB *targ,
DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
time_t *expire_time);
bool spnego_parse_challenge(const DATA_BLOB blob,
if (turn == 1) {
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
/* and wrap it in a SPNEGO wrapper */
- msg1 = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
+ msg1 = spnego_gen_negTokenInit(talloc_tos(),
+ OIDs_ntlm, &blob_out, NULL);
} else {
/* wrap it in SPNEGO */
msg1 = spnego_gen_auth(blob_out);
/* and wrap that in a shiny SPNEGO wrapper */
unwrapped = data_blob_const(output_token.value, output_token.length);
- wrapped = spnego_gen_negTokenInit(spnego_mechs, &unwrapped, NULL);
+ wrapped = spnego_gen_negTokenInit(talloc_tos(),
+ spnego_mechs, &unwrapped, NULL);
gss_release_buffer(&minor_status, &output_token);
if (unwrapped.length > wrapped.length) {
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
- rc = spnego_gen_krb5_negTokenInit(principal, ads->auth.time_offset, &blob, &session_key, 0,
+ rc = spnego_gen_krb5_negTokenInit(talloc_tos(), principal,
+ ads->auth.time_offset, &blob, &session_key, 0,
&ads->auth.tgs_expire);
if (rc) {
* Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if
* we have to acquire a ticket. To be fixed later :-)
*/
- rc = spnego_gen_krb5_negTokenInit(principal, 0, &state->negTokenTarg,
+ rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg,
&state->session_key_krb5, 0, NULL);
if (rc) {
DEBUG(1, ("cli_session_setup_kerberos: "
goto fail;
}
- state->blob_out = spnego_gen_negTokenInit(OIDs_ntlm, &blob_out, NULL);
+ state->blob_out = spnego_gen_negTokenInit(state, OIDs_ntlm, &blob_out, NULL);
data_blob_free(&blob_out);
subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
Get client gss blob to send to a server.
******************************************************************************/
-static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es,
+static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
+ struct smb_trans_enc_state *es,
const char *service,
const char *host,
NTSTATUS status_in,
status = NT_STATUS_ACCESS_DENIED;
}
- blob_out = data_blob(tok_out.value, tok_out.length);
+ blob_out = data_blob_talloc(ctx, tok_out.value, tok_out.length);
/* Wrap in an SPNEGO wrapper */
- *p_blob_out = spnego_gen_negTokenInit(krb_mechs, &blob_out, NULL);
+ *p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL);
fail:
strlower_m(fqdn);
servicename = "cifs";
- status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
+ status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
servicename = "host";
- status = make_cli_gss_blob(es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
+ status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
goto fail;
}
es->enc_ctx_num = SVAL(param_out.data, 0);
}
data_blob_free(&blob_send);
- status = make_cli_gss_blob(es, servicename, fqdn, status, blob_recv, &blob_send);
+ status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, status, blob_recv, &blob_send);
} while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
data_blob_free(&blob_recv);
OIDs (the mechanisms) a blob, and a principal name string
*/
-DATA_BLOB spnego_gen_negTokenInit(const char *OIDs[],
+DATA_BLOB spnego_gen_negTokenInit(TALLOC_CTX *ctx,
+ const char *OIDs[],
DATA_BLOB *psecblob,
const char *principal)
{
DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data->ofs));
}
- ret = data_blob(data->data, data->length);
+ ret = data_blob_talloc(ctx, data->data, data->length);
asn1_free(data);
return ret;
generate a SPNEGO krb5 negTokenInit packet, ready for a EXTENDED_SECURITY
kerberos session setup
*/
-int spnego_gen_krb5_negTokenInit(const char *principal, int time_offset,
- DATA_BLOB *targ,
+int spnego_gen_krb5_negTokenInit(TALLOC_CTX *ctx,
+ const char *principal, int time_offset,
+ DATA_BLOB *targ,
DATA_BLOB *session_key_krb5, uint32 extra_ap_opts,
time_t *expire_time)
{
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
- *targ = spnego_gen_negTokenInit(krb_mechs, &tkt_wrapped, NULL);
+ *targ = spnego_gen_negTokenInit(ctx, krb_mechs, &tkt_wrapped, NULL);
data_blob_free(&tkt_wrapped);
data_blob_free(&tkt);
}
/* Wrap this in SPNEGO. */
- spnego_msg = spnego_gen_negTokenInit(OIDs_ntlm, &request, NULL);
+ spnego_msg = spnego_gen_negTokenInit(talloc_tos(), OIDs_ntlm, &request, NULL);
data_blob_free(&request);
1, /* auth_context_id */
&spnego_msg,
auth_info);
+
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&spnego_msg);
return status;
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
dump_data(5, spnego_msg.data, spnego_msg.length);
+ data_blob_free(&spnego_msg);
return NT_STATUS_OK;
}
blob = data_blob(guid, 16);
#else
/* Code for standalone WXP client */
- blob = spnego_gen_negTokenInit(OIDs_ntlm, NULL, "NONE");
+ blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
#endif
} else {
fstring myname;
== -1) {
return data_blob_null;
}
- blob = spnego_gen_negTokenInit(OIDs_krb5, NULL, host_princ_s);
+ blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
SAFE_FREE(host_princ_s);
}