*/
#include "includes.h"
+#include "auth/auth.h"
+#include "asn_1.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
if (!all_ops[i]->oid) {
continue;
}
+ if (strcasecmp(OID_SPNEGO,all_ops[i]->oid) == 0) {
+ continue;
+ }
+
nt_status = gensec_subcontext_start(gensec_security,
&spnego_state->sub_sec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
spnego_out.type = SPNEGO_NEG_TOKEN_TARG;
spnego_out.negTokenTarg.responseToken = unwrapped_out;
spnego_out.negTokenTarg.mechListMIC = null_data_blob;
-
+ spnego_out.negTokenTarg.supportedMech = NULL;
+
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- spnego_out.negTokenTarg.supportedMech
+ spnego_out.negTokenTarg.supportedMech
= spnego_state->sub_sec_security->ops->oid;
spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE;
spnego_state->state_position = SPNEGO_SERVER_TARG;
} else if (NT_STATUS_IS_OK(nt_status)) {
- spnego_out.negTokenTarg.supportedMech
- = spnego_state->sub_sec_security->ops->oid;
+ if (unwrapped_out.data) {
+ spnego_out.negTokenTarg.supportedMech
+ = spnego_state->sub_sec_security->ops->oid;
+ }
spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED;
spnego_state->state_position = SPNEGO_DONE;
} else {
- spnego_out.negTokenTarg.supportedMech = NULL;
spnego_out.negTokenTarg.negResult = SPNEGO_REJECT;
DEBUG(1, ("SPNEGO login failed: %s\n", nt_errstr(nt_status)));
spnego_state->state_position = SPNEGO_DONE;
}
-
+
if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
DEBUG(1, ("Failed to write SPNEGO reply to NEG_TOKEN_TARG\n"));
return NT_STATUS_INVALID_PARAMETER;
if (spnego.type != spnego_state->expected_packet) {
DEBUG(1, ("Invalid SPNEGO request: %d, expected %d\n", spnego.type,
spnego_state->expected_packet));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
spnego_free_data(&spnego);
return NT_STATUS_INVALID_PARAMETER;
}
return nt_status;
} else {
const char **mechlist = gensec_security_oids(out_mem_ctx, OID_SPNEGO);
+ const char *mechListMIC;
+
+ mechListMIC = talloc_asprintf(out_mem_ctx,"%s$@%s",
+ lp_netbios_name(),
+ lp_realm());
+ if (!mechListMIC) {
+ return NT_STATUS_NO_MEMORY;
+ }
spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
spnego_out.negTokenInit.mechTypes = mechlist;
spnego_out.negTokenInit.reqFlags = 0;
- spnego_out.negTokenInit.mechListMIC = null_data_blob;
+ spnego_out.negTokenInit.mechListMIC = data_blob(mechListMIC, strlen(mechListMIC));
spnego_out.negTokenInit.mechToken = unwrapped_out;
if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
{
/* The server offers a list of mechanisms */
- char *my_mechs[] = {NULL, NULL};
+ const char *my_mechs[] = {NULL, NULL};
NTSTATUS nt_status = NT_STATUS_INVALID_PARAMETER;
if (!in.length) {
if (len == -1) {
DEBUG(1, ("Invalid SPNEGO request:\n"));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
return NT_STATUS_INVALID_PARAMETER;
}
if (spnego.type != spnego_state->expected_packet) {
DEBUG(1, ("Invalid SPNEGO request: %d, expected %d\n", spnego.type,
spnego_state->expected_packet));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
spnego_free_data(&spnego);
return NT_STATUS_INVALID_PARAMETER;
}
if (len == -1) {
DEBUG(1, ("Invalid SPNEGO request:\n"));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
return NT_STATUS_INVALID_PARAMETER;
}
if (spnego.type != spnego_state->expected_packet) {
DEBUG(1, ("Invalid SPNEGO request: %d, expected %d\n", spnego.type,
spnego_state->expected_packet));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
spnego_free_data(&spnego);
return NT_STATUS_INVALID_PARAMETER;
}
if (len == -1) {
DEBUG(1, ("Invalid SPNEGO request:\n"));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
return NT_STATUS_INVALID_PARAMETER;
}
if (spnego.type != spnego_state->expected_packet) {
DEBUG(1, ("Invalid SPNEGO request: %d, expected %d\n", spnego.type,
spnego_state->expected_packet));
- dump_data(1, (const char *)in.data, in.length);
+ dump_data(1, in.data, in.length);
spnego_free_data(&spnego);
return NT_STATUS_INVALID_PARAMETER;
}
NTSTATUS gensec_spnego_init(void)
{
NTSTATUS ret;
- ret = register_backend("gensec", &gensec_spnego_security_ops);
+ ret = gensec_register(&gensec_spnego_security_ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register '%s' gensec backend!\n",
gensec_spnego_security_ops.name));