[SCM] Samba Shared Repository - branch master updated

Andreas Schneider Thu, 11 Sep 2025 10:05:18 -0700

The branch, master has been updated
       via  f4af0960a6e third_party: Bump version for socket_wrapper
       via  66d3e5e49d3 s4:auth: Fix 'no delegation' logic in 
gensec_gssapi_start()
       via  f3bbed9c222 s4:auth: Fix trailing white spaces in gensec_gssapi.c
       via  2b98d2dd3e5 s4:tests: Use the command line option '--use-kerberos'
      from  31203ee2075 rpc_server: Remove the source4 implementation of wkssvc


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f4af0960a6e67319dba00da5e21c7ae95d719d64
Author: Andreas Schneider <[email protected]>
Date:   Thu Sep 11 12:39:49 2025 +0200

    third_party: Bump version for socket_wrapper
    
    Commit be007c2cf41085a8648965fc904f37d25d35a453 forgot to do that.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15913
    
    Signed-off-by: Andreas Schneider <[email protected]>
    Reviewed-by: Stefan Metzmacher <[email protected]>
    
    Autobuild-User(master): Andreas Schneider <[email protected]>
    Autobuild-Date(master): Thu Sep 11 17:05:00 UTC 2025 on atb-devel-224

commit 66d3e5e49d34b0a4bfb8f2c862d48d11e27b2ea2
Author: Andreas Schneider <[email protected]>
Date:   Wed Sep 10 15:13:37 2025 +0200

    s4:auth: Fix 'no delegation' logic in gensec_gssapi_start()
    
    This fixes samba4.ntvfs.cifs.krb5.base.lock test with MIT Kerberos.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15912
    
    Signed-off-by: Andreas Schneider <[email protected]>
    Signed-off-by: Stefan Metzmacher <[email protected]>
    Pair-Programmed-With: Stefan Metzmacher <[email protected]>
    
    Reviewed-by: Alexander Bokovoy <[email protected]>

commit f3bbed9c222fb96a1cf8805f7dfba92fa44aad1a
Author: Andreas Schneider <[email protected]>
Date:   Wed Sep 10 15:13:13 2025 +0200

    s4:auth: Fix trailing white spaces in gensec_gssapi.c
    
    Signed-off-by: Andreas Schneider <[email protected]>
    Reviewed-by: Alexander Bokovoy <[email protected]>

commit 2b98d2dd3e55e096704bcdd5f7dca0e5d927e342
Author: Andreas Schneider <[email protected]>
Date:   Tue Sep 9 10:12:42 2025 +0200

    s4:tests: Use the command line option '--use-kerberos'
    
    '--kerberos' is deprecated
    
    Signed-off-by: Andreas Schneider <[email protected]>
    Reviewed-by: Alexander Bokovoy <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 buildtools/wafsamba/samba_third_party.py |   2 +-
 source4/auth/gensec/gensec_gssapi.c      | 244 +++++++++++++++----------------
 source4/selftest/tests.py                |  44 +++++-
 third_party/socket_wrapper/wscript       |   2 +-
 4 files changed, 164 insertions(+), 128 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_third_party.py 
b/buildtools/wafsamba/samba_third_party.py
index b6c5ad60964..8f0c56dec79 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -24,7 +24,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA
 
 @conf
 def CHECK_SOCKET_WRAPPER(conf):
-    return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.5.0')
+    return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.5.1')
 Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
 
 @conf
diff --git a/source4/auth/gensec/gensec_gssapi.c 
b/source4/auth/gensec/gensec_gssapi.c
index c43dc66ab4a..02cf7961ee4 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1,8 +1,8 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
 
    Kerberos backend for GENSEC
-   
+
    Copyright (C) Andrew Bartlett <[email protected]> 2004-2005
    Copyright (C) Stefan Metzmacher <[email protected]> 2004-2005
 
@@ -10,13 +10,13 @@
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -181,7 +181,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security 
*gensec_security)
 
        gensec_gssapi_state->server_name = GSS_C_NO_NAME;
        gensec_gssapi_state->client_name = GSS_C_NO_NAME;
-       
+
        gensec_gssapi_state->gss_want_flags = 0;
        gensec_gssapi_state->expire_time = GENSEC_EXPIRE_TIME_INFINITY;
 
