diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-06-20 00:58:09 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:44 -0500 |
| commit | be081037e09bb78c0308cd6c7a5d7ae563678b7c (patch) | |
| tree | 4bdabbe93653433e696d4abc4ac3b2991e59aed6 /source4/librpc/rpc/dcerpc.c | |
| parent | 8cb41badd4349b7d9d78ff8e25143929522e4749 (diff) | |
| download | samba-be081037e09bb78c0308cd6c7a5d7ae563678b7c.tar.gz samba-be081037e09bb78c0308cd6c7a5d7ae563678b7c.tar.bz2 samba-be081037e09bb78c0308cd6c7a5d7ae563678b7c.zip | |
r1200: Add 'gensec', our generic security layer.
This layer is used for DCERPC security, as well as ntlm_auth at this
time. It expect things like SASL and the CIFS layer to use it as
well.
The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.
Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.
Andrew Bartlett
(This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)
Diffstat (limited to 'source4/librpc/rpc/dcerpc.c')
| -rw-r--r-- | source4/librpc/rpc/dcerpc.c | 58 |
1 files changed, 31 insertions, 27 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 82b6fa9a4e..5d5469da7f 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -42,9 +42,9 @@ struct dcerpc_pipe *dcerpc_pipe_init(void) p->mem_ctx = mem_ctx; p->call_id = 1; p->security_state.auth_info = NULL; - ZERO_STRUCT(p->security_state.user); - p->security_state.private_data = NULL; - p->security_state.ops = NULL; + ZERO_STRUCT(p->security_state.generic_state.user); + p->security_state.generic_state.private_data = NULL; + p->security_state.generic_state.ops = NULL; p->binding_string = NULL; p->flags = 0; p->srv_max_xmit_frag = 0; @@ -60,8 +60,8 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p) if (!p) return; p->reference_count--; if (p->reference_count <= 0) { - if (p->security_state.ops) { - p->security_state.ops->end(&p->security_state); + if (p->security_state.generic_state.ops) { + p->security_state.generic_state.ops->end(&p->security_state.generic_state); } p->transport.shutdown_pipe(p); talloc_destroy(p->mem_ctx); @@ -132,7 +132,7 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p, DATA_BLOB auth_blob; /* non-signed packets are simpler */ - if (!p->security_state.auth_info || !p->security_state.ops) { + if (!p->security_state.auth_info || !p->security_state.generic_state.ops) { return dcerpc_pull(blob, mem_ctx, pkt); } @@ -186,19 +186,21 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p, /* check signature or unseal the packet */ switch (p->security_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = p->security_state.ops->unseal(&p->security_state, - mem_ctx, - pkt->u.response.stub_and_verifier.data, - pkt->u.response.stub_and_verifier.length, - &auth.credentials); + status = p->security_state + .generic_state.ops->unseal(&p->security_state.generic_state, + mem_ctx, + pkt->u.response.stub_and_verifier.data, + pkt->u.response.stub_and_verifier.length, + &auth.credentials); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = p->security_state.ops->check_sig(&p->security_state, - mem_ctx, - pkt->u.response.stub_and_verifier.data, - pkt->u.response.stub_and_verifier.length, - &auth.credentials); + status = p->security_state + .generic_state.ops->check_sig(&p->security_state.generic_state, + mem_ctx, + pkt->u.response.stub_and_verifier.data, + pkt->u.response.stub_and_verifier.length, + &auth.credentials); break; case DCERPC_AUTH_LEVEL_NONE: @@ -230,7 +232,7 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p, struct ndr_push *ndr; /* non-signed packets are simpler */ - if (!p->security_state.auth_info || !p->security_state.ops) { + if (!p->security_state.auth_info || !p->security_state.generic_state.ops) { return dcerpc_push_auth(blob, mem_ctx, pkt, p->security_state.auth_info); } @@ -255,19 +257,21 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p, /* sign or seal the packet */ switch (p->security_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = p->security_state.ops->seal(&p->security_state, - mem_ctx, - ndr->data + DCERPC_REQUEST_LENGTH, - ndr->offset - DCERPC_REQUEST_LENGTH, - &p->security_state.auth_info->credentials); + status = p->security_state + .generic_state.ops->seal(&p->security_state.generic_state, + mem_ctx, + ndr->data + DCERPC_REQUEST_LENGTH, + ndr->offset - DCERPC_REQUEST_LENGTH, + &p->security_state.auth_info->credentials); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = p->security_state.ops->sign(&p->security_state, - mem_ctx, - ndr->data + DCERPC_REQUEST_LENGTH, - ndr->offset - DCERPC_REQUEST_LENGTH, - &p->security_state.auth_info->credentials); + status = p->security_state + .generic_state.ops->sign(&p->security_state.generic_state, + mem_ctx, + ndr->data + DCERPC_REQUEST_LENGTH, + ndr->offset - DCERPC_REQUEST_LENGTH, + &p->security_state.auth_info->credentials); break; case DCERPC_AUTH_LEVEL_NONE: |