summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-03 21:54:49 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-18 16:23:23 +0100
commit1818612830576419889ff5702d5e85fa63ddb121 (patch)
tree2c13df3c5a1470a4c4106b32be5a2f7ebaf905d7
parentad14b8c655f1ae02b2d2b854ab6bda4480c5f8ca (diff)
downloadsamba-1818612830576419889ff5702d5e85fa63ddb121.tar.gz
samba-1818612830576419889ff5702d5e85fa63ddb121.tar.bz2
samba-1818612830576419889ff5702d5e85fa63ddb121.zip
s3-librpc Remove special case for spnego dcerpc sign/seal
SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/librpc/rpc/dcerpc_helpers.c110
1 files changed, 18 insertions, 92 deletions
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 5a50f2b24a..212c98fb1a 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -543,92 +543,6 @@ static NTSTATUS get_schannel_auth_footer(TALLOC_CTX *mem_ctx,
}
}
-/*******************************************************************
- Create and add the spnego-negotiated sign/seal auth data.
- ********************************************************************/
-
-static NTSTATUS add_spnego_auth_footer(struct spnego_context *spnego_ctx,
- enum dcerpc_AuthLevel auth_level,
- DATA_BLOB *rpc_out)
-{
- DATA_BLOB auth_blob;
- DATA_BLOB rpc_data;
- NTSTATUS status;
-
- if (!spnego_ctx) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- rpc_data = data_blob_const(rpc_out->data
- + DCERPC_RESPONSE_LENGTH,
- rpc_out->length
- - DCERPC_RESPONSE_LENGTH
- - DCERPC_AUTH_TRAILER_LENGTH);
-
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- /* Data portion is encrypted. */
- status = spnego_seal(rpc_out->data, spnego_ctx,
- &rpc_data, rpc_out, &auth_blob);
- break;
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- break;
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- /* Data is signed. */
- status = spnego_sign(rpc_out->data, spnego_ctx,
- &rpc_data, rpc_out, &auth_blob);
- break;
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- break;
-
- default:
- /* Can't happen. */
- smb_panic("bad auth level");
- /* Notreached. */
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* Finally attach the blob. */
- if (!data_blob_append(NULL, rpc_out,
- auth_blob.data, auth_blob.length)) {
- DEBUG(0, ("Failed to add %u bytes auth blob.\n",
- (unsigned int)auth_blob.length));
- return NT_STATUS_NO_MEMORY;
- }
- data_blob_free(&auth_blob);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_spnego_auth_footer(TALLOC_CTX *mem_ctx,
- struct spnego_context *sp_ctx,
- enum dcerpc_AuthLevel auth_level,
- DATA_BLOB *data, DATA_BLOB *full_pkt,
- DATA_BLOB *auth_token)
-{
- switch (auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- /* Data portion is encrypted. */
- return spnego_unseal(mem_ctx, sp_ctx,
- data, full_pkt, auth_token);
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- /* Data is signed. */
- return spnego_sigcheck(mem_ctx, sp_ctx,
- data, full_pkt, auth_token);
-
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
-}
-
/**
* @brief Append an auth footer according to what is the current mechanism
*
@@ -694,8 +608,14 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_SPNEGO:
spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
struct spnego_context);
- status = add_spnego_auth_footer(spnego_ctx,
- auth->auth_level, rpc_out);
+ status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = add_generic_auth_footer(gensec_security,
+ auth->auth_level,
+ rpc_out);
break;
case DCERPC_AUTH_TYPE_KRB5:
case DCERPC_AUTH_TYPE_NTLMSSP:
@@ -810,10 +730,16 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_SPNEGO:
spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
struct spnego_context);
- status = get_spnego_auth_footer(pkt, spnego_ctx,
- auth->auth_level,
- &data, &full_pkt,
- &auth_info.credentials);
+ status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = get_generic_auth_footer(gensec_security,
+ auth->auth_level,
+ &data, &full_pkt,
+ &auth_info.credentials);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}