s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code

We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

3 files changed, 35 insertions, 32 deletions

diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index c81b424af3..fce2de3f06 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -92,6 +92,7 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
 				    struct spnego_context **spnego_ctx)
 {
 	struct spnego_context *sp_ctx = NULL;
+	struct auth_ntlmssp_state *auth_ntlmssp_state;
 	NTSTATUS status;
 
 	status = spnego_context_init(mem_ctx, do_sign, do_seal, &sp_ctx);
@@ -101,27 +102,27 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
 	sp_ctx->mech = SPNEGO_NTLMSSP;
 
 	status = auth_ntlmssp_client_prepare(sp_ctx,
-					&sp_ctx->mech_ctx.ntlmssp_state);
+					&auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(sp_ctx);
 		return status;
 	}
 
-	status = auth_ntlmssp_set_username(sp_ctx->mech_ctx.ntlmssp_state,
+	status = auth_ntlmssp_set_username(auth_ntlmssp_state,
 					   username);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(sp_ctx);
 		return status;
 	}
 
-	status = auth_ntlmssp_set_domain(sp_ctx->mech_ctx.ntlmssp_state,
+	status = auth_ntlmssp_set_domain(auth_ntlmssp_state,
 					 domain);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(sp_ctx);
 		return status;
 	}
 
-	status = auth_ntlmssp_set_password(sp_ctx->mech_ctx.ntlmssp_state,
+	status = auth_ntlmssp_set_password(auth_ntlmssp_state,
 					   password);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(sp_ctx);
@@ -129,19 +130,21 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
 	}
 
 	if (do_sign) {
-		gensec_want_feature(sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+		gensec_want_feature(auth_ntlmssp_state->gensec_security,
 					  GENSEC_FEATURE_SIGN);
 	} else if (do_seal) {
-		gensec_want_feature(sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+		gensec_want_feature(auth_ntlmssp_state->gensec_security,
 					  GENSEC_FEATURE_SEAL);
 	}
 
-	status = auth_ntlmssp_client_start(sp_ctx->mech_ctx.ntlmssp_state);
+	status = auth_ntlmssp_client_start(auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(sp_ctx);
 		return status;
 	}
 
+	sp_ctx->mech_ctx.gensec_security = talloc_move(sp_ctx, &auth_ntlmssp_state->gensec_security);
+	TALLOC_FREE(auth_ntlmssp_state);
 	*spnego_ctx = sp_ctx;
 	return NT_STATUS_OK;
 }
@@ -152,7 +155,7 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
 				      DATA_BLOB *spnego_out)
 {
 	struct gse_context *gse_ctx;
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct spnego_data sp_in, sp_out;
 	DATA_BLOB token_in = data_blob_null;
 	DATA_BLOB token_out = data_blob_null;
@@ -213,8 +216,8 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
 
 	case SPNEGO_NTLMSSP:
 
-		ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state;
-		status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL,
+		gensec_security = sp_ctx->mech_ctx.gensec_security;
+		status = gensec_update(gensec_security, mem_ctx, NULL,
 				       token_in, &token_out);
 		if (NT_STATUS_EQUAL(status,
 				    NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -317,7 +320,7 @@ NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
 		*auth_context = sp_ctx->mech_ctx.gssapi_state;
 		break;
 	case SPNEGO_NTLMSSP:
-		*auth_context = sp_ctx->mech_ctx.ntlmssp_state;
+		*auth_context = sp_ctx->mech_ctx.gensec_security;
 		break;
 	default:
 		return NT_STATUS_INTERNAL_ERROR;
@@ -337,7 +340,7 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
 		return gse_get_session_key(mem_ctx,
 					   sp_ctx->mech_ctx.gssapi_state);
 	case SPNEGO_NTLMSSP:
-		status = gensec_session_key(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, mem_ctx, &sk);
+		status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk);
 		if (!NT_STATUS_IS_OK(status)) {
 			return data_blob_null;
 		}
@@ -360,7 +363,7 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
 				data, signature);
 	case SPNEGO_NTLMSSP:
 		return gensec_sign_packet(
-			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			sp_ctx->mech_ctx.gensec_security,
 			mem_ctx,
 			data->data, data->length,
 			full_data->data, full_data->length,
@@ -382,7 +385,7 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
 				    data, signature);
 	case SPNEGO_NTLMSSP:
 		return gensec_check_packet(
-			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			sp_ctx->mech_ctx.gensec_security,
 			data->data, data->length,
 			full_data->data, full_data->length,
 			signature);
@@ -403,7 +406,7 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
 				data, signature);
 	case SPNEGO_NTLMSSP:
 		return gensec_seal_packet(
-			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			sp_ctx->mech_ctx.gensec_security,
 			mem_ctx,
 			data->data, data->length,
 			full_data->data, full_data->length,
@@ -425,7 +428,7 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
 				    data, signature);
 	case SPNEGO_NTLMSSP:
 		return gensec_unseal_packet(
-			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			sp_ctx->mech_ctx.gensec_security,
 			data->data, data->length,
 			full_data->data, full_data->length,
 			signature);
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h
index 5e1a79b2af..2605169bb0 100644
--- a/source3/librpc/crypto/spnego.h
+++ b/source3/librpc/crypto/spnego.h
@@ -30,7 +30,7 @@ struct spnego_context {
 	enum spnego_mech mech;
 
