diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-10-19 18:39:27 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-10-21 08:50:55 +0200 |
commit | 321204eaeb05107b9a6d5ed464a11cd5018c97c6 (patch) | |
tree | cbcbfa59d184b2915853658f83b8c86d53e20a92 | |
parent | 38de149e9b7e6150d4410bd964548ee22ffe8199 (diff) | |
download | samba-321204eaeb05107b9a6d5ed464a11cd5018c97c6.tar.gz samba-321204eaeb05107b9a6d5ed464a11cd5018c97c6.tar.bz2 samba-321204eaeb05107b9a6d5ed464a11cd5018c97c6.zip |
s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 35 | ||||
-rw-r--r-- | source3/librpc/crypto/spnego.h | 2 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 30 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_ntlmssp.c | 22 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_ntlmssp.h | 10 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_spnego.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 42 |
7 files changed, 75 insertions, 74 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index c81b424af3..fce2de3f06 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -92,6 +92,7 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx, struct spnego_context **spnego_ctx) { struct spnego_context *sp_ctx = NULL; + struct auth_ntlmssp_state *auth_ntlmssp_state; NTSTATUS status; status = spnego_context_init(mem_ctx, do_sign, do_seal, &sp_ctx); @@ -101,27 +102,27 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx, sp_ctx->mech = SPNEGO_NTLMSSP; status = auth_ntlmssp_client_prepare(sp_ctx, - &sp_ctx->mech_ctx.ntlmssp_state); + &auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(sp_ctx); return status; } - status = auth_ntlmssp_set_username(sp_ctx->mech_ctx.ntlmssp_state, + status = auth_ntlmssp_set_username(auth_ntlmssp_state, username); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(sp_ctx); return status; } - status = auth_ntlmssp_set_domain(sp_ctx->mech_ctx.ntlmssp_state, + status = auth_ntlmssp_set_domain(auth_ntlmssp_state, domain); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(sp_ctx); return status; } - status = auth_ntlmssp_set_password(sp_ctx->mech_ctx.ntlmssp_state, + status = auth_ntlmssp_set_password(auth_ntlmssp_state, password); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(sp_ctx); @@ -129,19 +130,21 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx, } if (do_sign) { - gensec_want_feature(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SIGN); } else if (do_seal) { - gensec_want_feature(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SEAL); } - status = auth_ntlmssp_client_start(sp_ctx->mech_ctx.ntlmssp_state); + status = auth_ntlmssp_client_start(auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(sp_ctx); return status; } + sp_ctx->mech_ctx.gensec_security = talloc_move(sp_ctx, &auth_ntlmssp_state->gensec_security); + TALLOC_FREE(auth_ntlmssp_state); *spnego_ctx = sp_ctx; return NT_STATUS_OK; } @@ -152,7 +155,7 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx, DATA_BLOB *spnego_out) { struct gse_context *gse_ctx; - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct spnego_data sp_in, sp_out; DATA_BLOB token_in = data_blob_null; DATA_BLOB token_out = data_blob_null; @@ -213,8 +216,8 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx, case SPNEGO_NTLMSSP: - ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state; - status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL, + gensec_security = sp_ctx->mech_ctx.gensec_security; + status = gensec_update(gensec_security, mem_ctx, NULL, token_in, &token_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { @@ -317,7 +320,7 @@ NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx, *auth_context = sp_ctx->mech_ctx.gssapi_state; break; case SPNEGO_NTLMSSP: - *auth_context = sp_ctx->mech_ctx.ntlmssp_state; + *auth_context = sp_ctx->mech_ctx.gensec_security; break; default: return NT_STATUS_INTERNAL_ERROR; @@ -337,7 +340,7 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx, return gse_get_session_key(mem_ctx, sp_ctx->mech_ctx.gssapi_state); case SPNEGO_NTLMSSP: - status = gensec_session_key(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, mem_ctx, &sk); + status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk); if (!NT_STATUS_IS_OK(status)) { return data_blob_null; } @@ -360,7 +363,7 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, data, signature); case SPNEGO_NTLMSSP: return gensec_sign_packet( - sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + sp_ctx->mech_ctx.gensec_security, mem_ctx, data->data, data->length, full_data->data, full_data->length, @@ -382,7 +385,7 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, data, signature); case SPNEGO_NTLMSSP: return