From e9797070e29898d1ceb8caa6d591d16558acf834 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 15 Oct 2009 16:01:36 +0200
Subject: [PATCH] s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg
 parsing failure.

When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.

Guenther
(cherry picked from commit 78ba2e1b9e5a63443f4cd51d34c16bc7cc9c6941)
---
 source3/Makefile.in        |  2 +-
 source3/libsmb/clispnego.c | 35 ++++++++++++++++-------------------
 2 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1484e111d94..fb45056a96a 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -465,7 +465,7 @@ LIBCLI_LDAP_NDR_OBJ = ../libcli/ldap/ldap_ndr.o
 CLDAP_OBJ = libads/cldap.o $(LIBCLI_LDAP_MESSAGE_OBJ) $(LIBCLI_LDAP_NDR_OBJ)
 
 LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
-	     libsmb/clikrb5.o libsmb/clispnego.o ../lib/util/asn1.o \
+	     libsmb/clikrb5.o libsmb/clispnego.o libsmb/spnego.o ../lib/util/asn1.o \
 	     libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
 	     libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
 	     libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index fb95d719259..b531c3976ef 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -494,31 +494,28 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
 */
 bool spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
 {
-	ASN1_DATA *data;
+	SPNEGO_DATA token;
+	ssize_t len;
 
-	data = asn1_init(talloc_tos());
-	if (data == NULL) {
+	len = read_spnego_data(talloc_tos(), blob, &token);
+	if (len == -1) {
+		DEBUG(3,("spnego_parse_auth: read_spnego_data failed\n"));
 		return false;
 	}
 
-	asn1_load(data, blob);
-	asn1_start_tag(data, ASN1_CONTEXT(1));
-	asn1_start_tag(data, ASN1_SEQUENCE(0));
-	asn1_start_tag(data, ASN1_CONTEXT(2));
-	asn1_read_OctetString(data, NULL, auth);
-	asn1_end_tag(data);
-	asn1_end_tag(data);
-	asn1_end_tag(data);
-
-	if (data->has_error) {
-		DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data->ofs));
-		data_blob_free(auth);
-		asn1_free(data);
-		return False;
+	if (token.type != SPNEGO_NEG_TOKEN_TARG) {
+		DEBUG(3,("spnego_parse_auth: wrong token type: %d\n",
+			token.type));
+		free_spnego_data(&token);
+		return false;
 	}
 
-	asn1_free(data);
-	return True;
+	*auth = data_blob_talloc(talloc_tos(),
+				 token.negTokenTarg.responseToken.data,
+				 token.negTokenTarg.responseToken.length);
+	free_spnego_data(&token);
+
+	return true;
 }
 
 /*
-- 
2.34.1