diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-10-18 21:27:39 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-10-21 08:43:23 +0200 |
commit | bd29f79463009ff7383cb17a3f766fddcdb1f302 (patch) | |
tree | 5caa60eb360bd3c3819cc03a7f17d02da8c10069 /source3 | |
parent | 487545d48fc0625aab20aa8f46897e2bd622554f (diff) | |
download | samba-bd29f79463009ff7383cb17a3f766fddcdb1f302.tar.gz samba-bd29f79463009ff7383cb17a3f766fddcdb1f302.tar.bz2 samba-bd29f79463009ff7383cb17a3f766fddcdb1f302.zip |
s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet
This avoids the indirection via the auth_ntlmsssp wrapper functions.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/ntlmssp_wrap.h | 26 | ||||
-rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 44 | ||||
-rw-r--r-- | source3/librpc/rpc/dcerpc_helpers.c | 57 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_wrap.c | 46 | ||||
-rw-r--r-- | source3/libsmb/smb_seal.c | 7 |
5 files changed, 55 insertions, 125 deletions
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index a2c4f7a6be..f58e63e85e 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -34,32 +34,6 @@ struct auth_ntlmssp_state { struct gensec_security *gensec_security; }; -NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans, - TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - DATA_BLOB *sig); -NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans, - const uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - const DATA_BLOB *sig); -NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans, - TALLOC_CTX *sig_mem_ctx, - uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - DATA_BLOB *sig); -NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans, - uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - const DATA_BLOB *sig); NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans, const char *user); NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans, diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index db03fdc852..1320a95216 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -354,12 +354,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx, sp_ctx->mech_ctx.gssapi_state, data, signature); case SPNEGO_NTLMSSP: - return auth_ntlmssp_sign_packet( - sp_ctx->mech_ctx.ntlmssp_state, - mem_ctx, - data->data, data->length, - full_data->data, full_data->length, - signature); + return gensec_sign_packet( + sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); default: return NT_STATUS_INVALID_PARAMETER; } @@ -376,11 +376,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx, sp_ctx->mech_ctx.gssapi_state, data, signature); case SPNEGO_NTLMSSP: - return auth_ntlmssp_check_packet( - sp_ctx->mech_ctx.ntlmssp_state, - data->data, data->length, - full_data->data, full_data->length, - signature); + return gensec_check_packet( + sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + data->data, data->length, + full_data->data, full_data->length, + signature); default: return NT_STATUS_INVALID_PARAMETER; } @@ -397,12 +397,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx, sp_ctx->mech_ctx.gssapi_state, data, signature); case SPNEGO_NTLMSSP: - return auth_ntlmssp_seal_packet( - sp_ctx->mech_ctx.ntlmssp_state, - mem_ctx, - data->data, data->length, - full_data->data, full_data->length, - signature); + return gensec_seal_packet( + sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + mem_ctx, + data->data, data->length, + full_data->data, full_data->length, + signature); default: return NT_STATUS_INVALID_PARAMETER; } @@ -419,11 +419,11 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx, sp_ctx->mech_ctx.gssapi_state, data, signature); case SPNEGO_NTLMSSP: - return auth_ntlmssp_unseal_packet( - sp_ctx->mech_ctx.ntlmssp_state, - data->data, data->length, - full_data->data, full_data->length, - signature); + return gensec_unseal_packet( + sp_ctx->mech_ctx.ntlmssp_state->gensec_security, + data->data, data->length, + full_data->data, full_data->length, + signature); default: return NT_STATUS_INVALID_PARAMETER; } diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 32dbfdfe48..dc3b570a6c 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -28,6 +28,7 @@ #include "ntlmssp_wrap.h" #include "librpc/crypto/gse.h" #include "librpc/crypto/spnego.h" +#include "auth/gensec/gensec.