r1068: make the dcerpc client side auth/crypto code much more generic

metze
(This used to be commit 1706ff88a72c6578a109c2cf24f2f009812c3892)

1 files changed, 71 insertions, 107 deletions

diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index db707be1b5..2cfecd939f 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -25,174 +25,138 @@
 /*
   wrappers for the ntlmssp_*() functions
 */
-static NTSTATUS ntlm_unseal_packet(struct dcerpc_security *dcerpc_security, 
+static NTSTATUS dcerpc_ntlmssp_unseal(struct dcerpc_security *dcerpc_security, 
 				   TALLOC_CTX *mem_ctx, 
 				   uint8_t *data, size_t length, DATA_BLOB *sig)
 {
-	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
 	return ntlmssp_unseal_packet(ntlmssp_state, mem_ctx, data, length, sig);
 }
 
-static NTSTATUS ntlm_check_packet(struct dcerpc_security *dcerpc_security, 
+static NTSTATUS dcerpc_ntlmssp_check_sig(struct dcerpc_security *dcerpc_security, 
 				  TALLOC_CTX *mem_ctx, 
 				  const uint8_t *data, size_t length, 
 				  const DATA_BLOB *sig)
 {
-	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
 	return ntlmssp_check_packet(ntlmssp_state, mem_ctx, data, length, sig);
 }
 
-static NTSTATUS ntlm_seal_packet(struct dcerpc_security *dcerpc_security, 
+static NTSTATUS dcerpc_ntlmssp_seal(struct dcerpc_security *dcerpc_security, 
 				 TALLOC_CTX *mem_ctx, 
 				 uint8_t *data, size_t length, 
 				 DATA_BLOB *sig)
 {
-	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
 	return ntlmssp_seal_packet(ntlmssp_state, mem_ctx, data, length, sig);
 }
 
-static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security, 
+static NTSTATUS dcerpc_ntlmssp_sign(struct dcerpc_security *dcerpc_security, 
 				 TALLOC_CTX *mem_ctx, 
 				 const uint8_t *data, size_t length, 
 				 DATA_BLOB *sig)
 {
-	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
 	return ntlmssp_sign_packet(ntlmssp_state, mem_ctx, data, length, sig);
 }
 
-static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, 
+static NTSTATUS dcerpc_ntlmssp_session_key(struct dcerpc_security *dcerpc_security, 
 				 DATA_BLOB *session_key)
 {
-	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
+
 	if (!ntlmssp_state->session_key.data) {
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 	*session_key = ntlmssp_state->session_key;
-	return NT_STATUS_OK;
-}
 
-static void ntlm_security_end(struct dcerpc_security *dcerpc_security)
-{
-	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
-	ntlmssp_end(&ntlmssp_state);
+	return NT_STATUS_OK;
 }
 
-
-
-/*
-  do ntlm style authentication on a dcerpc pipe
-*/
-NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
-			       const char *uuid, uint_t version,
-			       const char *domain,
-			       const char *username,
-			       const char *password)
+static NTSTATUS dcerpc_ntlmssp_start(struct dcerpc_pipe *dce_pipe, struct dcerpc_security *dcerpc_security)
 {
+	struct ntlmssp_state *ntlmssp_state = NULL;
 	NTSTATUS status;
-	struct ntlmssp_state *state;
-	TALLOC_CTX *mem_ctx;
-	DATA_BLOB credentials;
-
-	mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
-	if (!mem_ctx) {
-		return NT_STATUS_NO_MEMORY;
-	}
 
-	status = ntlmssp_client_start(&state);
+	status = ntlmssp_client_start(&ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
 
-	status = ntlmssp_set_domain(state, domain);
+	status = ntlmssp_set_domain(ntlmssp_state, dcerpc_security->user.domain);
 	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
+		return status;
 	}
 	
-	status = ntlmssp_set_username(state, username);
+	status = ntlmssp_set_username(ntlmssp_state, dcerpc_security->user.name);
 	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
+		return status;
 	}
 
