From 706333856b53c7544dcb44a6505ab82bd38d860c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 30 Dec 2009 16:02:37 +0100
Subject: s4:ntlmssp: split gensec_ntlmssp_unseal_packet() and
 ntlmssp_unseal_packet()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source4/auth/ntlmssp/ntlmssp_sign.c | 51 ++++++++++++++++++++++++-------------
 1 file changed, 34 insertions(+), 17 deletions(-)

diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 3b18976d3c..62b5f61766 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -271,33 +271,27 @@ NTSTATUS ntlmssp_seal_packet(struct gensec_ntlmssp_state *ntlmssp_state,
  *
  */
 
-/*
-  wrappers for the ntlmssp_*() functions
-*/
-NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
-				      TALLOC_CTX *sig_mem_ctx,
-				      uint8_t *data, size_t length,
-				      const uint8_t *whole_pdu, size_t pdu_length,
-				      const DATA_BLOB *sig)
+NTSTATUS ntlmssp_unseal_packet(struct gensec_ntlmssp_state *ntlmssp_state,
+			       TALLOC_CTX *sig_mem_ctx,
+			       uint8_t *data, size_t length,
+			       const uint8_t *whole_pdu, size_t pdu_length,
+			       const DATA_BLOB *sig)
 {
 	NTSTATUS status;
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(gensec_security->private_data,
-				      struct gensec_ntlmssp_context);
-	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
-	if (!gensec_ntlmssp_state->session_key.length) {
+
+	if (!ntlmssp_state->session_key.length) {
 		DEBUG(3, ("NO session key, cannot unseal packet\n"));
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 
 	dump_data_pw("ntlmssp sealed data\n", data, length);
-	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
-		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, data, length);
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		arcfour_crypt_sbox(ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state, data, length);
 	} else {
-		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
+		arcfour_crypt_sbox(ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
 	}
 	dump_data_pw("ntlmssp clear data\n", data, length);
-	status = gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
+	status = ntlmssp_check_packet(ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("NTLMSSP packet check for unseal failed due to invalid signature on %llu bytes of input:\n", (unsigned long long)length));
@@ -509,6 +503,29 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
 	return nt_status;
 }
 
+/*
+  wrappers for the ntlmssp_*() functions
+*/
+NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
+				      TALLOC_CTX *sig_mem_ctx,
+				      uint8_t *data, size_t length,
+				      const uint8_t *whole_pdu, size_t pdu_length,
+				      const DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_context *gensec_ntlmssp =
+		talloc_get_type_abort(gensec_security->private_data,
+				      struct gensec_ntlmssp_context);
+	NTSTATUS nt_status;
+
+	nt_status = ntlmssp_unseal_packet(gensec_ntlmssp->ntlmssp_state,
+					  sig_mem_ctx,
+					  data, length,
+					  whole_pdu, pdu_length,
+					  sig);
+
+	return nt_status;
+}
+
 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
 	return NTLMSSP_SIG_SIZE;
-- 
cgit