summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-26 14:23:15 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-05 17:17:28 +0100
commit3042e38d519411e774e110b16a2eeeaef4b25a65 (patch)
treee8586dd2c248ad1091c36d52bf69e031201bd0f4
parent0c0c23f3fe6f7c55d69d6ca19f8252b12aa8fe5a (diff)
downloadsamba-3042e38d519411e774e110b16a2eeeaef4b25a65.tar.gz
samba-3042e38d519411e774e110b16a2eeeaef4b25a65.tar.bz2
samba-3042e38d519411e774e110b16a2eeeaef4b25a65.zip
s3-auth use gensec directly rather than via auth_generic_state
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/auth/auth_generic.c62
-rw-r--r--source3/auth/proto.h6
-rw-r--r--source3/include/auth.h2
-rw-r--r--source3/include/ntlmssp_wrap.h3
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/rpc_server/dcesrv_auth_generic.c56
-rw-r--r--source3/smbd/globals.h2
-rw-r--r--source3/smbd/negprot.c10
-rw-r--r--source3/smbd/password.c4
-rw-r--r--source3/smbd/seal.c15
-rw-r--r--source3/smbd/sesssetup.c54
-rw-r--r--source3/smbd/smb2_sesssetup.c40
12 files changed, 112 insertions, 144 deletions
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 8141f18eac..cd4b764e85 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -33,89 +33,73 @@
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
const struct tsocket_address *remote_address,
- struct auth_generic_state **auth_ntlmssp_state)
+ struct gensec_security **gensec_security_out)
{
+ struct gensec_security *gensec_security;
struct auth_context *auth_context;
- struct auth_generic_state *ans;
NTSTATUS nt_status;
- ans = talloc_zero(mem_ctx, struct auth_generic_state);
- if (!ans) {
- DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- nt_status = make_auth_context_subsystem(talloc_tos(), &auth_context);
+ nt_status = make_auth_context_subsystem(tmp_ctx, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
- ans->auth_context = talloc_steal(ans, auth_context);
-
if (auth_context->prepare_gensec) {
- nt_status = auth_context->prepare_gensec(ans,
- &ans->gensec_security);
+ nt_status = auth_context->prepare_gensec(tmp_ctx,
+ &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
} else {
struct gensec_settings *gensec_settings;
struct loadparm_context *lp_ctx;
- lp_ctx = loadparm_init_s3(ans, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_context());
if (lp_ctx == NULL) {
DEBUG(10, ("loadparm_init_s3 failed\n"));
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_INVALID_SERVER_STATE;
}
- gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
+ gensec_settings = lpcfg_gensec_settings(tmp_ctx, lp_ctx);
if (lp_ctx == NULL) {
DEBUG(10, ("lpcfg_gensec_settings failed\n"));
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->backends = talloc_zero_array(gensec_settings, struct gensec_security_ops *, 2);
if (gensec_settings->backends == NULL) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->backends[0] = &gensec_ntlmssp3_server_ops;
- nt_status = gensec_server_start(ans, gensec_settings,
- NULL, &ans->gensec_security);
+ nt_status = gensec_server_start(tmp_ctx, gensec_settings,
+ NULL, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
- talloc_unlink(ans, lp_ctx);
- talloc_unlink(ans, gensec_settings);
+ talloc_unlink(tmp_ctx, lp_ctx);
+ talloc_unlink(tmp_ctx, gensec_settings);
}
- nt_status = gensec_set_remote_address(ans->gensec_security,
+ nt_status = gensec_set_remote_address(gensec_security,
remote_address);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(ans);
+ TALLOC_FREE(tmp_ctx);
return nt_status;
}
- *auth_ntlmssp_state = ans;
+ *gensec_security_out = talloc_steal(mem_ctx, gensec_security);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
-
-NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid)
-{
- return gensec_start_mech_by_oid(auth_ntlmssp_state->gensec_security, oid);
-}
-
-NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state,
- uint8_t auth_type, uint8_t auth_level)
-{
- return gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security,
- auth_type, auth_level);
-}
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 31271da3e5..77f0f543e9 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -70,11 +70,7 @@ NTSTATUS auth_netlogond_init(void);
/* The following definitions come from auth/auth_ntlmssp.c */
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address,
- struct auth_generic_state **auth_ntlmssp_state);
-NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid);
-NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state,
- uint8_t auth_type, uint8_t auth_level);
-
+ struct gensec_security **gensec_security_out);
/* The following definitions come from auth/auth_sam.c */