@@ -200,7 +200,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security 
*gensec_security)
        if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", 
"sequence", true)) {
                gensec_gssapi_state->gss_want_flags |= GSS_C_SEQUENCE_FLAG;
        }
-       if (!(gensec_security->want_features & GENSEC_FEATURE_NO_DELEGATION)) {
+       if (gensec_security->want_features & GENSEC_FEATURE_NO_DELEGATION) {
                gensec_gssapi_state->gss_want_flags &= ~GSS_C_DELEG_FLAG;
                gensec_gssapi_state->gss_want_flags &= ~GSS_C_DELEG_POLICY_FLAG;
        }
@@ -296,12 +296,12 @@ static NTSTATUS gensec_gssapi_server_start(struct 
gensec_security *gensec_securi
        gensec_gssapi_state = talloc_get_type(gensec_security->private_data, 
struct gensec_gssapi_state);
 
        machine_account = gensec_get_credentials(gensec_security);
-       
+
        if (!machine_account) {
                DEBUG(3, ("No machine account credentials specified\n"));
                return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
        } else {
-               ret = cli_credentials_get_server_gss_creds(machine_account, 
+               ret = cli_credentials_get_server_gss_creds(machine_account,
                                                           
gensec_security->settings->lp_ctx, &gcc);
                if (ret) {
                        DEBUG(1, ("Acquiring acceptor credentials failed: %s\n",
@@ -630,17 +630,17 @@ static NTSTATUS gensec_gssapi_update_internal(struct 
gensec_security *gensec_sec
                                }
                        }
 
-                       maj_stat = gss_init_sec_context(&min_stat, 
+                       maj_stat = gss_init_sec_context(&min_stat,
                                                        
gensec_gssapi_state->client_cred->creds,
-                                                       
&gensec_gssapi_state->gssapi_context, 
-                                                       
gensec_gssapi_state->server_name, 
+                                                       
&gensec_gssapi_state->gssapi_context,
+                                                       
gensec_gssapi_state->server_name,
                                                        
gensec_gssapi_state->gss_oid,
-                                                       
gensec_gssapi_state->gss_want_flags, 
+                                                       
gensec_gssapi_state->gss_want_flags,
                                                        time_req,
                                                        
gensec_gssapi_state->input_chan_bindings,
-                                                       &input_token, 
+                                                       &input_token,
                                                        &gss_oid_p,
-                                                       &output_token, 
+                                                       &output_token,
                                                        
&gensec_gssapi_state->gss_got_flags, /* ret flags */
                                                        &time_rec);
                        goto init_sec_context_done;
@@ -664,15 +664,15 @@ init_sec_context_done:
                }
                case GENSEC_SERVER:
                {
-                       maj_stat = gss_accept_sec_context(&min_stat, 
-                                                         
&gensec_gssapi_state->gssapi_context, 
+                       maj_stat = gss_accept_sec_context(&min_stat,
+                                                         
&gensec_gssapi_state->gssapi_context,
                                                          
gensec_gssapi_state->server_cred->creds,
-                                                         &input_token, 
+                                                         &input_token,
                                                          
gensec_gssapi_state->input_chan_bindings,
-                                                         
&gensec_gssapi_state->client_name, 
+                                                         
&gensec_gssapi_state->client_name,
                                                          &gss_oid_p,
-                                                         &output_token, 
-                                                         
&gensec_gssapi_state->gss_got_flags, 
+                                                         &output_token,
+                                                         
&gensec_gssapi_state->gss_got_flags,
                                                          &time_rec,
                                                          
