s4:ntlmssp: split gensec_ntlmssp_check_packet() and ntlmssp_check_packet()

Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>

1 files changed, 31 insertions, 13 deletions

diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 4239a39ce5..3c18c34f82 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -147,26 +147,21 @@ NTSTATUS ntlmssp_sign_packet(struct gensec_ntlmssp_state *ntlmssp_state,
  *
  */
 
-NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
-				     TALLOC_CTX *sig_mem_ctx,
-				     const uint8_t *data, size_t length,
-				     const uint8_t *whole_pdu, size_t pdu_length,
-				     const DATA_BLOB *sig)
+NTSTATUS ntlmssp_check_packet(struct gensec_ntlmssp_state *ntlmssp_state,
+			      TALLOC_CTX *sig_mem_ctx,
+			      const uint8_t *data, size_t length,
+			      const uint8_t *whole_pdu, size_t pdu_length,
+			      const DATA_BLOB *sig)
 {
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(gensec_security->private_data,
-				      struct gensec_ntlmssp_context);
-	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
-
 	DATA_BLOB local_sig;
 	NTSTATUS nt_status;
 
-	if (!gensec_ntlmssp_state->session_key.length) {
+	if (!ntlmssp_state->session_key.length) {
 		DEBUG(3, ("NO session key, cannot check packet signature\n"));
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 
-	nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
+	nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx,
 						  data, length,
 						  whole_pdu, pdu_length,
 						  NTLMSSP_RECEIVE, &local_sig, true);
@@ -176,7 +171,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 		return nt_status;
 	}
 
-	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
 		if (local_sig.length != sig->length ||
 		    memcmp(local_sig.data, 
 			   sig->data, sig->length) != 0) {
@@ -187,6 +182,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 			DEBUG(10, ("BAD SIG: got signature over %llu bytes of input:\n", (unsigned long long)pdu_length));
 			dump_data(10, sig->data, sig->length);
 			
+			data_blob_free(&local_sig);
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	} else {
@@ -199,11 +195,13 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 			DEBUG(10, ("BAD SIG: got signature of %llu bytes of input:\n", (unsigned long long)length));
 			dump_data(10, sig->data, sig->length);
 			
+			data_blob_free(&local_sig);
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	}
 	dump_data_pw("checked ntlmssp signature\n", sig->data, sig->length);
 
+	data_blob_free(&local_sig);
 	return NT_STATUS_OK;
 }
 
@@ -473,6 +471,26 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security,
 	return nt_status;
 }
 
+NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
+				     TALLOC_CTX *sig_mem_ctx,
+				     const uint8_t *data, size_t length,
+				     const uint8_t *whole_pdu, size_t pdu_length,
+				     const DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_context *gensec_ntlmssp =
+		talloc_get_type_abort(gensec_security->private_data,
+				      struct gensec_ntlmssp_context);
+	NTSTATUS nt_status;
+
+	nt_status = ntlmssp_check_packet(gensec_ntlmssp->ntlmssp_state,
+					 sig_mem_ctx,
+					 data, length,
+					 whole_pdu, pdu_length,
+					 sig);
+
+	return nt_status;
+}
+
 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
 	return NTLMSSP_SIG_SIZE;