diff options
-rw-r--r-- | auth/gensec/gensec_util.c | 116 | ||||
-rw-r--r-- | source4/auth/gensec/socket.c | 107 |
2 files changed, 116 insertions, 107 deletions
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c index 1b4c0b1a3e..feff3c3ac1 100644 --- a/auth/gensec/gensec_util.c +++ b/auth/gensec/gensec_util.c @@ -93,3 +93,119 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } } + +/* + * These functions are for use in the deprecated + * gensec_socket code (public because SPNEGO must + * use them for recursion) + */ +_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out, + size_t *len_processed) +{ + if (!gensec_security->ops->wrap_packets) { + NTSTATUS nt_status; + size_t max_input_size; + DATA_BLOB unwrapped, wrapped; + max_input_size = gensec_max_input_size(gensec_security); + unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length)); + + nt_status = gensec_wrap(gensec_security, + mem_ctx, + &unwrapped, &wrapped); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + *out = data_blob_talloc(mem_ctx, NULL, 4); + if (!out->data) { + return NT_STATUS_NO_MEMORY; + } + RSIVAL(out->data, 0, wrapped.length); + + if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) { + return NT_STATUS_NO_MEMORY; + } + *len_processed = unwrapped.length; + return NT_STATUS_OK; + } + return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out, + len_processed); +} + +/* + * These functions are for use in the deprecated + * gensec_socket code (public because SPNEGO must + * use them for recursion) + */ +NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out, + size_t *len_processed) +{ + if (!gensec_security->ops->unwrap_packets) { + DATA_BLOB wrapped; + NTSTATUS nt_status; + size_t packet_size; + if (in->length < 4) { + /* Missing the header we already had! */ + DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + packet_size = RIVAL(in->data, 0); + + wrapped = data_blob_const(in->data + 4, packet_size); + + if (wrapped.length > (in->length - 4)) { + DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n", + (int)wrapped.length, (int)(in->length - 4))); + return NT_STATUS_INTERNAL_ERROR; + } + + nt_status = gensec_unwrap(gensec_security, + mem_ctx, + &wrapped, out); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + *len_processed = packet_size + 4; + return nt_status; + } + return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out, + len_processed); +} + +/* + * These functions are for use in the deprecated + * gensec_socket code (public because SPNEGO must + * use them for recursion) + */ +NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, + DATA_BLOB blob, size_t *size) +{ + if (gensec_security->ops->packet_full_request) { + return gensec_security->ops->packet_full_request(gensec_security, + blob, size); + } + if (gensec_security->ops->unwrap_packets) { + if (blob.length) { + *size = blob.length; + return NT_STATUS_OK; + } + return STATUS_MORE_ENTRIES; + } + + if (blob.length < 4) { + return STATUS_MORE_ENTRIES; + } + *size = 4 + RIVAL(blob.data, 0); + if (*size > blob.length) { + return STATUS_MORE_ENTRIES; + } + return NT_STATUS_OK; +} diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 1d9620dcf8..99b4108a39 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -59,113 +59,6 @@ static NTSTATUS gensec_socket_init_fn(struct socket_context *sock) return NT_STATUS_OK; } -/* These functions are for use here only (public because SPNEGO must - * use them for recursion) */ -_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed) -{ - if (!gensec_security->ops->wrap_packets) { - NTSTATUS nt_status; - size_t max_input_size; - DATA_BLOB unwrapped, wrapped; - max_input_size = gensec_max_input_size(gensec_security); - unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length)); - - nt_status = gensec_wrap(gensec_security, - mem_ctx, - &unwrapped, &wrapped); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - *out = data_blob_talloc(mem_ctx, NULL, 4); - if (!out->data) { - return NT_STATUS_NO_MEMORY; - } - RSIVAL(out->data, 0, wrapped.length); - - if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) { - return NT_STATUS_NO_MEMORY; - } - *len_processed = unwrapped.length; - return NT_STATUS_OK; - } - return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out, - len_processed); -} - -/* These functions are for use here only (public because SPNEGO must - * use them for recursion) */ -NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed) -{ - if (!gensec_security->ops->unwrap_packets) { - DATA_BLOB wrapped; - NTSTATUS nt_status; - size_t packet_size; - if (in->length < 4) { - /* Missing the header we already had! */ - DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - packet_size = RIVAL(in->data, 0); - - wrapped = data_blob_const(in->data + 4, packet_size); - - if (wrapped.length > (in->length - 4)) { - DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n", - (int)wrapped.length, (int)(in->length - 4))); - return NT_STATUS_INTERNAL_ERROR; - } - - nt_status = gensec_unwrap(gensec_security, - mem_ctx, - &wrapped, out); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - *len_processed = packet_size + 4; - return nt_status; - } - return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out, - len_processed); -} - -/* These functions are for use here only (public because SPNEGO must - * use them for recursion) */ -NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size) -{ - if (gensec_security->ops->packet_full_request) { - return gensec_security->ops->packet_full_request(gensec_security, - blob, size); - } - if (gensec_security->ops->unwrap_packets) { - if (blob.length) { - *size = blob.length; - return NT_STATUS_OK; - } - return STATUS_MORE_ENTRIES; - } - - if (blob.length < 4) { - return STATUS_MORE_ENTRIES; - } - *size = 4 + RIVAL(blob.data, 0); - if (*size > blob.length) { - return STATUS_MORE_ENTRIES; - } - return NT_STATUS_OK; -} - static NTSTATUS gensec_socket_full_request(void *private_data, DATA_BLOB blob, size_t *size) { struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket); |