From bd29f79463009ff7383cb17a3f766fddcdb1f302 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 18 Oct 2011 21:27:39 +1100
Subject: s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet

This avoids the indirection via the auth_ntlmsssp wrapper functions.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/librpc/crypto/cli_spnego.c  | 44 ++++++++++++++--------------
 source3/librpc/rpc/dcerpc_helpers.c | 57 +++++++++++++++++++------------------
 2 files changed, 51 insertions(+), 50 deletions(-)

(limited to 'source3/librpc')

diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index db03fdc852..1320a95216 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -354,12 +354,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
 				sp_ctx->mech_ctx.gssapi_state,
 				data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_sign_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					mem_ctx,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_sign_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			mem_ctx,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -376,11 +376,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
 				    sp_ctx->mech_ctx.gssapi_state,
 				    data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_check_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_check_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -397,12 +397,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
 				sp_ctx->mech_ctx.gssapi_state,
 				data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_seal_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					mem_ctx,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_seal_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			mem_ctx,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -419,11 +419,11 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
 				    sp_ctx->mech_ctx.gssapi_state,
 				    data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_unseal_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_unseal_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 32dbfdfe48..dc3b570a6c 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -28,6 +28,7 @@
 #include "ntlmssp_wrap.h"
 #include "librpc/crypto/gse.h"
 #include "librpc/crypto/spnego.h"
+#include "auth/gensec/gensec.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_PARSE
@@ -395,14 +396,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 	switch (auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
-		status = auth_ntlmssp_seal_packet(auth_state,
-					     rpc_out->data,
-					     rpc_out->data
-						+ DCERPC_RESPONSE_LENGTH,
-					     data_and_pad_len,
-					     rpc_out->data,
-					     rpc_out->length,
-					     &auth_blob);
+		status = gensec_seal_packet(auth_state->gensec_security,
+					    rpc_out->data,
+					    rpc_out->data
+					    + DCERPC_RESPONSE_LENGTH,
+					    data_and_pad_len,
+					    rpc_out->data,
+					    rpc_out->length,
+					    &auth_blob);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -410,14 +411,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		/* Data is signed. */
-		status = auth_ntlmssp_sign_packet(auth_state,
-					     rpc_out->data,
-					     rpc_out->data
-						+ DCERPC_RESPONSE_LENGTH,
-					     data_and_pad_len,
-					     rpc_out->data,
-					     rpc_out->length,
-					     &auth_blob);
+		status = gensec_sign_packet(auth_state->gensec_security,
+					    rpc_out->data,
+					    rpc_out->data
+					    + DCERPC_RESPONSE_LENGTH,
+					    data_and_pad_len,
+					    rpc_out->data,
+					    rpc_out->length,
+					    &auth_blob);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -454,21 +455,21 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 	switch (auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
-		return auth_ntlmssp_unseal_packet(auth_state,
-						  data->data,
-						  data->length,
-						  full_pkt->data,
-						  full_pkt->length,
-						  auth_token);
+		return gensec_unseal_packet(auth_state->gensec_security,
+					    data->data,
+					    data->length,
+					    full_pkt->data,
+					    full_pkt->length,
+					    auth_token);
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		/* Data is signed. */
-		return auth_ntlmssp_check_packet(auth_state,
-						 data->data,
-						 data->length,
-						 full_pkt->data,
-						 full_pkt->length,
-						 auth_token);
+		return gensec_check_packet(auth_state->gensec_security,
+					   data->data,
+					   data->length,
+					   full_pkt->data,
+					   full_pkt->length,
+					   auth_token);
 
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
-- 
cgit