&gensec_gssapi_state->delegated_cred_handle);
                        if (gss_oid_p) {
@@ -715,7 +715,7 @@ init_sec_context_done:
                }
                default:
                        return NT_STATUS_INVALID_PARAMETER;
-                       
+
                }
 
                gensec_gssapi_state->gss_exchange_count++;
@@ -723,7 +723,7 @@ init_sec_context_done:
                if (maj_stat == GSS_S_COMPLETE) {
                        *out = data_blob_talloc(out_mem_ctx, 
output_token.value, output_token.length);
                        gss_release_buffer(&min_stat2, &output_token);
-                       
+
                        if (gensec_gssapi_state->gss_got_flags & 
GSS_C_DELEG_FLAG &&
                            gensec_gssapi_state->delegated_cred_handle != 
GSS_C_NO_CREDENTIAL) {
                                DEBUG(5, ("gensec_gssapi: credentials were 
delegated\n"));
@@ -755,7 +755,7 @@ init_sec_context_done:
                } else if (maj_stat == GSS_S_CONTINUE_NEEDED) {
                        *out = data_blob_talloc(out_mem_ctx, 
output_token.value, output_token.length);
                        gss_release_buffer(&min_stat2, &output_token);
-                       
+
                        return NT_STATUS_MORE_PROCESSING_REQUIRED;
                } else if (maj_stat == GSS_S_BAD_BINDINGS) {
                        DBG_WARNING("Got GSS_S_BAD_BINDINGS\n");
@@ -784,7 +784,7 @@ init_sec_context_done:
                                role,
                                gensec_gssapi_state->gss_exchange_count);
 
-                       maj_stat = gss_inquire_cred(&min_stat, 
+                       maj_stat = gss_inquire_cred(&min_stat,
                                                    creds,
                                                    &name, &lifetime, &usage, 
NULL);
 
@@ -807,12 +807,12 @@ init_sec_context_done:
                                        buffer.length = 0;
                                }
                                if (lifetime > 0) {
-                                       DEBUG(0, ("GSSAPI gss_inquire_cred 
indicates expiry of %*.*s in %u sec for %s\n", 
-                                                 (int)buffer.length, 
(int)buffer.length, (char *)buffer.value, 
+                                       DEBUG(0, ("GSSAPI gss_inquire_cred 
indicates expiry of %*.*s in %u sec for %s\n",
+                                                 (int)buffer.length, 
(int)buffer.length, (char *)buffer.value,
                                                  lifetime, usage_string));
                                } else {
-                                       DEBUG(0, ("GSSAPI gss_inquire_cred 
indicates %*.*s has already expired for %s\n", 
-                                                 (int)buffer.length, 
(int)buffer.length, (char *)buffer.value, 
+                                       DEBUG(0, ("GSSAPI gss_inquire_cred 
indicates %*.*s has already expired for %s\n",
+                                                 (int)buffer.length, 
(int)buffer.length, (char *)buffer.value,
                                                  usage_string));
                                }
                                gss_release_buffer(&min_stat, &buffer);
@@ -871,8 +871,8 @@ init_sec_context_done:
                switch (gensec_security->gensec_role) {
                case GENSEC_CLIENT:
                {
-                       uint8_t maxlength_proposed[4]; 
-                       uint8_t maxlength_accepted[4]; 
+                       uint8_t maxlength_proposed[4];
+                       uint8_t maxlength_accepted[4];
                        uint8_t security_supported;
                        int conf_state;
                        gss_qop_t qop_state;
@@ -883,19 +883,19 @@ init_sec_context_done:
                         * zero-length blob to the server (after the
                         * normal GSSAPI exchange), and it has replied
                         * with it's SASL negotiation */
-                       
-                       maj_stat = gss_unwrap(&min_stat, 
-                                             
gensec_gssapi_state->gssapi_context, 
+
+                       maj_stat = gss_unwrap(&min_stat,
+                                             
gensec_gssapi_state->gssapi_context,
                                              &input_token,
-                                             &output_token, 
+                                             &output_token,
                                              &conf_state,
                                              &qop_state);
                        if (GSS_ERROR(maj_stat)) {
-                               DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of 
SASL protection negotiation failed: %s\n", 
+                               DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of 
SASL protection negotiation failed: %s\n",
                                          gssapi_error_string(out_mem_ctx, 
maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
                                return NT_STATUS_ACCESS_DENIED;
                        }
-                       
+
                        if (output_token.length < 4) {
                                gss_release_buffer(&min_stat, &output_token);
                                return NT_STATUS_INVALID_PARAMETER;
@@ -907,9 +907,9 @@ init_sec_context_done:
                        /* first byte is the proposed security */
                        security_supported = maxlength_proposed[0];
                        maxlength_proposed[0] = '\0';
-                       
+
                        /* Rest is the proposed max wrap length */
-                       gensec_gssapi_state->max_wrap_buf_size = 
MIN(RIVAL(maxlength_proposed, 0), 
+                       gensec_gssapi_state->max_wrap_buf_size = 
MIN(RIVAL(maxlength_proposed, 0),
                                                                     
