summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-02 15:48:09 +1100
committerStefan Metzmacher <metze@samba.org>2012-01-18 16:23:22 +0100
commit5ddec1182ec378e4560f0d98604060fdc4b6f542 (patch)
tree1eaf362d0c128a7f63051e0710ed12294feb5167
parent0c1b4c232135ebdef58bb5e697dfc60ddbb358bc (diff)
downloadsamba-5ddec1182ec378e4560f0d98604060fdc4b6f542.tar.gz
samba-5ddec1182ec378e4560f0d98604060fdc4b6f542.tar.bz2
samba-5ddec1182ec378e4560f0d98604060fdc4b6f542.zip
s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/librpc/crypto/cli_spnego.c103
-rw-r--r--source3/librpc/crypto/spnego.h1
-rw-r--r--source3/librpc/rpc/dcerpc_helpers.c4
-rw-r--r--source3/rpc_server/dcesrv_spnego.c15
-rw-r--r--source3/rpc_server/srv_pipe.c5
5 files changed, 32 insertions, 96 deletions
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 0a4bd18b22..dfc31b2d52 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -273,31 +273,13 @@ bool spnego_require_more_processing(struct spnego_context *sp_ctx)
return true;
}
- /* otherwise see if underlying mechnism does */
- switch (sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- return sp_ctx->more_processing;
- default:
- DEBUG(0, ("Unsupported type in request!\n"));
- return false;
- }
+ return sp_ctx->more_processing;
}
NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
- enum spnego_mech *type,
struct gensec_security **auth_context)
{
- switch (sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- *auth_context = sp_ctx->mech_ctx.gensec_security;
- break;
- default:
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- *type = sp_ctx->mech;
+ *auth_context = sp_ctx->mech_ctx.gensec_security;
return NT_STATUS_OK;
}
@@ -306,18 +288,11 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
{
DATA_BLOB sk;
NTSTATUS status;
- switch (sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk);
- if (!NT_STATUS_IS_OK(status)) {
- return data_blob_null;
- }
- return sk;
- default:
- DEBUG(0, ("Unsupported type in request!\n"));
+ status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk);
+ if (!NT_STATUS_IS_OK(status)) {
return data_blob_null;
}
+ return sk;
}
NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
@@ -325,18 +300,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
DATA_BLOB *data, DATA_BLOB *full_data,
DATA_BLOB *signature)
{
- switch(sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- return gensec_sign_packet(
- sp_ctx->mech_ctx.gensec_security,
- mem_ctx,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
+ return gensec_sign_packet(
+ sp_ctx->mech_ctx.gensec_security,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
}
NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
@@ -344,17 +313,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
DATA_BLOB *data, DATA_BLOB *full_data,
DATA_BLOB *signature)
{
- switch(sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- return gensec_check_packet(
- sp_ctx->mech_ctx.gensec_security,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
+ return gensec_check_packet(
+ sp_ctx->mech_ctx.gensec_security,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
}
NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
@@ -362,18 +325,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
DATA_BLOB *data, DATA_BLOB *full_data,
DATA_BLOB *signature)
{
- switch(sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- return gensec_seal_packet(
- sp_ctx->mech_ctx.gensec_security,
- mem_ctx,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
+ return gensec_seal_packet(
+ sp_ctx->mech_ctx.gensec_security,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
}
NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
@@ -381,15 +338,9 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
DATA_BLOB *data, DATA_BLOB *full_data,
DATA_BLOB *signature)
{
- switch(sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- return gensec_unseal_packet(
- sp_ctx->mech_ctx.gensec_security,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
- default:
- return NT_STATUS_INVALID_PARAMETER;
- }
+ return gensec_unseal_packet(
+ sp_ctx->mech_ctx.gensec_security,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
}
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h
index 57396a63c5..5a63a7f9c4 100644
--- a/source3/librpc/crypto/spnego.h
+++ b/source3/librpc/crypto/spnego.h
@@ -72,7 +72,6 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
bool spnego_require_more_processing(struct spnego_context *sp_ctx);
NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
- enum spnego_mech *type,
struct gensec_security **auth_context);
DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index ed0e0fe932..5a50f2b24a 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -268,7 +268,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
struct gensec_security *gensec_security;
struct schannel_state *schannel_auth;
struct spnego_context *spnego_ctx;
- enum spnego_mech auth_type;
NTSTATUS status;
/* no auth token cases first */
@@ -303,8 +302,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
case DCERPC_AUTH_TYPE_SPNEGO:
spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
struct spnego_context);
- status = spnego_get_negotiated_mech(spnego_ctx,
- &auth_type, &gensec_security);
+ status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c
index 1bea2321ef..0a6b3b8512 100644
--- a/source3/rpc_server/dcesrv_spnego.c
+++ b/source3/rpc_server/dcesrv_spnego.c
@@ -136,18 +136,9 @@ NTSTATUS spnego_server_step(struct spnego_context *sp_ctx,
case SPNEGO_CONV_AUTH_MORE:
- switch(sp_ctx->mech) {
- case SPNEGO_KRB5:
- case SPNEGO_NTLMSSP:
- status = auth_generic_server_step(
- sp_ctx->mech_ctx.gensec_security,
- mem_ctx, &token_in, &token_out);
- break;
- default:
- status = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
-
+ status = auth_generic_server_step(
+ sp_ctx->mech_ctx.gensec_security,
+ mem_ctx, &token_in, &token_out);
break;
case SPNEGO_CONV_AUTH_DONE:
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 18389b42e0..8731a28d82 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -678,10 +678,8 @@ static bool pipe_auth_generic_verify_final(TALLOC_CTX *mem_ctx,
static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
{
- enum spnego_mech auth_type;
struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx;
- void *mech_ctx;
NTSTATUS status;
switch (p->auth.auth_type) {
@@ -698,8 +696,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
case DCERPC_AUTH_TYPE_SPNEGO:
spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx,
struct spnego_context);
- status = spnego_get_negotiated_mech(spnego_ctx,
- &auth_type, &gensec_security);
+ status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Bad SPNEGO state (%s)\n",
nt_errstr(status)));