auth/spnego: move the output generation to the end of gensec_spnego_create_negTokenInit()
authorStefan Metzmacher <metze@samba.org>
Thu, 13 Jul 2017 13:41:23 +0000 (15:41 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Tue, 25 Jul 2017 11:51:10 +0000 (13:51 +0200)
This will simplify the diff of future patches.

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth/gensec/spnego.c

index 0e37c3faf21fc72cf237d45938c23c1338489a3f..bface1275456aeff2be21faefffffec5b9ff8563 100644 (file)
@@ -218,6 +218,9 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
        const char **mechTypes = NULL;
        DATA_BLOB unwrapped_out = data_blob_null;
        const struct gensec_security_ops_wrapper *all_sec;
+       const char **send_mech_types = NULL;
+       struct spnego_data spnego_out;
+       bool ok;
 
        mechTypes = gensec_security_oids(gensec_security, 
                                         out_mem_ctx, GENSEC_OID_SPNEGO);
@@ -227,10 +230,6 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
                                              mechTypes,
                                              GENSEC_OID_SPNEGO);
        for (i=0; all_sec && all_sec[i].op; i++) {
-               struct spnego_data spnego_out;
-               const char **send_mech_types;
-               bool ok;
-
                nt_status = gensec_subcontext_start(spnego_state,
                                                    gensec_security,
                                                    &spnego_state->sub_sec_security);
@@ -292,55 +291,58 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
                        }
                }
 
-               spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
+               goto reply;
+       }
+       gensec_spnego_update_sub_abort(spnego_state);
 
-               send_mech_types = gensec_security_oids_from_ops_wrapped(out_mem_ctx,
-                                                                       &all_sec[i]);
+       DEBUG(10, ("Failed to setup SPNEGO negTokenInit request: %s\n", nt_errstr(nt_status)));
+       return nt_status;
 
-               ok = spnego_write_mech_types(spnego_state,
-                                            send_mech_types,
-                                            &spnego_state->mech_types);
-               if (!ok) {
-                       DEBUG(1, ("SPNEGO: Failed to write mechTypes\n"));
-                       return NT_STATUS_NO_MEMORY;
-               }
+reply:
+       spnego_out.type = SPNEGO_NEG_TOKEN_INIT;
 
-               /* List the remaining mechs as options */
-               spnego_out.negTokenInit.mechTypes = send_mech_types;
-               spnego_out.negTokenInit.reqFlags = data_blob_null;
-               spnego_out.negTokenInit.reqFlagsPadding = 0;
+       send_mech_types = gensec_security_oids_from_ops_wrapped(out_mem_ctx,
+                                                               &all_sec[i]);
 
-               if (spnego_state->state_position == SPNEGO_SERVER_START) {
-                       spnego_out.negTokenInit.mechListMIC
-                               = data_blob_string_const(ADS_IGNORE_PRINCIPAL);
-               } else {
-                       spnego_out.negTokenInit.mechListMIC = data_blob_null;
-               }
+       ok = spnego_write_mech_types(spnego_state,
+                                    send_mech_types,
+                                    &spnego_state->mech_types);
+       if (!ok) {
+               DEBUG(1, ("SPNEGO: Failed to write mechTypes\n"));
+               return NT_STATUS_NO_MEMORY;
+       }
 
-               spnego_out.negTokenInit.mechToken = unwrapped_out;
+       /* List the remaining mechs as options */
+       spnego_out.negTokenInit.mechTypes = send_mech_types;
+       spnego_out.negTokenInit.reqFlags = data_blob_null;
+       spnego_out.negTokenInit.reqFlagsPadding = 0;
 
-               if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
-                       DEBUG(1, ("Failed to write NEG_TOKEN_INIT\n"));
-                               return NT_STATUS_INVALID_PARAMETER;
-               }
+       if (spnego_state->state_position == SPNEGO_SERVER_START) {
+               spnego_out.negTokenInit.mechListMIC
+                       = data_blob_string_const(ADS_IGNORE_PRINCIPAL);
+       } else {
+               spnego_out.negTokenInit.mechListMIC = data_blob_null;
+       }
 
-               /* set next state */
-               spnego_state->neg_oid = all_sec[i].oid;
+       spnego_out.negTokenInit.mechToken = unwrapped_out;
 
-               if (spnego_state->state_position == SPNEGO_SERVER_START) {
-                       spnego_state->state_position = SPNEGO_SERVER_START;
-                       spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
-               } else {
-                       spnego_state->state_position = SPNEGO_CLIENT_TARG;
-                       spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
-               }
+       if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
+               DEBUG(1, ("Failed to write NEG_TOKEN_INIT\n"));
+                       return NT_STATUS_INVALID_PARAMETER;
+       }
 
-               return NT_STATUS_MORE_PROCESSING_REQUIRED;
+       /* set next state */
+       spnego_state->neg_oid = all_sec[i].oid;
+
+       if (spnego_state->state_position == SPNEGO_SERVER_START) {
+               spnego_state->state_position = SPNEGO_SERVER_START;
+               spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
+       } else {
+               spnego_state->state_position = SPNEGO_CLIENT_TARG;
+               spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
        }
-       gensec_spnego_update_sub_abort(spnego_state);
 
-       DEBUG(10, ("Failed to setup SPNEGO negTokenInit request: %s\n", nt_errstr(nt_status)));
-       return nt_status;
+       return NT_STATUS_MORE_PROCESSING_REQUIRED;
 }
 
 static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec_security,