gensec_gssapi_state->max_wrap_buf_size);
                        gensec_gssapi_state->sasl_protection = 0;
                        if (security_supported & NEG_SEAL) {
@@ -935,23 +935,23 @@ init_sec_context_done:
                        RSIVAL(maxlength_accepted, 0, 
gensec_gssapi_state->max_wrap_buf_size);
 
                        maxlength_accepted[0] = 
gensec_gssapi_state->sasl_protection;
-                       
+
                        input_token.value = maxlength_accepted;
                        input_token.length = sizeof(maxlength_accepted);
 
-                       maj_stat = gss_wrap(&min_stat, 
-                                           
gensec_gssapi_state->gssapi_context, 
+                       maj_stat = gss_wrap(&min_stat,
+                                           gensec_gssapi_state->gssapi_context,
                                            false,
                                            GSS_C_QOP_DEFAULT,
                                            &input_token,
                                            &conf_state,
                                            &output_token);
                        if (GSS_ERROR(maj_stat)) {
-                               DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap 
failed: %s\n", 
+                               DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap 
failed: %s\n",
                                          gssapi_error_string(out_mem_ctx, 
maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
                                return NT_STATUS_ACCESS_DENIED;
                        }
-                       
+
                        *out = data_blob_talloc(out_mem_ctx, 
output_token.value, output_token.length);
                        gss_release_buffer(&min_stat, &output_token);
 
@@ -970,7 +970,7 @@ init_sec_context_done:
                }
                case GENSEC_SERVER:
                {
-                       uint8_t maxlength_proposed[4]; 
+                       uint8_t maxlength_proposed[4];
                        uint8_t security_supported = 0x0;
                        int conf_state;
 
@@ -978,17 +978,17 @@ init_sec_context_done:
                        if (in.length != 0) {
                                DEBUG(1, ("SASL/GSSAPI: client sent non-zero 
length starting SASL negotiation!\n"));
                        }
-                       
+
                        /* Give the client some idea what we will support */
-                         
+
                        RSIVAL(maxlength_proposed, 0, 
gensec_gssapi_state->max_wrap_buf_size);
                        /* first byte is the proposed security */
                        maxlength_proposed[0] = '\0';
-                       
+
                        gensec_gssapi_state->sasl_protection = 0;
                        if (gensec_have_feature(gensec_security, 
GENSEC_FEATURE_SEAL)) {
                                security_supported |= NEG_SEAL;
-                       } 
+                       }
                        if (gensec_have_feature(gensec_security, 
GENSEC_FEATURE_SIGN)) {
                                security_supported |= NEG_SIGN;
                        }
@@ -1000,23 +1000,23 @@ init_sec_context_done:
                        /* TODO:  We may not wish to support this */
                        security_supported |= NEG_NONE;
                        maxlength_proposed[0] = security_supported;
-                       
+
                        input_token.value = maxlength_proposed;
                        input_token.length = sizeof(maxlength_proposed);
 
-                       maj_stat = gss_wrap(&min_stat, 
-                                           
gensec_gssapi_state->gssapi_context, 
+                       maj_stat = gss_wrap(&min_stat,
+                                           gensec_gssapi_state->gssapi_context,
                                            false,
                                            GSS_C_QOP_DEFAULT,
                                            &input_token,
                                            &conf_state,
                                            &output_token);
                        if (GSS_ERROR(maj_stat)) {
-                               DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap 
failed: %s\n", 
+                               DEBUG(1, ("GSS Update(SSF_NEG): GSS Wrap 
failed: %s\n",
                                          gssapi_error_string(out_mem_ctx, 
maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
                                return NT_STATUS_ACCESS_DENIED;
                        }
-                       
+
                        *out = data_blob_talloc(out_mem_ctx, 
output_token.value, output_token.length);
                        gss_release_buffer(&min_stat, &output_token);
 
