Merge branch 'master' of ssh://git.samba.org/data/git/samba into regsrv

[ab/samba.git/.git] / source3 / smbd / seal.c

diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 21fca73feaede3c3e5fbe795264ad5dd17e791f5..3822ee191ea5582e586ad55766de316cb38cad79 100644 (file)
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -53,8 +53,8 @@ bool is_encrypted_packet(const uint8_t *inbuf)
        NTSTATUS status;
        uint16_t enc_num;
 
-       /* Ignore non-session messages. */
-       if(CVAL(inbuf,0)) {
+       /* Ignore non-session messages or non 0xFF'E' messages. */
+       if(CVAL(inbuf,0) || !(inbuf[4] == 0xFF && inbuf[5] == 'E')) {
                return false;
        }
 
@@ -63,6 +63,7 @@ bool is_encrypted_packet(const uint8_t *inbuf)
                return false;
        }
 
+       /* Encrypted messages are 0xFF'E'<ctx> */
        if (srv_trans_enc_ctx && enc_num == srv_enc_ctx()) {
                return true;
        }
@@ -425,9 +426,14 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d
        data_blob_free(&auth_reply);
 
        SAFE_FREE(*ppdata);
-       *ppdata = response.data;
+       *ppdata = (unsigned char *)memdup(response.data, response.length);
+       if ((*ppdata) == NULL && response.length > 0) {
+               status = NT_STATUS_NO_MEMORY;
+       }
        *p_data_size = response.length;
 
+       data_blob_free(&response);
+
        return status;
 }
 #endif
@@ -462,8 +468,13 @@ static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_si
        }
 
        SAFE_FREE(*ppdata);
-       *ppdata = response.data;
+       *ppdata = (unsigned char *)memdup(response.data, response.length);
+       if ((*ppdata) == NULL && response.length > 0) {
+               status = NT_STATUS_NO_MEMORY;
+       }
        *p_data_size = response.length;
+       data_blob_free(&response);
+
        return status;
 }
 
@@ -482,11 +493,11 @@ static NTSTATUS srv_enc_spnego_negotiate(connection_struct *conn,
        NTSTATUS status;
        DATA_BLOB blob = data_blob_null;
        DATA_BLOB secblob = data_blob_null;
-       bool got_kerberos_mechanism = false;
+       char *kerb_mech = NULL;
 
        blob = data_blob_const(*ppdata, *p_data_size);
 
-       status = parse_spnego_mechanisms(blob, &secblob, &got_kerberos_mechanism);
+       status = parse_spnego_mechanisms(blob, &secblob, &kerb_mech);
        if (!NT_STATUS_IS_OK(status)) {
                return nt_status_squash(status);
        }
@@ -495,12 +506,17 @@ static NTSTATUS srv_enc_spnego_negotiate(connection_struct *conn,
 
        srv_free_encryption_context(&partial_srv_trans_enc_ctx);
 
+       if (kerb_mech) {
+               SAFE_FREE(kerb_mech);
+
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-       if (got_kerberos_mechanism && lp_use_kerberos_keytab() ) {
                status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob);
-       } else 
+#else
+               /* Currently we don't SPNEGO negotiate
+                * back to NTLMSSP as we do in sessionsetupX. We should... */
+               return NT_STATUS_LOGON_FAILURE;
 #endif
-       {
+       } else {
                status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true);
        }
 
@@ -557,7 +573,16 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
        status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply);
        data_blob_free(&auth);
 
-       response = spnego_gen_auth_response(&auth_reply, status, OID_NTLMSSP);
+       /* From RFC4178.
+        *
+        *    supportedMech
+        *
+        *          This field SHALL only be present in the first reply from the
+        *                target.
+        * So set mechOID to NULL here.
+        */
+
+       response = spnego_gen_auth_response(&auth_reply, status, NULL);
        data_blob_free(&auth_reply);
 
        if (NT_STATUS_IS_OK(status)) {
@@ -570,8 +595,11 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
        }
 
        SAFE_FREE(*ppdata);
-       *ppdata = response.data;
+       *ppdata = (unsigned char *)memdup(response.data, response.length);
+       if ((*ppdata) == NULL && response.length > 0)
+               return NT_STATUS_NO_MEMORY;
        *p_data_size = response.length;
+       data_blob_free(&response);
        return status;
 }
 
@@ -621,8 +649,11 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn,
 
        /* Return the raw blob. */
        SAFE_FREE(*ppdata);
-       *ppdata = response.data;
+       *ppdata = (unsigned char *)memdup(response.data, response.length);
+       if ((*ppdata) == NULL && response.length > 0)
+               return NT_STATUS_NO_MEMORY;
        *p_data_size = response.length;
+       data_blob_free(&response);
        return status;
 }
 
@@ -712,6 +743,7 @@ NTSTATUS srv_encryption_start(connection_struct *conn)
 
        partial_srv_trans_enc_ctx = NULL;
 
+       DEBUG(1,("srv_encryption_start: context negotiated\n"));
        return NT_STATUS_OK;
 }