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 16bf1e6f14..522dc59a37 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -128,7 +128,7 @@ struct auth_init_function_entry {
struct auth_init_function_entry *prev, *next;
};
-struct auth_generic_state;
+struct gensec_security;
/* Changed from 1 -> 2 to add the logon_parameters field. */
/* Changed from 2 -> 3 when we reworked many auth structures to use IDL or be in common with Samba4 */
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index fb98309ab9..07f474f103 100644
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -26,9 +26,6 @@ struct gensec_security;
extern const struct gensec_security_ops gensec_ntlmssp3_server_ops;
struct auth_generic_state {
- /* used only by server implementation */
- struct auth_context *auth_context;
-
/* used only by the client implementation */
struct cli_credentials *credentials;
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 2221b72763..2adfa36c8c 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1215,7 +1215,7 @@ typedef struct user_struct {
struct auth_session_info *session_info;
- struct auth_generic_state *auth_ntlmssp_state;
+ struct gensec_security *gensec_security;
} user_struct;
/*
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index dee3c16ca3..78d0d78ffa 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -35,10 +35,10 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
const struct tsocket_address *remote_address,
struct gensec_security **ctx)
{
- struct auth_generic_state *a = NULL;
+ struct gensec_security *gensec_security = NULL;
NTSTATUS status;
- status = auth_generic_prepare(talloc_tos(), remote_address, &a);
+ status = auth_generic_prepare(talloc_tos(), remote_address, &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
nt_errstr(status)));
@@ -46,40 +46,36 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
}
if (do_sign) {
- gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
}
if (do_seal) {
- gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN);
- gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SEAL);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
}
if (is_dcerpc) {
- gensec_want_feature(a->gensec_security, GENSEC_FEATURE_DCE_STYLE);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
}
- status = auth_generic_start(a, oid);
+ status = gensec_start_mech_by_oid(gensec_security, oid);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_generic_start failed: %s\n",
nt_errstr(status)));
+ TALLOC_FREE(gensec_security);
return status;
}
- status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out);
+ status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(2, (__location__ ": gensec_update failed: %s\n",
nt_errstr(status)));
- goto done;
+ TALLOC_FREE(gensec_security);
+ return status;
}
- /* steal gensec context too */
- *ctx = talloc_move(mem_ctx, &a->gensec_security);
-
- status = NT_STATUS_OK;
-
-done:
- TALLOC_FREE(a);
-
- return status;
+ /* steal gensec context to the caller */
+ *ctx = talloc_move(mem_ctx, &gensec_security);
+ return NT_STATUS_OK;
}
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
@@ -89,39 +85,35 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
const struct tsocket_address *remote_address,
struct gensec_security **ctx)
{
- struct auth_generic_state *a = NULL;
+ struct gensec_security *gensec_security = NULL;
NTSTATUS status;
- status = auth_generic_prepare(talloc_tos(), remote_address, &a);
+ status = auth_generic_prepare(talloc_tos(), remote_address, &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
nt_errstr(status)));
return status;
}
- status = auth_generic_authtype_start(a, auth_type, auth_level);
+ status = gensec_start_mech_by_authtype(gensec_security, auth_type, auth_level);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_generic_start failed: %s\n",
nt_errstr(status)));
+ TALLOC_FREE(gensec_security);
return status;
}
- status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out);
+ status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(2, (__location__ ": gensec_update failed: %s\n",
nt_errstr(status)));
- goto done;
+ TALLOC_FREE(gensec_security);
+ return status;
}
- /* steal gensec context too */
- *ctx = talloc_move(mem_ctx, &a->gensec_security);
-
- status = NT_STATUS_OK;
-
-done:
- TALLOC_FREE(a);
-
- return status;
+ /* steal gensec context to the caller */
+ *ctx = talloc_move(mem_ctx, &gensec_security);
+ return NT_STATUS_OK;
}
NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security,
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 631298b155..44a76c4fb3 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -410,7 +410,7 @@ struct smbd_smb2_session {
struct smbd_server_connection *sconn;
NTSTATUS status;
uint64_t vuid;
- struct auth_generic_state *auth_ntlmssp_state;