@@ -1025,31 +1025,31 @@ init_sec_context_done:
                }
                default:
                        return NT_STATUS_INVALID_PARAMETER;
-                       
+
                }
        }
        /* This is s server-only stage */
        case STAGE_SASL_SSF_ACCEPT:
        {
-               uint8_t maxlength_accepted[4]; 
+               uint8_t maxlength_accepted[4];
                uint8_t security_accepted;
                int conf_state;
                gss_qop_t qop_state;
                input_token.length = in.length;
                input_token.value = in.data;
-                       
-               maj_stat = gss_unwrap(&min_stat, 
-                                     gensec_gssapi_state->gssapi_context, 
+
+               maj_stat = gss_unwrap(&min_stat,
+                                     gensec_gssapi_state->gssapi_context,
                                      &input_token,
-                                     &output_token, 
+                                     &output_token,
                                      &conf_state,
                                      &qop_state);
                if (GSS_ERROR(maj_stat)) {
-                       DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of SASL 
protection negotiation failed: %s\n", 
+                       DEBUG(1, ("gensec_gssapi_update: GSS UnWrap of SASL 
protection negotiation failed: %s\n",
                                  gssapi_error_string(out_mem_ctx, maj_stat, 
min_stat, gensec_gssapi_state->gss_oid)));
                        return NT_STATUS_ACCESS_DENIED;
                }
-                       
+
                if (output_token.length < 4) {
                        gss_release_buffer(&min_stat, &output_token);
                        return NT_STATUS_INVALID_PARAMETER;
@@ -1057,13 +1057,13 @@ init_sec_context_done:
 
                memcpy(maxlength_accepted, output_token.value, 4);
                gss_release_buffer(&min_stat, &output_token);
-               
+
                /* first byte is the proposed security */
                security_accepted = maxlength_accepted[0];
                maxlength_accepted[0] = '\0';
 
                /* Rest is the proposed max wrap length */
-               gensec_gssapi_state->max_wrap_buf_size = 
MIN(RIVAL(maxlength_accepted, 0), 
+               gensec_gssapi_state->max_wrap_buf_size = 
MIN(RIVAL(maxlength_accepted, 0),
                                                             
gensec_gssapi_state->max_wrap_buf_size);
 
                gensec_gssapi_state->sasl_protection = 0;
@@ -1096,7 +1096,7 @@ init_sec_context_done:
                }
 
                *out = data_blob(NULL, 0);
-               return NT_STATUS_OK;    
+               return NT_STATUS_OK;
        }
        default:
                return NT_STATUS_INVALID_PARAMETER;
@@ -1162,9 +1162,9 @@ static NTSTATUS gensec_gssapi_update_recv(struct 
tevent_req *req,
        return status;
 }
 
-static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security, 
-                                  TALLOC_CTX *mem_ctx, 
-                                  const DATA_BLOB *in, 
+static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security,
+                                  TALLOC_CTX *mem_ctx,
+                                  const DATA_BLOB *in,
                                   DATA_BLOB *out)
 {
        struct gensec_gssapi_state *gensec_gssapi_state
@@ -1175,15 +1175,15 @@ static NTSTATUS gensec_gssapi_wrap(struct 
gensec_security *gensec_security,
        input_token.length = in->length;
        input_token.value = in->data;
 
-       maj_stat = gss_wrap(&min_stat, 
-                           gensec_gssapi_state->gssapi_context, 
+       maj_stat = gss_wrap(&min_stat,
+                           gensec_gssapi_state->gssapi_context,
                            gensec_have_feature(gensec_security, 
GENSEC_FEATURE_SEAL),
                            GSS_C_QOP_DEFAULT,
                            &input_token,
                            &conf_state,
                            &output_token);
        if (GSS_ERROR(maj_stat)) {
-               DEBUG(1, ("gensec_gssapi_wrap: GSS Wrap failed: %s\n", 
+               DEBUG(1, ("gensec_gssapi_wrap: GSS Wrap failed: %s\n",
                          gssapi_error_string(mem_ctx, maj_stat, min_stat, 
gensec_gssapi_state->gss_oid)));
                return NT_STATUS_ACCESS_DENIED;
        }
@@ -1195,13 +1195,13 @@ static NTSTATUS gensec_gssapi_wrap(struct 
gensec_security *gensec_security,
                size_t max_wrapped_size = 
gensec_gssapi_max_wrapped_size(gensec_security);
                if (max_wrapped_size < out->length) {
                        DEBUG(1, ("gensec_gssapi_wrap: when wrapped, INPUT data 
(%u) is grew to be larger than SASL negotiated maximum output size (%u > %u)\n",
-                                 (unsigned)in->length, 
-                                 (unsigned)out->length, 
+                                 (unsigned)in->length,
+                                 (unsigned)out->length,
                                  (unsigned int)max_wrapped_size));
                        return NT_STATUS_INVALID_PARAMETER;
                }
        }
-       
+
        if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
            && !conf_state) {
                return NT_STATUS_ACCESS_DENIED;
@@ -1209,9 +1209,9 @@ static NTSTATUS gensec_gssapi_wrap(struct gensec_security 
*gensec_security,
        return NT_STATUS_OK;
 }
 
