From 3042e38d519411e774e110b16a2eeeaef4b25a65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 26 Dec 2011 14:23:15 +1100 Subject: s3-auth use gensec directly rather than via auth_generic_state This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher --- source3/rpc_server/dcesrv_auth_generic.c | 56 ++++++++++++++------------------ 1 file changed, 24 insertions(+), 32 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c index dee3c16ca3..78d0d78ffa 100644 --- a/source3/rpc_server/dcesrv_auth_generic.c +++ b/source3/rpc_server/dcesrv_auth_generic.c @@ -35,10 +35,10 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address, struct gensec_security **ctx) { - struct auth_generic_state *a = NULL; + struct gensec_security *gensec_security = NULL; NTSTATUS status; - status = auth_generic_prepare(talloc_tos(), remote_address, &a); + status = auth_generic_prepare(talloc_tos(), remote_address, &gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n", nt_errstr(status))); @@ -46,40 +46,36 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx, } if (do_sign) { - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN); + gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); } if (do_seal) { - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SIGN); - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_SEAL); + gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); + gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); } if (is_dcerpc) { - gensec_want_feature(a->gensec_security, GENSEC_FEATURE_DCE_STYLE); + gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE); } - status = auth_generic_start(a, oid); + status = gensec_start_mech_by_oid(gensec_security, oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (__location__ ": auth_generic_start failed: %s\n", nt_errstr(status))); + TALLOC_FREE(gensec_security); return status; } - status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out); + status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(2, (__location__ ": gensec_update failed: %s\n", nt_errstr(status))); - goto done; + TALLOC_FREE(gensec_security); + return status; } - /* steal gensec context too */ - *ctx = talloc_move(mem_ctx, &a->gensec_security); - - status = NT_STATUS_OK; - -done: - TALLOC_FREE(a); - - return status; + /* steal gensec context to the caller */ + *ctx = talloc_move(mem_ctx, &gensec_security); + return NT_STATUS_OK; } NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, @@ -89,39 +85,35 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address, struct gensec_security **ctx) { - struct auth_generic_state *a = NULL; + struct gensec_security *gensec_security = NULL; NTSTATUS status; - status = auth_generic_prepare(talloc_tos(), remote_address, &a); + status = auth_generic_prepare(talloc_tos(), remote_address, &gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n", nt_errstr(status))); return status; } - status = auth_generic_authtype_start(a, auth_type, auth_level); + status = gensec_start_mech_by_authtype(gensec_security, auth_type, auth_level); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (__location__ ": auth_generic_start failed: %s\n", nt_errstr(status))); + TALLOC_FREE(gensec_security); return status; } - status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out); + status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(2, (__location__ ": gensec_update failed: %s\n", nt_errstr(status))); - goto done; + TALLOC_FREE(gensec_security); + return status; } - /* steal gensec context too */ - *ctx = talloc_move(mem_ctx, &a->gensec_security); - - status = NT_STATUS_OK; - -done: - TALLOC_FREE(a); - - return status; + /* steal gensec context to the caller */ + *ctx = talloc_move(mem_ctx, &gensec_security); + return NT_STATUS_OK; } NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security, -- cgit