summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-10-18 21:27:39 +1100
committerStefan Metzmacher <metze@samba.org>2011-10-21 08:43:23 +0200
commitbd29f79463009ff7383cb17a3f766fddcdb1f302 (patch)
tree5caa60eb360bd3c3819cc03a7f17d02da8c10069
parent487545d48fc0625aab20aa8f46897e2bd622554f (diff)
downloadsamba-bd29f79463009ff7383cb17a3f766fddcdb1f302.tar.gz
samba-bd29f79463009ff7383cb17a3f766fddcdb1f302.tar.bz2
samba-bd29f79463009ff7383cb17a3f766fddcdb1f302.zip
s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet
This avoids the indirection via the auth_ntlmsssp wrapper functions. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/include/ntlmssp_wrap.h26
-rw-r--r--source3/librpc/crypto/cli_spnego.c44
-rw-r--r--source3/librpc/rpc/dcerpc_helpers.c57
-rw-r--r--source3/libsmb/ntlmssp_wrap.c46
-rw-r--r--source3/libsmb/smb_seal.c7
5 files changed, 55 insertions, 125 deletions
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index a2c4f7a6be..f58e63e85e 100644
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -34,32 +34,6 @@ struct auth_ntlmssp_state {
struct gensec_security *gensec_security;
};
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig);
NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
const char *user);
NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index db03fdc852..1320a95216 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -354,12 +354,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_sign_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- mem_ctx,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_sign_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
@@ -376,11 +376,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_check_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_check_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
@@ -397,12 +397,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_seal_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- mem_ctx,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_seal_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
@@ -419,11 +419,11 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_unseal_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_unseal_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 32dbfdfe48..dc3b570a6c 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -28,6 +28,7 @@
#include "ntlmssp_wrap.h"
#include "librpc/crypto/gse.h"
#include "librpc/crypto/spnego.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_PARSE
@@ -395,14 +396,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- status = auth_ntlmssp_seal_packet(auth_state,
- rpc_out->data,
- rpc_out->data
- + DCERPC_RESPONSE_LENGTH,
- data_and_pad_len,
- rpc_out->data,
- rpc_out->length,
- &auth_blob);
+ status = gensec_seal_packet(auth_state->gensec_security,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -410,14 +411,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = auth_ntlmssp_sign_packet(auth_state,
- rpc_out->data,
- rpc_out->data
- + DCERPC_RESPONSE_LENGTH,
- data_and_pad_len,
- rpc_out->data,
- rpc_out->length,
- &auth_blob);
+ status = gensec_sign_packet(auth_state->gensec_security,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -454,21 +455,21 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- return auth_ntlmssp_unseal_packet(auth_state,
- data->data,
- data->length,
- full_pkt->data,
- full_pkt->length,
- auth_token);
+ return gensec_unseal_packet(auth_state->gensec_security,
+ data->data,
+ data->length,
+ full_pkt->data,
+ full_pkt->length,
+ auth_token);
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- return auth_ntlmssp_check_packet(auth_state,
- data->data,
- data->length,
- full_pkt->data,
- full_pkt->length,
- auth_token);
+ return gensec_check_packet(auth_state->gensec_security,
+ data->data,
+ data->length,
+ full_pkt->data,
+ full_pkt->length,
+ auth_token);
default:
return NT_STATUS_INVALID_PARAMETER;
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index e18a60b730..a470444054 100644
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -26,52 +26,6 @@
#include "librpc/rpc/dcerpc.h"
#include "lib/param/param.h"
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig)
-{
- return gensec_sign_packet(ans->gensec_security,
- sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return gensec_check_packet(ans->gensec_security,
- data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig)
-{
- return gensec_seal_packet(ans->gensec_security,
- sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return gensec_unseal_packet(ans->gensec_security,
- data, length, whole_pdu, pdu_length, sig);
-}
-
NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
const char *user)
{
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 950f3e3822..f767f16be5 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -23,6 +23,7 @@
#include "libsmb/libsmb.h"
#include "ntlmssp_wrap.h"
#include "libcli/auth/krb5_wrap.h"
+#include "auth/gensec/gensec.h"
#undef malloc
@@ -99,7 +100,7 @@ static NTSTATUS common_ntlm_decrypt_buffer(struct auth_ntlmssp_state *auth_ntlms
/* Point at the signature. */
sig = data_blob_const(inbuf+8, NTLMSSP_SIG_SIZE);
- status = auth_ntlmssp_unseal_packet(auth_ntlmssp_state,
+ status = gensec_unseal_packet(auth_ntlmssp_state->gensec_security,
(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'E' <enc> <ctx> */
data_len,
(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE,
@@ -163,8 +164,8 @@ static NTSTATUS common_ntlm_encrypt_buffer(struct auth_ntlmssp_state *auth_ntlms
ZERO_STRUCT(sig);
- status = auth_ntlmssp_seal_packet(auth_ntlmssp_state,
- frame,
+ status = gensec_seal_packet(auth_ntlmssp_state->gensec_security,
+ frame,
(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' <enc> <ctx> */
data_len,
(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE,