From ee240799b6d7918afffdd762ead5221283f5dd5d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 30 Dec 2009 08:23:13 +0100 Subject: s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_data MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner --- source4/auth/ntlmssp/ntlmssp.c | 18 ++++++++++++++---- source4/auth/ntlmssp/ntlmssp_client.c | 17 ++++++++++++----- source4/auth/ntlmssp/ntlmssp_server.c | 24 ++++++++++++++++-------- source4/auth/ntlmssp/ntlmssp_sign.c | 26 ++++++++++++++++++++------ source4/torture/auth/ntlmssp.c | 9 +++++++-- 5 files changed, 69 insertions(+), 25 deletions(-) diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index e0a109b8d4..37020366bd 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -199,7 +199,10 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB input, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; NTSTATUS status; uint32_t i; @@ -229,7 +232,10 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; if (gensec_ntlmssp_state->expected_state != NTLMSSP_DONE) { return NT_STATUS_NO_USER_SESSION_KEY; @@ -348,7 +354,11 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state, static bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, uint32_t feature) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; + if (feature & GENSEC_FEATURE_SIGN) { if (!gensec_ntlmssp_state->session_key.length) { return false; @@ -404,7 +414,7 @@ NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security) gensec_ntlmssp->ntlmssp_state = ntlmssp_state; - gensec_security->private_data = ntlmssp_state; + gensec_security->private_data = gensec_ntlmssp; return NT_STATUS_OK; } diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index b518fa87be..259f07fe00 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -47,7 +47,10 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; const char *domain = gensec_ntlmssp_state->domain; const char *workstation = cli_credentials_get_workstation(gensec_security->credentials); @@ -98,7 +101,10 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; uint32_t chal_flags, ntlmssp_command, unkn1, unkn2; DATA_BLOB server_domain_blob; DATA_BLOB challenge_blob; @@ -297,13 +303,16 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) { + struct gensec_ntlmssp_context *gensec_ntlmssp; struct gensec_ntlmssp_state *gensec_ntlmssp_state; NTSTATUS nt_status; nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); - gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; gensec_ntlmssp_state->role = NTLMSSP_CLIENT; @@ -372,8 +381,6 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } - gensec_security->private_data = gensec_ntlmssp_state; - return NT_STATUS_OK; } diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index f19208054f..428178158d 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -120,7 +120,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; DATA_BLOB struct_blob; uint32_t neg_flags = 0; uint32_t ntlmssp_command, chal_flags; @@ -398,7 +401,10 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; NTSTATUS nt_status; DATA_BLOB session_key = data_blob(NULL, 0); @@ -548,7 +554,10 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; DATA_BLOB user_session_key = data_blob_null; DATA_BLOB lm_session_key = data_blob_null; NTSTATUS nt_status; @@ -720,10 +729,10 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, struct auth_session_info **session_info) { NTSTATUS nt_status; - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_ntlmssp_state->callback_private, + talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, @@ -752,10 +761,9 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); - gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; - - gensec_ntlmssp = talloc_get_type_abort(gensec_ntlmssp_state->callback_private, + gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); + gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; gensec_ntlmssp_state->role = NTLMSSP_SERVER; diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index b327701d61..ed80c711b4 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -136,7 +136,10 @@ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, const uint8_t *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx, data, length, @@ -155,7 +158,10 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, const uint8_t *whole_pdu, size_t pdu_length, const DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; DATA_BLOB local_sig; NTSTATUS nt_status; @@ -218,7 +224,10 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, const uint8_t *whole_pdu, size_t pdu_length, DATA_BLOB *sig) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; NTSTATUS nt_status; if (!gensec_ntlmssp_state->session_key.length) { DEBUG(3, ("NO session key, cannot seal packet\n")); @@ -281,7 +290,10 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, const DATA_BLOB *sig) { NTSTATUS status; - struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; if (!gensec_ntlmssp_state->session_key.length) { DEBUG(3, ("NO session key, cannot unseal packet\n")); return NT_STATUS_NO_USER_SESSION_KEY; @@ -511,6 +523,10 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, const DATA_BLOB *in, DATA_BLOB *out) { + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; DATA_BLOB sig; if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { @@ -528,8 +544,6 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, &sig); } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = - (struct gensec_ntlmssp_state *)gensec_security->private_data; NTSTATUS status; uint32_t ntlm_seqnum; struct arcfour_state ntlm_state; diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c index 259896d63a..90d0a34e62 100644 --- a/source4/torture/auth/ntlmssp.c +++ b/source4/torture/auth/ntlmssp.c @@ -27,6 +27,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) { struct gensec_security *gensec_security; + struct gensec_ntlmssp_context *gensec_ntlmssp; struct gensec_ntlmssp_state *gensec_ntlmssp_state; DATA_BLOB data; DATA_BLOB sig, expected_sig; @@ -46,7 +47,9 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP), "Failed to start GENSEC for NTLMSSP"); - gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; gensec_ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405060708090a0b0c0d0e0f00"); dump_data_pw("NTLMSSP session key: \n", @@ -101,7 +104,9 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP), "GENSEC start mech by oid"); - gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; + gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state; gensec_ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405e538b0"); dump_data_pw("NTLMSSP session key: \n", -- cgit