gensec_check_packet( - sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + sp_ctx->mech_ctx.gensec_security, data->data, data->length, full_data->data, full_data->length, signature); @@ -403,7 +406,7 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, data, signature); case SPNEGO_NTLMSSP: return gensec_seal_packet( - sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + sp_ctx->mech_ctx.gensec_security, mem_ctx, data->data, data->length, full_data->data, full_data->length, @@ -425,7 +428,7 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, data, signature); case SPNEGO_NTLMSSP: return gensec_unseal_packet( - sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + sp_ctx->mech_ctx.gensec_security, data->data, data->length, full_data->data, full_data->length, signature); diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h index 5e1a79b2af..2605169bb0 100644 --- a/source3/librpc/crypto/spnego.h +++ b/source3/librpc/crypto/spnego.h @@ -30,7 +30,7 @@ struct spnego_context { enum spnego_mech mech; union { - struct auth_ntlmssp_state *ntlmssp_state; + struct gensec_security *gensec_security; struct gse_context *gssapi_state; } mech_ctx; diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index dc3b570a6c..206443434f 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -379,7 +379,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, Create and add the NTLMSSP sign/seal auth data. ********************************************************************/ -static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, +static NTSTATUS add_ntlmssp_auth_footer(struct gensec_security *gensec_security, enum dcerpc_AuthLevel auth_level, DATA_BLOB *rpc_out) { @@ -389,14 +389,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, DATA_BLOB auth_blob; NTSTATUS status; - if (!auth_state) { + if (!gensec_security) { return NT_STATUS_INVALID_PARAMETER; } switch (auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ - status = gensec_seal_packet(auth_state->gensec_security, + status = gensec_seal_packet(gensec_security, rpc_out->data, rpc_out->data + DCERPC_RESPONSE_LENGTH, @@ -411,7 +411,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ - status = gensec_sign_packet(auth_state->gensec_security, + status = gensec_sign_packet(gensec_security, rpc_out->data, rpc_out->data + DCERPC_RESPONSE_LENGTH, @@ -447,7 +447,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, Check/unseal the NTLMSSP auth data. (Unseal in place). ********************************************************************/ -static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, +static NTSTATUS get_ntlmssp_auth_footer(struct gensec_security *gensec_security, enum dcerpc_AuthLevel auth_level, DATA_BLOB *data, DATA_BLOB *full_pkt, DATA_BLOB *auth_token) @@ -455,7 +455,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, switch (auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ - return gensec_unseal_packet(auth_state->gensec_security, + return gensec_unseal_packet(gensec_security, data->data, data->length, full_pkt->data, @@ -464,7 +464,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ - return gensec_check_packet(auth_state->gensec_security, + return gensec_check_packet(gensec_security, data->data, data->length, full_pkt->data, @@ -747,7 +747,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, size_t pad_len, DATA_BLOB *rpc_out) { struct schannel_state *schannel_auth; - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct spnego_context *spnego_ctx; struct gse_context *gse_ctx; char pad[CLIENT_NDR_PADDING_SIZE] = { 0, }; @@ -804,9 +804,9 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, auth->auth_level, rpc_out); break; case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx, - struct auth_ntlmssp_state); - status = add_ntlmssp_auth_footer(ntlmssp_ctx, + gensec_security = talloc_get_type_abort(auth->auth_ctx, + struct gensec_security); + status = add_ntlmssp_auth_footer(gensec_security, auth->auth_level, rpc_out); break; @@ -852,7 +852,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, size_t *pad_len) { struct schannel_state *schannel_auth; - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct spnego_context *spnego_ctx; struct gse_context *gse_ctx; NTSTATUS status; @@ -936,9 +936,9 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth, DEBUG(10, ("NTLMSSP auth\n")); - ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx, - struct auth_ntlmssp_state); - status = get_ntlmssp_auth_footer(ntlmssp_ctx, + gensec_security = talloc_get_type_abort(auth->auth_ctx, + struct gensec_security); + status = get_ntlmssp_auth_footer(gensec_security, auth->auth_level, &data, &full_pkt, &auth_info.credentials); diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c index 8700726c25..e03b3357f3 