+ struct gensec_security *gensec_security;
struct auth_session_info *session_info;
DATA_BLOB session_key;
bool do_signing;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 0a06e4a3d7..66da049bda 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -199,18 +199,18 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
OID_NTLMSSP,
NULL};
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
- struct auth_generic_state *auth_ntlmssp_state;
+ struct gensec_security *gensec_security;
sconn->use_gensec_hook = false;
/* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */
status = auth_generic_prepare(talloc_tos(),
sconn->remote_address,
- &auth_ntlmssp_state);
+ &gensec_security);
if (NT_STATUS_IS_OK(status)) {
- status = auth_generic_start(auth_ntlmssp_state, GENSEC_OID_SPNEGO);
+ status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
if (NT_STATUS_IS_OK(status)) {
- status = gensec_update(auth_ntlmssp_state->gensec_security, ctx,
+ status = gensec_update(gensec_security, ctx,
NULL, data_blob_null, &blob);
/* If we get the list of OIDs, the 'OK' answer
* is NT_STATUS_MORE_PROCESSING_REQUIRED */
@@ -218,7 +218,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
sconn->use_gensec_hook = true;
}
}
- TALLOC_FREE(auth_ntlmssp_state);
+ TALLOC_FREE(gensec_security);
}
sconn->smb1.negprot.spnego = true;
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 7ccf2ea327..9df99ef6b1 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -124,8 +124,8 @@ void invalidate_vuid(struct smbd_server_connection *sconn, uint16 vuid)
session_yield(vuser);
- if (vuser->auth_ntlmssp_state) {
- TALLOC_FREE(vuser->auth_ntlmssp_state);
+ if (vuser->gensec_security) {
+ TALLOC_FREE(vuser->gensec_security);
}
DLIST_REMOVE(sconn->smb1.sessions.validated_users, vuser);
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index a609a3bad3..4393c1b27c 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -73,33 +73,32 @@ bool is_encrypted_packet(struct smbd_server_connection *sconn,
}
/******************************************************************************
- Create an auth_ntlmssp_state and ensure pointer copy is correct.
+ Create an gensec_security and ensure pointer copy is correct.
******************************************************************************/
static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
struct smb_trans_enc_state *es)
{
- struct auth_generic_state *auth_ntlmssp_state;
+ struct gensec_security *gensec_security;
NTSTATUS status = auth_generic_prepare(NULL, remote_address,
- &auth_ntlmssp_state);
+ &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return nt_status_squash(status);
}
- gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SEAL);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
- status = auth_generic_start(auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(auth_ntlmssp_state);
+ TALLOC_FREE(gensec_security);
return nt_status_squash(status);
}
/* We do not need the auth_ntlmssp layer any more, which was
* allocated on NULL, so promote gensec_security to the NULL
* context */
- es->s.gensec_security = talloc_move(NULL, &auth_ntlmssp_state->gensec_security);
- TALLOC_FREE(auth_ntlmssp_state);
+ es->s.gensec_security = gensec_security;
return status;
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index a15afd5e35..f1672ab1ad 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -420,7 +420,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
static void reply_spnego_ntlmssp(struct smb_request *req,
uint16 vuid,
- struct auth_generic_state **auth_ntlmssp_state,
+ struct gensec_security **gensec_security,
DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status,
const char *OID,
bool wrap)
@@ -431,7 +431,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
struct smbd_server_connection *sconn = req->sconn;
if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = gensec_session_info((*auth_ntlmssp_state)->gensec_security,
+ nt_status = gensec_session_info(*gensec_security,
talloc_tos(),
&session_info);
}
@@ -452,7 +452,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
if (register_existing_vuid(sconn, vuid,
session_info, nullblob) !=
vuid) {
- /* The problem is, *auth_ntlmssp_state points
+ /* The problem is, *gensec_security points
* into the vuser this will have
* talloc_free()'ed in
* register_existing_vuid() */
@@ -492,7 +492,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
/* NB. This is *NOT* an error case. JRA */
if (do_invalidate) {
- TALLOC_FREE(*auth_ntlmssp_state);
+ TALLOC_FREE(*gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -578,7 +578,7 @@ static void reply_spnego_downgrade_to_ntlmssp(struct smb_request *req,
static void reply_spnego_negotiate(struct smb_request *req,
uint16 vuid,
DATA_BLOB blob1,
- struct auth_generic_state **auth_ntlmssp_state)
+ struct gensec_security **gensec_security)
{
DATA_BLOB secblob;
DATA_BLOB chal;
@@ -614,7 +614,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
}
#endif
- TALLOC_FREE(*auth_ntlmssp_state);
+ TALLOC_FREE(*gensec_security);
if (kerb_mech) {
data_blob_free(&secblob);
@@ -626,7 +626,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
}
status = auth_generic_prepare(NULL, sconn->remote_address,
- auth_ntlmssp_state);
+ gensec_security);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -634,9 +634,9 @@ static void reply_spnego_negotiate(struct smb_request *req,
return;
}
- gensec_want_feature((*auth_ntlmssp_state)->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(*gensec_security, GENSEC_FEATURE_SESSION_KEY);
- status = auth_generic_start(*auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(*gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -644,12 +644,12 @@ static void reply_spnego_negotiate(struct smb_request *req,
return;
}
- status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(),
+ status = gensec_update(*gensec_security, talloc_tos(),
NULL, secblob, &chal);
data_blob_free(&secblob);
- reply_spnego_ntlmssp(req, vuid, auth_ntlmssp_state,
+ reply_spnego_ntlmssp(req, vuid, gensec_security,
&chal, status, OID_NTLMSSP, true);
data_blob_free(&chal);
@@ -665,7 +665,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
static void reply_spnego_auth(struct smb_request *req,
uint16 vuid,
DATA_BLOB blob1,
- struct auth_generic_state **auth_ntlmssp_state)
+ struct gensec_security **gensec_security)
{
DATA_BLOB auth = data_blob_null;
DATA_BLOB auth_reply = data_blob_null;
@@ -736,9 +736,9 @@ static void reply_spnego_auth(struct smb_request *req,
/* If we get here it wasn't a negTokenTarg auth packet. */
data_blob_free(&secblob);
- if (!*auth_ntlmssp_state) {
+ if (!*gensec_security) {
status = auth_generic_prepare(NULL, sconn->remote_address,
- auth_ntlmssp_state);
+ gensec_security);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -746,9 +746,9 @@ static void reply_spnego_auth(struct smb_request *req,
return;
}
- gensec_want_feature((*auth_ntlmssp_state)->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(*gensec_security, GENSEC_FEATURE_SESSION_KEY);
- status = auth_generic_start(*auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(*gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -757,7 +757,7 @@ static void reply_spnego_auth(struct smb_request *req,
}
}
- status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(),
+ status = gensec_update(*gensec_security, talloc_tos(),
NULL, auth, &auth_reply);
data_blob_free(&auth);
@@ -765,7 +765,7 @@ static void reply_spnego_auth(struct smb_request *req,
/* Don't send the mechid as we've already sent this (RFC4178). */
reply_spnego_ntlmssp(req, vuid,
- auth_ntlmssp_state,
+ gensec_security,
&auth_reply, status, NULL, true);
data_blob_free(&auth_reply);
@@ -1144,9 +1144,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
if (sconn->use_gensec_hook || ntlmssp_blob_matches_magic(&blob1)) {
DATA_BLOB chal;
- if (!vuser->auth_ntlmssp_state) {
+ if (!vuser->gensec_security) {
status = auth_generic_prepare(vuser, sconn->remote_address,
- &vuser->auth_ntlmssp_state);
+ &vuser->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
invalidate_vuid(sconn, vuid);
@@ -1155,12 +1155,12 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
return;
}
- gensec_want_feature(vuser->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(vuser->gensec_security, GENSEC_FEATURE_SESSION_KEY);
if (sconn->use_gensec_hook) {
- status = auth_generic_start(vuser->auth_ntlmssp_state, GENSEC_OID_SPNEGO);
+ status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_SPNEGO);
} else {
- status = auth_generic_start(vuser->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(vuser->gensec_security, GENSEC_OID_NTLMSSP);
}
if (!NT_STATUS_IS_OK(status)) {
/* Kill the intermediate vuid */
@@ -1171,14 +1171,14 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
}
}
- status = gensec_update(vuser->auth_ntlmssp_state->gensec_security,
+ status = gensec_update(vuser->gensec_security,
talloc_tos(), NULL,
blob1, &chal);
data_blob_free(&blob1);
reply_spnego_ntlmssp(req, vuid,
- &vuser->auth_ntlmssp_state,
+ &vuser->gensec_security,
&chal, status, NULL, false);
data_blob_free(&chal);
return;
@@ -1189,7 +1189,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
/* its a negTokenTarg packet */
reply_spnego_negotiate(req, vuid, blob1,
- &vuser->auth_ntlmssp_state);
+ &vuser->gensec_security);
data_blob_free(&blob1);
return;
}
