svn commit: samba r21923 - in branches/SAMBA_3_0/source/libsmb: .

[jra]

Author: jra
Date: 2007-03-22 00:08:22 +0000 (Thu, 22 Mar 2007)
New Revision: 21923

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21923

Log:
Add in the gss decrypt.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libsmb/smb_seal.c


Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/smb_seal.c
===================================================================
--- branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-21 23:49:57 UTC (rev 
21922)
+++ branches/SAMBA_3_0/source/libsmb/smb_seal.c 2007-03-22 00:08:22 UTC (rev 
21923)
@@ -121,13 +121,54 @@
 
 /******************************************************************************
  Generic code for client and server.
- gss-api decrypt an incoming buffer.
+ gss-api decrypt an incoming buffer. We insist that the size of the
+ unwrapped buffer must be smaller or identical to the incoming buffer.
 ******************************************************************************/
 
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
  NTSTATUS common_gss_decrypt_buffer(gss_ctx_id_t context_handle, char *buf)
 {
-       return NT_STATUS_NOT_SUPPORTED;
+       OM_uint32 ret = 0;
+       OM_uint32 minor = 0;
+       int flags_got = 0;
+       gss_buffer_desc in_buf, out_buf;
+       size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. 
*/
+
+       if (buf_len < 8) {
+               return NT_STATUS_BUFFER_TOO_SMALL;
+       }
+
+       in_buf.value = buf + 8;
+       in_buf.length = buf_len - 8;
+
+       ret = gss_unwrap(&minor,
+                       context_handle,
+                       &in_buf,
+                       &out_buf,
+                       &flags_got,             /* did we get sign+seal ? */
+                       (gss_qop_t *) NULL);    
+
+       if (ret != GSS_S_COMPLETE) {
+               ADS_STATUS adss = ADS_ERROR_GSS(ret, minor);
+               DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap failed. Error 
%s\n",
+                       ads_errstr(adss) ));
+               /* Um - no mapping for gss-errs to NTSTATUS yet. */
+               return ads_ntstatus(adss);
+       }
+
+       if (out_buf.length > in_buf.length) {
+               DEBUG(0,("common_gss_encrypt_buffer: gss_unwrap size (%u) too 
large (%u) !\n",
+                       (unsigned int)out_buf.length,
+                       (unsigned int)in_buf.length ));
+               gss_release_buffer(&minor, &out_buf);
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       memcpy(buf + 8, out_buf.value, out_buf.length);
+       smb_setlen(buf, out_buf.length + 4);
+
+       gss_release_buffer(&minor, &out_buf);
+       return NT_STATUS_OK;
 }
 #endif
 
@@ -194,8 +235,9 @@
                return NT_STATUS_NO_MEMORY;
        }
 
-       smb_setlen(*ppbuf_out, out_buf.length + 8);
        memcpy(*ppbuf_out+8, out_buf.value, out_buf.length);
+       smb_setlen(*ppbuf_out, out_buf.length + 4);
+
        gss_release_buffer(&minor, &out_buf);
        return NT_STATUS_OK;
 }