 	union {
-		struct auth_ntlmssp_state *ntlmssp_state;
+		struct gensec_security *gensec_security;
 		struct gse_context *gssapi_state;
 	} mech_ctx;
 
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index dc3b570a6c..206443434f 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -379,7 +379,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
  Create and add the NTLMSSP sign/seal auth data.
  ********************************************************************/
 
-static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
+static NTSTATUS add_ntlmssp_auth_footer(struct gensec_security *gensec_security,
 					enum dcerpc_AuthLevel auth_level,
 					DATA_BLOB *rpc_out)
 {
@@ -389,14 +389,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 	DATA_BLOB auth_blob;
 	NTSTATUS status;
 
-	if (!auth_state) {
+	if (!gensec_security) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	switch (auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
-		status = gensec_seal_packet(auth_state->gensec_security,
+		status = gensec_seal_packet(gensec_security,
 					    rpc_out->data,
 					    rpc_out->data
 					    + DCERPC_RESPONSE_LENGTH,
@@ -411,7 +411,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		/* Data is signed. */
-		status = gensec_sign_packet(auth_state->gensec_security,
+		status = gensec_sign_packet(gensec_security,
 					    rpc_out->data,
 					    rpc_out->data
 					    + DCERPC_RESPONSE_LENGTH,
@@ -447,7 +447,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
  Check/unseal the NTLMSSP auth data. (Unseal in place).
  ********************************************************************/
 
-static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
+static NTSTATUS get_ntlmssp_auth_footer(struct gensec_security *gensec_security,
 					enum dcerpc_AuthLevel auth_level,
 					DATA_BLOB *data, DATA_BLOB *full_pkt,
 					DATA_BLOB *auth_token)
@@ -455,7 +455,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 	switch (auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
-		return gensec_unseal_packet(auth_state->gensec_security,
+		return gensec_unseal_packet(gensec_security,
 					    data->data,
 					    data->length,
 					    full_pkt->data,
@@ -464,7 +464,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		/* Data is signed. */
-		return gensec_check_packet(auth_state->gensec_security,
+		return gensec_check_packet(gensec_security,
 					   data->data,
 					   data->length,
 					   full_pkt->data,
@@ -747,7 +747,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
 				size_t pad_len, DATA_BLOB *rpc_out)
 {
 	struct schannel_state *schannel_auth;
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct spnego_context *spnego_ctx;
 	struct gse_context *gse_ctx;
 	char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
@@ -804,9 +804,9 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
 						auth->auth_level, rpc_out);
 		break;
 	case DCERPC_AUTH_TYPE_NTLMSSP:
-		ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx,
-						struct auth_ntlmssp_state);
-		status = add_ntlmssp_auth_footer(ntlmssp_ctx,
+		gensec_security = talloc_get_type_abort(auth->auth_ctx,
+						struct gensec_security);
+		status = add_ntlmssp_auth_footer(gensec_security,
 						 auth->auth_level,
 						 rpc_out);
 		break;
@@ -852,7 +852,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
 			   size_t *pad_len)
 {
 	struct schannel_state *schannel_auth;
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct spnego_context *spnego_ctx;
 	struct gse_context *gse_ctx;
 	NTSTATUS status;
@@ -936,9 +936,9 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
 
 		DEBUG(10, ("NTLMSSP auth\n"));
 
-		ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx,
-						struct auth_ntlmssp_state);
-		status = get_ntlmssp_auth_footer(ntlmssp_ctx,
+		gensec_security = talloc_get_type_abort(auth->auth_ctx,
+						struct gensec_security);
+		status = get_ntlmssp_auth_footer(gensec_security,
 						 auth->auth_level,
 						 &data, &full_pkt,
 						 &auth_info.credentials);