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_PARSE @@ -395,14 +396,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, switch (auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ - status = auth_ntlmssp_seal_packet(auth_state, - rpc_out->data, - rpc_out->data - + DCERPC_RESPONSE_LENGTH, - data_and_pad_len, - rpc_out->data, - rpc_out->length, - &auth_blob); + status = gensec_seal_packet(auth_state->gensec_security, + rpc_out->data, + rpc_out->data + + DCERPC_RESPONSE_LENGTH, + data_and_pad_len, + rpc_out->data, + rpc_out->length, + &auth_blob); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -410,14 +411,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ - status = auth_ntlmssp_sign_packet(auth_state, - rpc_out->data, - rpc_out->data - + DCERPC_RESPONSE_LENGTH, - data_and_pad_len, - rpc_out->data, - rpc_out->length, - &auth_blob); + status = gensec_sign_packet(auth_state->gensec_security, + rpc_out->data, + rpc_out->data + + DCERPC_RESPONSE_LENGTH, + data_and_pad_len, + rpc_out->data, + rpc_out->length, + &auth_blob); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -454,21 +455,21 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, switch (auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: /* Data portion is encrypted. */ - return auth_ntlmssp_unseal_packet(auth_state, - data->data, - data->length, - full_pkt->data, - full_pkt->length, - auth_token); + return gensec_unseal_packet(auth_state->gensec_security, + data->data, + data->length, + full_pkt->data, + full_pkt->length, + auth_token); case DCERPC_AUTH_LEVEL_INTEGRITY: /* Data is signed. */ - return auth_ntlmssp_check_packet(auth_state, - data->data, - data->length, - full_pkt->data, - full_pkt->length, - auth_token); + return gensec_check_packet(auth_state->gensec_security, + data->data, + data->length, + full_pkt->data, + full_pkt->length, + auth_token); default: return NT_STATUS_INVALID_PARAMETER; diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c index e18a60b730..a470444054 100644 --- a/source3/libsmb/ntlmssp_wrap.c +++ b/source3/libsmb/ntlmssp_wrap.c @@ -26,52 +26,6 @@ #include "librpc/rpc/dcerpc.h" #include "lib/param/param.h" -NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans, - TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - DATA_BLOB *sig) -{ - return gensec_sign_packet(ans->gensec_security, - sig_mem_ctx, data, length, whole_pdu, pdu_length, sig); -} - -NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans, - const uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - const DATA_BLOB *sig) -{ - return gensec_check_packet(ans->gensec_security, - data, length, whole_pdu, pdu_length, sig); -} - -NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans, - TALLOC_CTX *sig_mem_ctx, - uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - DATA_BLOB *sig) -{ - return gensec_seal_packet(ans->gensec_security, - sig_mem_ctx, data, length, whole_pdu, pdu_length, sig); -} - -NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans, - uint8_t *data, - size_t length, - const uint8_t *whole_pdu, - size_t pdu_length, - const DATA_BLOB *sig) -{ - return gensec_unseal_packet(ans->gensec_security, - data, length, whole_pdu, pdu_length, sig); -} - NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans, const char *user) { diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 950f3e3822..f767f16be5 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -23,6 +23,7 @@ #include "libsmb/libsmb.h" #include "ntlmssp_wrap.h" #include "libcli/auth/krb5_wrap.h" +#include "auth/gensec/gensec.h" #undef malloc @@ -99,7 +100,7 @@ static NTSTATUS common_ntlm_decrypt_buffer(struct auth_ntlmssp_state *auth_ntlms /* Point at the signature. */ sig = data_blob_const(inbuf+8, NTLMSSP_SIG_SIZE); - status = auth_ntlmssp_unseal_packet(auth_ntlmssp_state, + status = gensec_unseal_packet(auth_ntlmssp_state->gensec_security, (unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'E' <enc> <ctx> */ data_len, (unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, @@ -163,8 +164,8 @@ static NTSTATUS common_ntlm_encrypt_buffer(struct auth_ntlmssp_state *auth_ntlms ZERO_STRUCT(sig); - status = auth_ntlmssp_seal_packet(auth_ntlmssp_state, - frame, + status = gensec_seal_packet(auth_ntlmssp_state->gensec_security, + frame, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' <enc> <ctx> */ data_len, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, |