From f433baa3c8a995cbbeecdcbc75f8ae503a5ae4b6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 31 Jan 2012 21:20:34 +1100 Subject: auth: Make more of the ntlmssp code private or static Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher --- auth/ntlmssp/gensec_ntlmssp_server.c | 14 +++--- auth/ntlmssp/ntlmssp.h | 59 +----------------------- auth/ntlmssp/ntlmssp_private.h | 87 +++++++++++++++++++++++------------- 3 files changed, 64 insertions(+), 96 deletions(-) (limited to 'auth') diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c index de86dd509e..6ba3976f7e 100644 --- a/auth/ntlmssp/gensec_ntlmssp_server.c +++ b/auth/ntlmssp/gensec_ntlmssp_server.c @@ -81,8 +81,8 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security, * @return an 8 byte random challenge */ -NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, - uint8_t chal[8]) +static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, + uint8_t chal[8]) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -107,7 +107,7 @@ NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, * * @return If the effective challenge used by the auth subsystem may be modified */ -bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) +static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -124,7 +124,7 @@ bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state) * NTLM2 authentication modifies the effective challenge, * @param challenge The new challenge value */ -NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) +static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, @@ -153,9 +153,9 @@ NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BL * Return the session keys used on the connection. */ -NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, - TALLOC_CTX *mem_ctx, - DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, + TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { struct gensec_ntlmssp_context *gensec_ntlmssp = talloc_get_type_abort(ntlmssp_state->callback_private, diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h index eb44913d87..0d6a64e68f 100644 --- a/auth/ntlmssp/ntlmssp.h +++ b/auth/ntlmssp/ntlmssp.h @@ -22,8 +22,6 @@ #include "../librpc/gen_ndr/ntlmssp.h" -NTSTATUS gensec_ntlmssp_init(void); - struct auth_context; struct auth_serversupplied_info; struct tsocket_address; @@ -31,15 +29,6 @@ struct auth_user_info_dc; struct gensec_security; struct ntlmssp_state; -struct gensec_ntlmssp_context { - /* For GENSEC users */ - struct gensec_security *gensec_security; - void *server_returned_info; - - /* used by both client and server implementation */ - struct ntlmssp_state *ntlmssp_state; -}; - /* NTLMSSP mode */ enum ntlmssp_role { @@ -189,51 +178,7 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_stae, NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state); bool ntlmssp_blob_matches_magic(const DATA_BLOB *blob); -/* The following definitions come from ../source4/auth/ntlmssp/ntlmssp.c */ - - -/** - * Return the NTLMSSP master session key - * - * @param ntlmssp_state NTLMSSP State - */ -NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, - const DATA_BLOB *first_packet); -bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, - uint32_t feature); -NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key); -NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security); - -/* The following definitions come from ../source4/auth/ntlmssp/ntlmssp_sign.c */ - -NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, - TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); -NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); -NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *sig_mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); -NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); -size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ; -NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, - TALLOC_CTX *out_mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out); -NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, - TALLOC_CTX *out_mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out); + +/* The following definitions come from auth/ntlmssp/gensec_ntlmssp.c */ NTSTATUS gensec_ntlmssp_init(void); diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h index 7953d8ef73..cd9f9db411 100644 --- a/auth/ntlmssp/ntlmssp_private.h +++ b/auth/ntlmssp/ntlmssp_private.h @@ -41,6 +41,15 @@ union ntlmssp_crypt_state { } ntlm2; }; +struct gensec_ntlmssp_context { + /* For GENSEC users */ + struct gensec_security *gensec_security; + void *server_returned_info; + + /* used by both client and server implementation */ + struct ntlmssp_state *ntlmssp_state; +}; + /* The following definitions come from auth/ntlmssp.c */ NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, @@ -94,7 +103,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, const DATA_BLOB in, DATA_BLOB *out) ; NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security); -/* The following definitions come from auth/ntlmssp/ntlmssp_server.c */ +/* The following definitions come from auth/ntlmssp/gensec_ntlmssp_server.c */ /** @@ -123,6 +132,12 @@ NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out); +/** + * Start NTLMSSP on the server side + * + */ +NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security); + /** * Return the credentials of a logged on user, including session keys * etc. @@ -136,39 +151,47 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) ; -/** - * Start NTLMSSP on the server side - * - */ -NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security); - -/** - * Return the challenge as determined by the authentication subsystem - * @return an 8 byte random challenge - */ - -NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state, - uint8_t chal[8]); - -/** - * Some authentication methods 'fix' the challenge, so we may not be able to set it - * - * @return If the effective challenge used by the auth subsystem may be modified - */ -bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state); - -/** - * NTLM2 authentication modifies the effective challenge, - * @param challenge The new challenge value - */ -NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge); +/* The following definitions come from auth/ntlmssp/gensec_ntlmssp.c */ + +NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, + TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *sig_mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ; +NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); +NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); /** - * Check the password on an NTLMSSP login. + * Return the NTLMSSP master session key * - * Return the session keys used on the connection. + * @param ntlmssp_state NTLMSSP State */ +NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, + const DATA_BLOB *first_packet); +bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, + uint32_t feature); +NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key); +NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security); -NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, - TALLOC_CTX *mem_ctx, - DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key); -- cgit