summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/gensec/gensec_util.c116
-rw-r--r--source4/auth/gensec/socket.c107
2 files changed, 116 insertions, 107 deletions
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index 1b4c0b1a3e..feff3c3ac1 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -93,3 +93,119 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
return NT_STATUS_INTERNAL_ERROR;
}
}
+
+/*
+ * These functions are for use in the deprecated
+ * gensec_socket code (public because SPNEGO must
+ * use them for recursion)
+ */
+_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out,
+ size_t *len_processed)
+{
+ if (!gensec_security->ops->wrap_packets) {
+ NTSTATUS nt_status;
+ size_t max_input_size;
+ DATA_BLOB unwrapped, wrapped;
+ max_input_size = gensec_max_input_size(gensec_security);
+ unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length));
+
+ nt_status = gensec_wrap(gensec_security,
+ mem_ctx,
+ &unwrapped, &wrapped);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ *out = data_blob_talloc(mem_ctx, NULL, 4);
+ if (!out->data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ RSIVAL(out->data, 0, wrapped.length);
+
+ if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *len_processed = unwrapped.length;
+ return NT_STATUS_OK;
+ }
+ return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out,
+ len_processed);
+}
+
+/*
+ * These functions are for use in the deprecated
+ * gensec_socket code (public because SPNEGO must
+ * use them for recursion)
+ */
+NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out,
+ size_t *len_processed)
+{
+ if (!gensec_security->ops->unwrap_packets) {
+ DATA_BLOB wrapped;
+ NTSTATUS nt_status;
+ size_t packet_size;
+ if (in->length < 4) {
+ /* Missing the header we already had! */
+ DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ packet_size = RIVAL(in->data, 0);
+
+ wrapped = data_blob_const(in->data + 4, packet_size);
+
+ if (wrapped.length > (in->length - 4)) {
+ DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n",
+ (int)wrapped.length, (int)(in->length - 4)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ nt_status = gensec_unwrap(gensec_security,
+ mem_ctx,
+ &wrapped, out);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ *len_processed = packet_size + 4;
+ return nt_status;
+ }
+ return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out,
+ len_processed);
+}
+
+/*
+ * These functions are for use in the deprecated
+ * gensec_socket code (public because SPNEGO must
+ * use them for recursion)
+ */
+NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
+ DATA_BLOB blob, size_t *size)
+{
+ if (gensec_security->ops->packet_full_request) {
+ return gensec_security->ops->packet_full_request(gensec_security,
+ blob, size);
+ }
+ if (gensec_security->ops->unwrap_packets) {
+ if (blob.length) {
+ *size = blob.length;
+ return NT_STATUS_OK;
+ }
+ return STATUS_MORE_ENTRIES;
+ }
+
+ if (blob.length < 4) {
+ return STATUS_MORE_ENTRIES;
+ }
+ *size = 4 + RIVAL(blob.data, 0);
+ if (*size > blob.length) {
+ return STATUS_MORE_ENTRIES;
+ }
+ return NT_STATUS_OK;
+}
diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c
index 1d9620dcf8..99b4108a39 100644
--- a/source4/auth/gensec/socket.c
+++ b/source4/auth/gensec/socket.c
@@ -59,113 +59,6 @@ static NTSTATUS gensec_socket_init_fn(struct socket_context *sock)
return NT_STATUS_OK;
}
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- if (!gensec_security->ops->wrap_packets) {
- NTSTATUS nt_status;
- size_t max_input_size;
- DATA_BLOB unwrapped, wrapped;
- max_input_size = gensec_max_input_size(gensec_security);
- unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length));
-
- nt_status = gensec_wrap(gensec_security,
- mem_ctx,
- &unwrapped, &wrapped);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- *out = data_blob_talloc(mem_ctx, NULL, 4);
- if (!out->data) {
- return NT_STATUS_NO_MEMORY;
- }
- RSIVAL(out->data, 0, wrapped.length);
-
- if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) {
- return NT_STATUS_NO_MEMORY;
- }
- *len_processed = unwrapped.length;
- return NT_STATUS_OK;
- }
- return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out,
- len_processed);
-}
-
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- if (!gensec_security->ops->unwrap_packets) {
- DATA_BLOB wrapped;
- NTSTATUS nt_status;
- size_t packet_size;
- if (in->length < 4) {
- /* Missing the header we already had! */
- DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- packet_size = RIVAL(in->data, 0);
-
- wrapped = data_blob_const(in->data + 4, packet_size);
-
- if (wrapped.length > (in->length - 4)) {
- DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n",
- (int)wrapped.length, (int)(in->length - 4)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- nt_status = gensec_unwrap(gensec_security,
- mem_ctx,
- &wrapped, out);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- *len_processed = packet_size + 4;
- return nt_status;
- }
- return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out,
- len_processed);
-}
-
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
- DATA_BLOB blob, size_t *size)
-{
- if (gensec_security->ops->packet_full_request) {
- return gensec_security->ops->packet_full_request(gensec_security,
- blob, size);
- }
- if (gensec_security->ops->unwrap_packets) {
- if (blob.length) {
- *size = blob.length;
- return NT_STATUS_OK;
- }
- return STATUS_MORE_ENTRIES;
- }
-
- if (blob.length < 4) {
- return STATUS_MORE_ENTRIES;
- }
- *size = 4 + RIVAL(blob.data, 0);
- if (*size > blob.length) {
- return STATUS_MORE_ENTRIES;
- }
- return NT_STATUS_OK;
-}
-
static NTSTATUS gensec_socket_full_request(void *private_data, DATA_BLOB blob, size_t *size)
{
struct gensec_socket *gensec_socket = talloc_get_type(private_data, struct gensec_socket);