100644 --- a/source3/rpc_server/dcesrv_ntlmssp.c +++ b/source3/rpc_server/dcesrv_ntlmssp.c @@ -32,7 +32,7 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, DATA_BLOB *token_in, DATA_BLOB *token_out, const struct tsocket_address *remote_address, - struct auth_ntlmssp_state **ctx) + struct gensec_security **ctx) { struct auth_ntlmssp_state *a = NULL; NTSTATUS status; @@ -67,19 +67,17 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, } /* steal ntlmssp context too */ - *ctx = talloc_move(mem_ctx, &a); + *ctx = talloc_move(mem_ctx, &a->gensec_security); status = NT_STATUS_OK; done: - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(a); - } + TALLOC_FREE(a); return status; } -NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, +NTSTATUS ntlmssp_server_step(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, DATA_BLOB *token_in, DATA_BLOB *token_out) @@ -88,22 +86,22 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, /* this has to be done as root in order to verify the password */ become_root(); - status = gensec_update(ctx->gensec_security, mem_ctx, NULL, *token_in, token_out); + status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); unbecome_root(); return status; } -NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx, +NTSTATUS ntlmssp_server_check_flags(struct gensec_security *gensec_security, bool do_sign, bool do_seal) { - if (do_sign && !gensec_have_feature(ctx->gensec_security, GENSEC_FEATURE_SIGN)) { + if (do_sign && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { DEBUG(1, (__location__ "Integrity was requested but client " "failed to negotiate signing.\n")); return NT_STATUS_ACCESS_DENIED; } - if (do_seal && !gensec_have_feature(ctx->gensec_security, GENSEC_FEATURE_SEAL)) { + if (do_seal && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { DEBUG(1, (__location__ "Privacy was requested but client " "failed to negotiate sealing.\n")); return NT_STATUS_ACCESS_DENIED; @@ -112,13 +110,13 @@ NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx, return NT_STATUS_OK; } -NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx, +NTSTATUS ntlmssp_server_get_user_info(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) { NTSTATUS status; - status = gensec_session_info(ctx->gensec_security, mem_ctx, session_info); + status = gensec_session_info(gensec_security, mem_ctx, session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (__location__ ": Failed to get authenticated user " "info: %s\n", nt_errstr(status))); diff --git a/source3/rpc_server/dcesrv_ntlmssp.h b/source3/rpc_server/dcesrv_ntlmssp.h index 05b67df7f0..6efc68d78c 100644 --- a/source3/rpc_server/dcesrv_ntlmssp.h +++ b/source3/rpc_server/dcesrv_ntlmssp.h @@ -20,7 +20,7 @@ #ifndef _DCESRV_NTLMSSP_H_ #define _DCESRV_NTLMSSP_H_ -struct auth_ntlmssp_state; +struct gensec_security; NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, bool do_sign, @@ -29,14 +29,14 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, DATA_BLOB *token_in, DATA_BLOB *token_out, const struct tsocket_address *remote_address, - struct auth_ntlmssp_state **ctx); -NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, + struct gensec_security **ctx); +NTSTATUS ntlmssp_server_step(struct gensec_security *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *token_in, DATA_BLOB *token_out); -NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx, +NTSTATUS ntlmssp_server_check_flags(struct gensec_security *ctx, bool do_sign, bool do_seal); -NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx, +NTSTATUS ntlmssp_server_get_user_info(struct gensec_security *ctx, TALLOC_CTX *mem_ctx, struct auth_session_info **session_info); diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c index 515e59b7e8..88ffdf7b5f 100644 --- a/source3/rpc_server/dcesrv_spnego.c +++ b/source3/rpc_server/dcesrv_spnego.c @@ -54,7 +54,7 @@ static NTSTATUS spnego_server_mech_init(struct spnego_context *sp_ctx, DATA_BLOB *token_in, DATA_BLOB *token_out) { - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct gse_context *gse_ctx; NTSTATUS status; @@ -84,14 +84,14 @@ static NTSTATUS spnego_server_mech_init(struct spnego_context *sp_ctx, token_in, token_out, sp_ctx->remote_address, - &ntlmssp_ctx); + &gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to init ntlmssp server " "(%s)\n", nt_errstr(status))); return status; } - sp_ctx->mech_ctx.ntlmssp_state = ntlmssp_ctx; + sp_ctx->mech_ctx.gensec_security = gensec_security; break; default: @@ -155,7 +155,7 @@ NTSTATUS spnego_server_step(struct spnego_context *sp_ctx, break; case SPNEGO_NTLMSSP: status = ntlmssp_server_step( - sp_ctx->mech_ctx.ntlmssp_state, + sp_ctx->mech_ctx.gensec_security, mem_ctx, &token_in, &token_out); break; default: diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 449bf7555b..b32e1e1d48 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -589,7 +589,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, struct dcerpc_auth *auth_info, DATA_BLOB *response) { - struct auth_ntlmssp_state *ntlmssp_state = NULL; + struct gensec_security *gensec_security = NULL; NTSTATUS status; if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) { @@ -607,7 +607,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, &auth_info->credentials, response, p->remote_address, - &ntlmssp_state); + &gensec_security); if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) { DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n", nt_errstr(status))); @@ -617,7 +617,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, /* Make sure data is bound to the memctx, to be freed the caller */ talloc_steal(mem_ctx, response->data); - p->auth.auth_ctx = ntlmssp_state; + p->auth.auth_ctx = gensec_security; p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; DEBUG(10, (__location__ ": NTLMSSP auth started\n")); @@ -633,7 +633,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p, *******************************************************************/ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *ntlmssp_ctx, + struct gensec_security *gensec_security, enum dcerpc_AuthLevel auth_level, struct auth_session_info **session_info) { @@ -646,7 +646,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx, ensure the underlying NTLMSSP flags are also set. If not we should refuse the bind. */ - status = ntlmssp_server_check_flags(ntlmssp_ctx, + status = ntlmssp_server_check_flags(gensec_security, (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY), (auth_level == @@ -659,7 +659,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx, TALLOC_FREE(*session_info); - status = ntlmssp_server_get_user_info(ntlmssp_ctx, + status = ntlmssp_server_get_user_info(gensec_security, mem_ctx, session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (__location__ ": failed to obtain the server info " @@ -772,7 +772,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx, static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) { enum spnego_mech auth_type; - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct spnego_context *spnego_ctx; struct gse_context *gse_ctx; void *mech_ctx; @@ -780,9 +780,9 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) switch (p->auth.auth_type) { case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, - struct auth_ntlmssp_state); - if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx, + gensec_security = talloc_get_type_abort(p->auth.auth_ctx, + struct gensec_security); + if (!pipe_ntlmssp_verify_final(p, gensec_security, p->auth.auth_level, &p->session_info)) { return NT_STATUS_ACCESS_DENIED; @@ -824,9 +824,9 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) } break; case SPNEGO_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(mech_ctx, - struct auth_ntlmssp_state); - if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx, + gensec_security = talloc_get_type_abort(mech_ctx, + struct gensec_security); + if (!pipe_ntlmssp_verify_final(p, gensec_security, p->auth.auth_level, &p->session_info)) { return NT_STATUS_ACCESS_DENIED; @@ -1163,7 +1163,7 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) { struct dcerpc_auth auth_info; DATA_BLOB response = data_blob_null; - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct spnego_context *spnego_ctx; struct gse_context *gse_ctx; NTSTATUS status; @@ -1211,9 +1211,9 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt) switch (auth_info.auth_type) { case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, - struct auth_ntlmssp_state); - status = ntlmssp_server_step(ntlmssp_ctx, + gensec_security = talloc_get_type_abort(p->auth.auth_ctx, + struct gensec_security); + status = ntlmssp_server_step(gensec_security, pkt, &auth_info.credentials, &response); break; @@ -1282,7 +1282,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p, DATA_BLOB auth_resp = data_blob_null; DATA_BLOB auth_blob = data_blob_null; int pad_len = 0; - struct auth_ntlmssp_state *ntlmssp_ctx; + struct gensec_security *gensec_security; struct spnego_context *spnego_ctx; struct gse_context *gse_ctx; @@ -1379,9 +1379,9 @@ static bool api_pipe_alter_context(struct pipes_struct *p, &auth_resp); break; case DCERPC_AUTH_TYPE_NTLMSSP: - ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, - struct auth_ntlmssp_state); - status = ntlmssp_server_step(ntlmssp_ctx, + gensec_security = talloc_get_type_abort(p->auth.auth_ctx, + struct gensec_security); + status = ntlmssp_server_step(gensec_security, pkt, &auth_info.credentials, &auth_resp); |