@@ -1199,7 +1199,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
/* its a auth packet */
reply_spnego_auth(req, vuid, blob1,
- &vuser->auth_ntlmssp_state);
+ &vuser->gensec_security);
data_blob_free(&blob1);
return;
}
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 0a9edbc273..3878b76820 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -243,7 +243,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
status = NT_STATUS_NO_MEMORY;
goto fail;
}
- session->compat_vuser->auth_ntlmssp_state = NULL;
+ session->compat_vuser->gensec_security = NULL;
session->compat_vuser->homes_snum = -1;
session->compat_vuser->session_info = session->session_info;
session->compat_vuser->session_keystr = NULL;
@@ -341,7 +341,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
NTSTATUS status;
/* Ensure we have no old NTLM state around. */
- TALLOC_FREE(session->auth_ntlmssp_state);
+ TALLOC_FREE(session->gensec_security);
status = parse_spnego_mechanisms(talloc_tos(), in_security_buffer,
&secblob_in, &kerb_mech);
@@ -376,19 +376,19 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
} else {
/* Fall back to NTLMSSP. */
status = auth_generic_prepare(session, session->sconn->remote_address,
- &session->auth_ntlmssp_state);
+ &session->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
- gensec_want_feature(session->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY);
- status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
- status = gensec_update(session->auth_ntlmssp_state->gensec_security,
+ status = gensec_update(session->gensec_security,
talloc_tos(), NULL,
secblob_in,
&chal_out);
@@ -453,7 +453,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
TALLOC_FREE(session);
return NT_STATUS_NO_MEMORY;
}
- session->compat_vuser->auth_ntlmssp_state = session->auth_ntlmssp_state;
+ session->compat_vuser->gensec_security = session->gensec_security;
session->compat_vuser->homes_snum = -1;
session->compat_vuser->session_info = session->session_info;
session->compat_vuser->session_keystr = NULL;
@@ -560,18 +560,18 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
data_blob_free(&secblob_in);
}
- if (session->auth_ntlmssp_state == NULL) {
+ if (session->gensec_security == NULL) {
status = auth_generic_prepare(session, session->sconn->remote_address,
- &session->auth_ntlmssp_state);
+ &session->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&auth);
TALLOC_FREE(session);
return status;
}
- gensec_want_feature(session->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY);
- status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_NTLMSSP);
if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&auth);
TALLOC_FREE(session);
@@ -579,14 +579,14 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
}
}
- status = gensec_update(session->auth_ntlmssp_state->gensec_security,
+ status = gensec_update(session->gensec_security,
talloc_tos(), NULL,
auth,
&auth_out);
/* If status is NT_STATUS_OK then we need to get the token.
* Map to guest is now internal to auth_ntlmssp */
if (NT_STATUS_IS_OK(status)) {
- status = gensec_session_info(session->auth_ntlmssp_state->gensec_security,
+ status = gensec_session_info(session->gensec_security,
session,
&session->session_info);
}
@@ -635,20 +635,20 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
*out_security_buffer = data_blob_null;
- if (session->auth_ntlmssp_state == NULL) {
+ if (session->gensec_security == NULL) {
status = auth_generic_prepare(session, session->sconn->remote_address,
- &session->auth_ntlmssp_state);
+ &session->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
return status;
}
- gensec_want_feature(session->auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ gensec_want_feature(session->gensec_security, GENSEC_FEATURE_SESSION_KEY);
if (session->sconn->use_gensec_hook) {
- status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_SPNEGO);
+ status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_SPNEGO);
} else {
- status = auth_generic_start(session->auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
+ status = gensec_start_mech_by_oid(session->gensec_security, GENSEC_OID_NTLMSSP);
}
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(session);
@@ -657,7 +657,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
}
/* RAW NTLMSSP */
- status = gensec_update(session->auth_ntlmssp_state->gensec_security,
+ status = gensec_update(session->gensec_security,
smb2req, NULL,
in_security_buffer,
out_security_buffer);
@@ -667,7 +667,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
return status;
}
- status = gensec_session_info(session->auth_ntlmssp_state->gensec_security,
+ status = gensec_session_info(session->gensec_security,
session,
&session->session_info);