From 033ced60ac734161686bd3da685f2d7b056e17c8 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 16 Sep 2009 02:03:46 +0200
Subject: libcli/auth: rewrite schannel sign/seal code to be more generic

This prepares support for HMAC-SHA256/AES.

metze
---
 source3/rpc_server/srv_pipe.c | 44 ++++++++++++++++++++++++++-----------------
 1 file changed, 27 insertions(+), 17 deletions(-)

(limited to 'source3/rpc_server/srv_pipe.c')

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 1bd170f901..627dac0f82 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -411,6 +411,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
 		 */
 		RPC_HDR_AUTH auth_info;
 		DATA_BLOB blob;
+		uint8_t *data;
 
 		/* Check it's the type of reply we were expecting to decode */
 
@@ -427,20 +428,24 @@ static bool create_next_pdu_schannel(pipes_struct *p)
 			return False;
 		}
 
+		data = (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos;
+
 		switch (p->auth.auth_level) {
 		case DCERPC_AUTH_LEVEL_PRIVACY:
-			status = schannel_seal_packet(p->auth.a_u.schannel_auth,
-						      talloc_tos(),
-						      (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos,
-						      data_len + ss_padding_len,
-						      &blob);
+			status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+							talloc_tos(),
+							true,
+							data,
+							data_len + ss_padding_len,
+							&blob);
 			break;
 		case DCERPC_AUTH_LEVEL_INTEGRITY:
-			status = schannel_sign_packet(p->auth.a_u.schannel_auth,
-						      talloc_tos(),
-						      (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos,
-						      data_len + ss_padding_len,
-						      &blob);
+			status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+							talloc_tos(),
+							false,
+							data,
+							data_len + ss_padding_len,
+							&blob);
 			break;
 		default:
 			status = NT_STATUS_INTERNAL_ERROR;
@@ -2162,6 +2167,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
 	RPC_HDR_AUTH auth_info;
 	DATA_BLOB blob;
 	NTSTATUS status;
+	uint8_t *data;
 
 	auth_len = p->hdr.auth_len;
 
@@ -2215,20 +2221,24 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
 		dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
 	}
 
+	data = (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN;
+
 	switch (auth_info.auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
-		status = schannel_unseal_packet(p->auth.a_u.schannel_auth,
+		status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
 						talloc_tos(),
-						(uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN,
+						true,
+						data,
 						data_len,
 						&blob);
 		break;
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
-		status = schannel_check_packet(p->auth.a_u.schannel_auth,
-					       talloc_tos(),
-					       (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN,
-					       data_len,
-					       &blob);
+		status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
+						talloc_tos(),
+						false,
+						data,
+						data_len,
+						&blob);
 		break;
 	default:
 		status = NT_STATUS_INTERNAL_ERROR;
-- 
cgit