-	status = ntlmssp_set_password(state, password);
+	status = ntlmssp_set_password(ntlmssp_state, dcerpc_security->user.password);
 	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	p->auth_info = talloc(p->mem_ctx, sizeof(*p->auth_info));
-	if (!p->auth_info) {
-		status = NT_STATUS_NO_MEMORY;
-		goto done;
+		return status;
 	}
-
-	p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
 	
-	if (p->flags & DCERPC_SEAL) {
-		p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
-		state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL;
-	} else {
-		/* ntlmssp does not work on dcerpc with
-		   AUTH_LEVEL_NONE */
-		state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-		p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
-	}
-	p->auth_info->auth_pad_length = 0;
-	p->auth_info->auth_reserved = 0;
-	p->auth_info->auth_context_id = random();
-	p->auth_info->credentials = data_blob(NULL, 0);
-	p->security_state = NULL;
-
-	status = ntlmssp_update(state, mem_ctx,
-				p->auth_info->credentials,
-				&credentials);
-
-	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		goto done;
-	}
+	dcerpc_security->private_data = ntlmssp_state;
 
-	p->auth_info->credentials = credentials;
-
-	status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	status = ntlmssp_update(state, mem_ctx,
-				p->auth_info->credentials, 
-				&credentials);
+	return status;
+}
 
-	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		goto done;
-	}
+static NTSTATUS dcerpc_ntlmssp_update(struct dcerpc_security *dcerpc_security, TALLOC_CTX *out_mem_ctx, 
+						const DATA_BLOB in, DATA_BLOB *out) 
+{
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
 
-	p->auth_info->credentials = credentials;
+	return ntlmssp_update(ntlmssp_state, out_mem_ctx, in, out);
+}
 
-	status = dcerpc_auth3(p, mem_ctx);
+static void dcerpc_ntlmssp_end(struct dcerpc_security *dcerpc_security)
+{
+	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private_data;
 
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
+	ntlmssp_end(&ntlmssp_state);
 
-	p->security_state = talloc_p(p->mem_ctx, struct dcerpc_security);
-	if (!p->security_state) {
-		status = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
+	dcerpc_security->private_data = NULL;
+}
 
-	p->security_state->private = state;
-	p->security_state->unseal_packet = ntlm_unseal_packet;
-	p->security_state->check_packet = ntlm_check_packet;
-	p->security_state->seal_packet = ntlm_seal_packet;
-	p->security_state->sign_packet = ntlm_sign_packet;
-	p->security_state->session_key = ntlm_session_key;
-	p->security_state->security_end = ntlm_security_end;
+static const struct dcesrv_security_ops dcerpc_ntlmssp_security_ops = {
+	.name		= "ntlmssp",
+	.auth_type	= DCERPC_AUTH_TYPE_NTLMSSP,
+	.start 		= dcerpc_ntlmssp_start,
+	.update 	= dcerpc_ntlmssp_update,
+	.seal 		= dcerpc_ntlmssp_seal,
+	.sign		= dcerpc_ntlmssp_sign,
+	.check_sig	= dcerpc_ntlmssp_check_sig,
+	.unseal		= dcerpc_ntlmssp_unseal,
+	.session_key	= dcerpc_ntlmssp_session_key,
+	.end		= dcerpc_ntlmssp_end
+};
+
+const struct dcesrv_security_ops *dcerpc_ntlmssp_security_get_ops(void)
+{
+	return &dcerpc_ntlmssp_security_ops;
+}
 
-done:
-	talloc_destroy(mem_ctx);
+/*
+  do ntlm style authentication on a dcerpc pipe
+*/
+NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
+			       const char *uuid, uint_t version,
+			       const char *domain,
+			       const char *username,
+			       const char *password)
+{
+	NTSTATUS status;
 
-	if (!NT_STATUS_IS_OK(status)) {
-		p->security_state = NULL;
-		p->auth_info = NULL;
-	}
+	status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_NTLMSSP,
+				uuid, version,
+				domain, username, 
+				password);
 
 	return status;
 }