-static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security, 
-                                    TALLOC_CTX *mem_ctx, 
-                                    const DATA_BLOB *in, 
+static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security,
+                                    TALLOC_CTX *mem_ctx,
+                                    const DATA_BLOB *in,
                                     DATA_BLOB *out)
 {
        struct gensec_gssapi_state *gensec_gssapi_state
@@ -1222,7 +1222,7 @@ static NTSTATUS gensec_gssapi_unwrap(struct 
gensec_security *gensec_security,
        gss_qop_t qop_state;
        input_token.length = in->length;
        input_token.value = in->data;
-       
+
        if (gensec_gssapi_state->sasl) {
                size_t max_wrapped_size = 
gensec_gssapi_max_wrapped_size(gensec_security);
                if (max_wrapped_size < in->length) {
@@ -1230,26 +1230,26 @@ static NTSTATUS gensec_gssapi_unwrap(struct 
gensec_security *gensec_security,
                        return NT_STATUS_INVALID_PARAMETER;
                }
        }
-       
+
        /*
         * FIXME: input_message_buffer is marked const, but gss_unwrap() may
         * modify it (see calls to rrc_rotate() in _gssapi_unwrap_cfx()).
         */
-       maj_stat = gss_unwrap(&min_stat, 
-                             gensec_gssapi_state->gssapi_context, 
+       maj_stat = gss_unwrap(&min_stat,
+                             gensec_gssapi_state->gssapi_context,
                              &input_token,
-                             &output_token, 
+                             &output_token,
                              &conf_state,
                              &qop_state);
        if (GSS_ERROR(maj_stat)) {
-               DEBUG(1, ("gensec_gssapi_unwrap: GSS UnWrap failed: %s\n", 
+               DEBUG(1, ("gensec_gssapi_unwrap: GSS UnWrap failed: %s\n",
                          gssapi_error_string(mem_ctx, maj_stat, min_stat, 
gensec_gssapi_state->gss_oid)));
                return NT_STATUS_ACCESS_DENIED;
        }
 
        *out = data_blob_talloc(mem_ctx, output_token.value, 
output_token.length);
        gss_release_buffer(&min_stat, &output_token);
-       
+
        if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
            && !conf_state) {
                return NT_STATUS_ACCESS_DENIED;
@@ -1259,21 +1259,21 @@ static NTSTATUS gensec_gssapi_unwrap(struct 
gensec_security *gensec_security,
 
 /* Find out the maximum input size negotiated on this connection */
 
-static size_t gensec_gssapi_max_input_size(struct gensec_security 
*gensec_security) 
+static size_t gensec_gssapi_max_input_size(struct gensec_security 
*gensec_security)
 {
        struct gensec_gssapi_state *gensec_gssapi_state
                = talloc_get_type(gensec_security->private_data, struct 
gensec_gssapi_state);
        OM_uint32 maj_stat, min_stat;
        OM_uint32 max_input_size;
 
-       maj_stat = gss_wrap_size_limit(&min_stat, 
+       maj_stat = gss_wrap_size_limit(&min_stat,
                                       gensec_gssapi_state->gssapi_context,
                                       gensec_have_feature(gensec_security, 
GENSEC_FEATURE_SEAL),
                                       GSS_C_QOP_DEFAULT,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to