diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-01-02 15:48:09 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-01-18 16:23:22 +0100 |
commit | 5ddec1182ec378e4560f0d98604060fdc4b6f542 (patch) | |
tree | 1eaf362d0c128a7f63051e0710ed12294feb5167 | |
parent | 0c1b4c232135ebdef58bb5e697dfc60ddbb358bc (diff) | |
download | samba-5ddec1182ec378e4560f0d98604060fdc4b6f542.tar.gz samba-5ddec1182ec378e4560f0d98604060fdc4b6f542.tar.bz2 samba-5ddec1182ec378e4560f0d98604060fdc4b6f542.zip |
s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 103 | ||||
-rw-r--r-- | source3/librpc/crypto/spnego.h | 1 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_spnego.c | 15 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 5 |
5 files changed, 32 insertions, 96 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index 0a4bd18b22..dfc31b2d52 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -273,31 +273,13 @@ bool spnego_require_more_processing(struct spnego_context *sp_ctx) return true; } - /* otherwise see if underlying mechnism does */ - switch (sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - return sp_ctx->more_processing; - default: - DEBUG(0, ("Unsupported type in request!\n")); - return false; - } + return sp_ctx->more_processing; } NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx, - enum spnego_mech *type, struct gensec_security **auth_context) { - switch (sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - *auth_context = sp_ctx->mech_ctx.gensec_security; - break; - default: - return NT_STATUS_INTERNAL_ERROR; - } - - *type = sp_ctx->mech; + *auth_context = sp_ctx->mech_ctx.gensec_security; return NT_STATUS_OK; } @@ -306,18 +288,11 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx, { DATA_BLOB sk; NTSTATUS status; - switch (sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk); - if (!NT_STATUS_IS_OK(status)) { - return data_blob_null; - } - return sk; - default: - DEBUG(0, ("Unsupported type in request!\n")); + status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk); + if (!NT_STATUS_IS_OK(status)) { return data_blob_null; } + return sk; } NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, @@ -325,18 +300,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, DATA_BLOB *data, DATA_BLOB *full_data, DATA_BLOB *signature) { - switch(sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - return gensec_sign_packet( - sp_ctx->mech_ctx.gensec_security, - mem_ctx, - data->data, data->length, - full_data->data, full_data->length, - signature); - default: - return NT_STATUS_INVALID_PARAMETER; - } + return gensec_sign_packet( + sp_ctx->mech_ctx.gensec_security, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); } NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, @@ -344,17 +313,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, DATA_BLOB *data, DATA_BLOB *full_data, DATA_BLOB *signature) { - switch(sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - return gensec_check_packet( - sp_ctx->mech_ctx.gensec_security, - data->data, data->length, - full_data->data, full_data->length, - signature); - default: - return NT_STATUS_INVALID_PARAMETER; - } + return gensec_check_packet( + sp_ctx->mech_ctx.gensec_security, + data->data, data->length, + full_data->data, full_data->length, + signature); } NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, @@ -362,18 +325,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, DATA_BLOB *data, DATA_BLOB *full_data, DATA_BLOB *signature) { - switch(sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - return gensec_seal_packet( - sp_ctx->mech_ctx.gensec_security, - mem_ctx, - data->data, data->length, - full_data->data, full_data->length, - signature); - default: - return NT_STATUS_INVALID_PARAMETER; - } + return gensec_seal_packet( + sp_ctx->mech_ctx.gensec_security, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); } NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, @@ -381,15 +338,9 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, DATA_BLOB *data, DATA_BLOB *full_data, DATA_BLOB *signature) { - switch(sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - return gensec_unseal_packet( - sp_ctx->mech_ctx.gensec_security, - data->data, data->length, - full_data->data, full_data->length, - signature); - default: - return NT_STATUS_INVALID_PARAMETER; - } + return gensec_unseal_packet( + sp_ctx->mech_ctx.gensec_security, + data->data, data->length, + full_data->data, full_data->length, + signature); } diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h index 57396a63c5..5a63a7f9c4 100644 --- a/source3/librpc/crypto/spnego.h +++ b/source3/librpc/crypto/spnego.h @@ -72,7 +72,6 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx, bool spnego_require_more_processing(struct spnego_context *sp_ctx); NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx, - enum spnego_mech *type, struct gensec_security **auth_context); DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index ed0e0fe932..5a50f2b24a 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -268,7 +268,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, struct gensec_security *gensec_security; struct schannel_state *schannel_auth; struct spnego_context *spnego_ctx; - enum spnego_mech auth_type; NTSTATUS status; /* no auth token cases first */ @@ -303,8 +302,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, case DCERPC_AUTH_TYPE_SPNEGO: spnego_ctx = talloc_get_type_abort(auth->auth_ctx, struct spnego_context); - status = spnego_get_negotiated_mech(spnego_ctx, - &auth_type, &gensec_security); + status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c index 1bea2321ef..0a6b3b8512 100644 --- a/source3/rpc_server/dcesrv_spnego.c +++ b/source3/rpc_server/dcesrv_spnego.c @@ -136,18 +136,9 @@ NTSTATUS spnego_server_step(struct spnego_context *sp_ctx, case SPNEGO_CONV_AUTH_MORE: - switch(sp_ctx->mech) { - case SPNEGO_KRB5: - case SPNEGO_NTLMSSP: - status = auth_generic_server_step( - sp_ctx->mech_ctx.gensec_security, - mem_ctx, &token_in, &token_out); - break; - default: - status = NT_STATUS_INVALID_PARAMETER; - goto done; - } - + status = auth_generic_server_step( + sp_ctx->mech_ctx.gensec_security, + mem_ctx, &token_in, &token_out); break; case SPNEGO_CONV_AUTH_DONE: diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 18389b42e0..8731a28d82 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -678,10 +678,8 @@ static bool pipe_auth_generic_verify_final(TALLOC_CTX *mem_ctx, static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) { - enum spnego_mech auth_type; struct gensec_security *gensec_security; struct spnego_context *spnego_ctx; - void *mech_ctx; NTSTATUS status; switch (p->auth.auth_type) { @@ -698,8 +696,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) case DCERPC_AUTH_TYPE_SPNEGO: spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx, struct spnego_context); - status = spnego_get_negotiated_mech(spnego_ctx, - &auth_type, &gensec_security); + status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Bad SPNEGO state (%s)\n", nt_errstr(status))); |