This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
return map_nt_error_from_gss(ret, min);
}
+ /*
+ * We're accessing the krb5.keytab file here.
+ * ensure we have permissions to do so.
+ */
+ become_root();
+
ret = gss_acquire_cred(&min,
srv_name,
GSS_C_INDEFINITE,
p_srv_cred,
NULL,
NULL);
+ unbecome_root();
if (ret != GSS_S_COMPLETE) {
ADS_STATUS adss = ADS_ERROR_GSS(ret, min);
OM_uint32 flags = 0;
gss_buffer_desc in_buf, out_buf;
struct smb_tran_enc_state_gss *gss_state;
- DATA_BLOB auth_reply = data_blob(NULL,0);
- DATA_BLOB response = data_blob(NULL,0);
+ DATA_BLOB auth_reply = data_blob_null;
+ DATA_BLOB response = data_blob_null;
NTSTATUS status;
if (!partial_srv_trans_enc_ctx) {
out_buf.value = NULL;
out_buf.length = 0;
+ become_root();
+
ret = gss_accept_sec_context(&min,
&gss_state->gss_ctx,
gss_state->creds,
&flags,
NULL, /* Ingore time. */
NULL); /* Ignore delegated creds. */
+ unbecome_root();
status = gss_err_to_ntstatus(ret, min);
if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_size, DATA_BLOB secblob, BOOL spnego_wrap)
{
NTSTATUS status;
- DATA_BLOB chal = data_blob(NULL, 0);
- DATA_BLOB response = data_blob(NULL, 0);
+ DATA_BLOB chal = data_blob_null;
+ DATA_BLOB response = data_blob_null;
status = make_srv_encryption_context(SMB_TRANS_ENC_NTLM, &partial_srv_trans_enc_ctx);
if (!NT_STATUS_IS_OK(status)) {
size_t *p_param_size)
{
NTSTATUS status;
- DATA_BLOB blob = data_blob(NULL,0);
- DATA_BLOB secblob = data_blob(NULL, 0);
+ DATA_BLOB blob = data_blob_null;
+ DATA_BLOB secblob = data_blob_null;
BOOL got_kerberos_mechanism = False;
blob = data_blob_const(*ppdata, *p_data_size);
if (NT_STATUS_IS_OK(status)) {
/* Return the context we're using for this encryption state. */
- *pparam = SMB_MALLOC(2);
- if (!*pparam) {
+ if (!(*pparam = SMB_MALLOC_ARRAY(unsigned char, 2))) {
return NT_STATUS_NO_MEMORY;
}
SSVAL(*pparam,0,partial_srv_trans_enc_ctx->es->enc_ctx_num);
size_t *p_param_size)
{
NTSTATUS status;
- DATA_BLOB blob = data_blob(NULL,0);
- DATA_BLOB auth = data_blob(NULL,0);
- DATA_BLOB auth_reply = data_blob(NULL,0);
- DATA_BLOB response = data_blob(NULL,0);
+ DATA_BLOB blob = data_blob_null;
+ DATA_BLOB auth = data_blob_null;
+ DATA_BLOB auth_reply = data_blob_null;
+ DATA_BLOB response = data_blob_null;
struct smb_srv_trans_enc_ctx *ec = partial_srv_trans_enc_ctx;
/* We must have a partial context here. */
if (NT_STATUS_IS_OK(status)) {
/* Return the context we're using for this encryption state. */
- *pparam = SMB_MALLOC(2);
- if (!*pparam) {
+ if (!(*pparam = SMB_MALLOC_ARRAY(unsigned char, 2))) {
return NT_STATUS_NO_MEMORY;
}
SSVAL(*pparam,0,ec->es->enc_ctx_num);
{
NTSTATUS status;
DATA_BLOB blob = data_blob_const(*ppdata, *p_data_size);
- DATA_BLOB response = data_blob(NULL,0);
+ DATA_BLOB response = data_blob_null;
struct smb_srv_trans_enc_ctx *ec;
if (!partial_srv_trans_enc_ctx) {
if (NT_STATUS_IS_OK(status)) {
/* Return the context we're using for this encryption state. */
- *pparam = SMB_MALLOC(2);
- if (!*pparam) {
+ if (!(*pparam = SMB_MALLOC_ARRAY(unsigned char, 2))) {
return NT_STATUS_NO_MEMORY;
}
SSVAL(*pparam,0,ec->es->enc_ctx_num);