summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-05-25 15:34:06 +1000
committerGünther Deschner <gd@samba.org>2010-05-31 15:10:33 +0200
commit3b706865f6bae7a2b04590da160bda939a3bafe5 (patch)
tree5b4f94158d44524bd2115a5cea4063dd278796ee /source3/rpc_server
parenta950c6c60097af750d4348cb096fdacb342e9e71 (diff)
downloadsamba-3b706865f6bae7a2b04590da160bda939a3bafe5.tar.gz
samba-3b706865f6bae7a2b04590da160bda939a3bafe5.tar.bz2
samba-3b706865f6bae7a2b04590da160bda939a3bafe5.zip
s3:auth Make AUTH_NTLMSSP_STATE a private structure.
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c53
1 files changed, 27 insertions, 26 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 272b5360ad..bd09386dc0 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -225,8 +225,8 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
switch (p->auth.auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- status = ntlmssp_seal_packet(
- a->ntlmssp_state,
+ status = auth_ntlmssp_seal_packet(
+ a,
(uint8_t *)prs_data_p(&p->out_data.frag)
+ RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_len + ss_padding_len,
@@ -241,8 +241,8 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = ntlmssp_sign_packet(
- a->ntlmssp_state,
+ status = auth_ntlmssp_sign_packet(
+ a,
(unsigned char *)prs_data_p(&p->out_data.frag)
+ RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_len + ss_padding_len,
@@ -684,7 +684,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
refuse the bind. */
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+ if (!auth_ntlmssp_negotiated_sign(a)) {
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
"but client declined signing.\n",
get_pipe_name_from_syntax(talloc_tos(),
@@ -693,7 +693,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
}
}
if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+ if (!auth_ntlmssp_negotiated_seal(a)) {
DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
"but client declined sealing.\n",
get_pipe_name_from_syntax(talloc_tos(),
@@ -703,23 +703,24 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
}
DEBUG(5, ("pipe_ntlmssp_verify_final: OK: user: %s domain: %s "
- "workstation: %s\n", a->ntlmssp_state->user,
- a->ntlmssp_state->domain,
- a->ntlmssp_state->client.netbios_name));
-
- if (a->server_info->ptok == NULL) {
- DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
- return False;
- }
+ "workstation: %s\n",
+ auth_ntlmssp_get_username(a),
+ auth_ntlmssp_get_domain(a),
+ auth_ntlmssp_get_client(a)));
TALLOC_FREE(p->server_info);
- p->server_info = copy_serverinfo(p, a->server_info);
+ p->server_info = auth_ntlmssp_server_info(p, a);
if (p->server_info == NULL) {
- DEBUG(0, ("copy_serverinfo failed\n"));
+ DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n"));
return false;
}
+ if (p->server_info->ptok == NULL) {
+ DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
+ return False;
+ }
+
/*
* We're an authenticated bind over smb, so the session key needs to
* be set to "SystemLibraryDTC". Weird, but this is what Windows
@@ -2324,22 +2325,22 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
switch (p->auth.auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
- *pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
- data, data_len,
- full_packet_data,
- full_packet_data_len,
- &auth_blob);
+ *pstatus = auth_ntlmssp_unseal_packet(a,
+ data, data_len,
+ full_packet_data,
+ full_packet_data_len,
+ &auth_blob);
if (!NT_STATUS_IS_OK(*pstatus)) {
return False;
}
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- *pstatus = ntlmssp_check_packet(a->ntlmssp_state,
- data, data_len,
- full_packet_data,
- full_packet_data_len,
- &auth_blob);
+ *pstatus = auth_ntlmssp_check_packet(a,
+ data, data_len,
+ full_packet_data,
+ full_packet_data_len,
+ &auth_blob);
if (!NT_STATUS_IS_OK(*pstatus)) {
return False;
}