- modified the dcerpc client security code to be generic, so ntlmssp

  and schannel are both instances of possible security modules

- added schannel sign and sign/seal support to the dcerpc client
  code. You select it with binding options of "schannel,sign" or
  "schannel,seal".
(This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)

1 files changed, 21 insertions, 21 deletions

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index d00f2c2986..8987cead92 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -42,7 +42,7 @@ struct dcerpc_pipe *dcerpc_pipe_init(void)
 	p->mem_ctx = mem_ctx;
 	p->call_id = 1;
 	p->auth_info = NULL;
-	p->ntlmssp_state = NULL;
+	p->security_state = NULL;
 	p->flags = 0;
 	p->srv_max_xmit_frag = 0;
 	p->srv_max_recv_frag = 0;
@@ -56,8 +56,8 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p)
 	if (!p) return;
 	p->reference_count--;
 	if (p->reference_count <= 0) {
-		if (p->ntlmssp_state) {
-			ntlmssp_end(&p->ntlmssp_state);
+		if (p->security_state) {
+			p->security_state->security_end(p->security_state);
 		}
 		p->transport.shutdown_pipe(p);
 		talloc_destroy(p->mem_ctx);
@@ -128,7 +128,7 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p,
 	DATA_BLOB auth_blob;
 
 	/* non-signed packets are simpler */
-	if (!p->auth_info || !p->ntlmssp_state) {
+	if (!p->auth_info || !p->security_state) {
 		return dcerpc_pull(blob, mem_ctx, pkt);
 	}
 
@@ -182,17 +182,17 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p,
 	/* check signature or unseal the packet */
 	switch (p->auth_info->auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
-		status = ntlmssp_unseal_packet(p->ntlmssp_state, 
-					       pkt->u.response.stub_and_verifier.data, 
-					       pkt->u.response.stub_and_verifier.length, 
-					       &auth.credentials);
+		status = p->security_state->unseal_packet(p->security_state, 
+							  pkt->u.response.stub_and_verifier.data, 
+							  pkt->u.response.stub_and_verifier.length, 
+							  &auth.credentials);
 		break;
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
-		status = ntlmssp_check_packet(p->ntlmssp_state, 
-					      pkt->u.response.stub_and_verifier.data, 
-					      pkt->u.response.stub_and_verifier.length, 
-					      &auth.credentials);
+		status = p->security_state->check_packet(p->security_state, 
+							 pkt->u.response.stub_and_verifier.data, 
+							 pkt->u.response.stub_and_verifier.length, 
+							 &auth.credentials);
 		break;
 
 	case DCERPC_AUTH_LEVEL_NONE:
@@ -224,7 +224,7 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
 	struct ndr_push *ndr;
 
 	/* non-signed packets are simpler */
-	if (!p->auth_info || !p->ntlmssp_state) {
+	if (!p->auth_info || !p->security_state) {
 		return dcerpc_push_auth(blob, mem_ctx, pkt, p->auth_info);
 	}
 
@@ -249,17 +249,17 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
 	/* sign or seal the packet */
 	switch (p->auth_info->auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
-		status = ntlmssp_seal_packet(p->ntlmssp_state, 
-					     ndr->data + DCERPC_REQUEST_LENGTH, 
-					     ndr->offset - DCERPC_REQUEST_LENGTH,
-					     &p->auth_info->credentials);
+		status = p->security_state->seal_packet(p->security_state, 
+							ndr->data + DCERPC_REQUEST_LENGTH, 
+							ndr->offset - DCERPC_REQUEST_LENGTH,
+							&p->auth_info->credentials);
 		break;
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
-		status = ntlmssp_sign_packet(p->ntlmssp_state, 
-					     ndr->data + DCERPC_REQUEST_LENGTH, 
-					     ndr->offset - DCERPC_REQUEST_LENGTH,
-					     &p->auth_info->credentials);
+		status = p->security_state->sign_packet(p->security_state, 
+							ndr->data + DCERPC_REQUEST_LENGTH, 
+							ndr->offset - DCERPC_REQUEST_LENGTH,
+							&p->auth_info->credentials);
 		break;
 
 	case DCERPC_AUTH_LEVEL_NONE: