svn commit: samba r19045 - in branches/tmp/vl-messaging/source/libsmb: .

Mon, 02 Oct 2006 06:35:28 -0700 

Author: ab
Date: 2006-10-02 13:35:07 +0000 (Mon, 02 Oct 2006)
New Revision: 19045

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19045

Log:
Merge segfault fixes from Volker. -r 19040:19044
Modified:
   branches/tmp/vl-messaging/source/libsmb/cliconnect.c
   branches/tmp/vl-messaging/source/libsmb/clispnego.c


Changeset:
Modified: branches/tmp/vl-messaging/source/libsmb/cliconnect.c
===================================================================
--- branches/tmp/vl-messaging/source/libsmb/cliconnect.c        2006-10-02 
13:30:37 UTC (rev 19044)
+++ branches/tmp/vl-messaging/source/libsmb/cliconnect.c        2006-10-02 
13:35:07 UTC (rev 19045)
@@ -723,9 +723,7 @@
        char *principal;
        char *OIDs[ASN1_MAX_OIDS];
        int i;
-#ifdef HAVE_KRB5
        BOOL got_kerberos_mechanism = False;
-#endif
        DATA_BLOB blob;
 
        DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned 
long)cli->secblob.length));
@@ -754,16 +752,27 @@
        /* make sure the server understands kerberos */
        for (i=0;OIDs[i];i++) {
                DEBUG(3,("got OID=%s\n", OIDs[i]));
-#ifdef HAVE_KRB5
                if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
                    strcmp(OIDs[i], OID_KERBEROS5) == 0) {
                        got_kerberos_mechanism = True;
                }
-#endif
                free(OIDs[i]);
        }
-       DEBUG(3,("got principal=%s\n", principal));
 
+       DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
+
+       if (got_kerberos_mechanism && (principal == NULL)) {
+               /*
+                * It is WRONG to depend on the principal sent in the negprot
+                * reply, but right now we do it. So for safety (don't
+                * segfault later) disable Kerberos when no principal was
+                * sent. -- VL
+                */
+               DEBUG(1, ("Kerberos mech was offered, but no principal was "
+                         "sent, disabling Kerberos\n"));
+               cli->use_kerberos = False;
+       }
+
        fstrcpy(cli->user_name, user);
 
 #ifdef HAVE_KRB5

Modified: branches/tmp/vl-messaging/source/libsmb/clispnego.c
===================================================================
--- branches/tmp/vl-messaging/source/libsmb/clispnego.c 2006-10-02 13:30:37 UTC 
(rev 19044)
+++ branches/tmp/vl-messaging/source/libsmb/clispnego.c 2006-10-02 13:35:07 UTC 
(rev 19045)
@@ -149,13 +149,16 @@
        asn1_end_tag(&data);
        asn1_end_tag(&data);
 
-       asn1_start_tag(&data, ASN1_CONTEXT(3));
-       asn1_start_tag(&data, ASN1_SEQUENCE(0));
-       asn1_start_tag(&data, ASN1_CONTEXT(0));
-       asn1_read_GeneralString(&data,principal);
-       asn1_end_tag(&data);
-       asn1_end_tag(&data);
-       asn1_end_tag(&data);
+       *principal = NULL;
+       if (asn1_tag_remaining(&data) > 0) {
+               asn1_start_tag(&data, ASN1_CONTEXT(3));
+               asn1_start_tag(&data, ASN1_SEQUENCE(0));
+               asn1_start_tag(&data, ASN1_CONTEXT(0));
+               asn1_read_GeneralString(&data,principal);
+               asn1_end_tag(&data);
+               asn1_end_tag(&data);
+               asn1_end_tag(&data);
+       }
 
        asn1_end_tag(&data);
        asn1_end_tag(&data);

Reply via email to