From 321204eaeb05107b9a6d5ed464a11cd5018c97c6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 19 Oct 2011 18:39:27 +1100
Subject: s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc
 code

We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/rpc_server/dcesrv_ntlmssp.c | 22 +++++++++----------
 source3/rpc_server/dcesrv_ntlmssp.h | 10 ++++-----
 source3/rpc_server/dcesrv_spnego.c  |  8 +++----
 source3/rpc_server/srv_pipe.c       | 42 ++++++++++++++++++-------------------
 4 files changed, 40 insertions(+), 42 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c
index 8700726c25..e03b3357f3 100644
--- a/source3/rpc_server/dcesrv_ntlmssp.c
+++ b/source3/rpc_server/dcesrv_ntlmssp.c
@@ -32,7 +32,7 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
 				   DATA_BLOB *token_in,
 				   DATA_BLOB *token_out,
 				   const struct tsocket_address *remote_address,
-				   struct auth_ntlmssp_state **ctx)
+				   struct gensec_security **ctx)
 {
 	struct auth_ntlmssp_state *a = NULL;
 	NTSTATUS status;
@@ -67,19 +67,17 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
 	}
 
 	/* steal ntlmssp context too */
-	*ctx = talloc_move(mem_ctx, &a);
+	*ctx = talloc_move(mem_ctx, &a->gensec_security);
 
 	status = NT_STATUS_OK;
 
 done:
-	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(a);
-	}
+	TALLOC_FREE(a);
 
 	return status;
 }
 
-NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
+NTSTATUS ntlmssp_server_step(struct gensec_security *gensec_security,
 			     TALLOC_CTX *mem_ctx,
 			     DATA_BLOB *token_in,
 			     DATA_BLOB *token_out)
@@ -88,22 +86,22 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
 
 	/* this has to be done as root in order to verify the password */
 	become_root();
-	status = gensec_update(ctx->gensec_security, mem_ctx, NULL, *token_in, token_out);
+	status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
 	unbecome_root();
 
 	return status;
 }
 
-NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx,
+NTSTATUS ntlmssp_server_check_flags(struct gensec_security *gensec_security,
 				    bool do_sign, bool do_seal)
 {
-	if (do_sign && !gensec_have_feature(ctx->gensec_security, GENSEC_FEATURE_SIGN)) {
+	if (do_sign && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		DEBUG(1, (__location__ "Integrity was requested but client "
 			  "failed to negotiate signing.\n"));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (do_seal && !gensec_have_feature(ctx->gensec_security, GENSEC_FEATURE_SEAL)) {
+	if (do_seal && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
 		DEBUG(1, (__location__ "Privacy was requested but client "
 			  "failed to negotiate sealing.\n"));
 		return NT_STATUS_ACCESS_DENIED;
@@ -112,13 +110,13 @@ NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx,
+NTSTATUS ntlmssp_server_get_user_info(struct gensec_security *gensec_security,
 				      TALLOC_CTX *mem_ctx,
 				      struct auth_session_info **session_info)
 {
 	NTSTATUS status;
 
-	status = gensec_session_info(ctx->gensec_security, mem_ctx, session_info);
+	status = gensec_session_info(gensec_security, mem_ctx, session_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, (__location__ ": Failed to get authenticated user "
 			  "info: %s\n", nt_errstr(status)));
diff --git a/source3/rpc_server/dcesrv_ntlmssp.h b/source3/rpc_server/dcesrv_ntlmssp.h
index 05b67df7f0..6efc68d78c 100644
--- a/source3/rpc_server/dcesrv_ntlmssp.h
+++ b/source3/rpc_server/dcesrv_ntlmssp.h
@@ -20,7 +20,7 @@
 #ifndef _DCESRV_NTLMSSP_H_
 #define _DCESRV_NTLMSSP_H_
 
-struct auth_ntlmssp_state;
+struct gensec_security;
 
 NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
 				   bool do_sign,
@@ -29,14 +29,14 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
 				   DATA_BLOB *token_in,
 				   DATA_BLOB *token_out,
 				   const struct tsocket_address *remote_address,
-				   struct auth_ntlmssp_state **ctx);
-NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
+				   struct gensec_security **ctx);
+NTSTATUS ntlmssp_server_step(struct gensec_security *ctx,
 			     TALLOC_CTX *mem_ctx,
 			     DATA_BLOB *token_in,
 			     DATA_BLOB *token_out);
-NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx,
+NTSTATUS ntlmssp_server_check_flags(struct gensec_security *ctx,
 				    bool do_sign, bool do_seal);
-NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx,
+NTSTATUS ntlmssp_server_get_user_info(struct gensec_security *ctx,
 				      TALLOC_CTX *mem_ctx,
 				      struct auth_session_info **session_info);
 
diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c
index 515e59b7e8..88ffdf7b5f 100644
--- a/source3/rpc_server/dcesrv_spnego.c
+++ b/source3/rpc_server/dcesrv_spnego.c
@@ -54,7 +54,7 @@ static NTSTATUS spnego_server_mech_init(struct spnego_context *sp_ctx,
 					DATA_BLOB *token_in,
 					DATA_BLOB *token_out)
 {
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct gse_context *gse_ctx;
 	NTSTATUS status;
 
@@ -84,14 +84,14 @@ static NTSTATUS spnego_server_mech_init(struct spnego_context *sp_ctx,
 						   token_in,
 						   token_out,
 						   sp_ctx->remote_address,
-						   &ntlmssp_ctx);
+						   &gensec_security);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("Failed to init ntlmssp server "
 				  "(%s)\n", nt_errstr(status)));
 			return status;
 		}
 
-		sp_ctx->mech_ctx.ntlmssp_state = ntlmssp_ctx;
+		sp_ctx->mech_ctx.gensec_security = gensec_security;
 		break;
 
 	default:
@@ -155,7 +155,7 @@ NTSTATUS spnego_server_step(struct spnego_context *sp_ctx,
 			break;
 		case SPNEGO_NTLMSSP:
 			status = ntlmssp_server_step(
-					sp_ctx->mech_ctx.ntlmssp_state,
+					sp_ctx->mech_ctx.gensec_security,
 					mem_ctx, &token_in, &token_out);
 			break;
 		default:
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 449bf7555b..b32e1e1d48 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -589,7 +589,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
 				   struct dcerpc_auth *auth_info,
 				   DATA_BLOB *response)
 {
-	struct auth_ntlmssp_state *ntlmssp_state = NULL;
+	struct gensec_security *gensec_security = NULL;
         NTSTATUS status;
 
 	if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) {
@@ -607,7 +607,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
 					   &auth_info->credentials,
 					   response,
 					   p->remote_address,
-					   &ntlmssp_state);
+					   &gensec_security);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
 		DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
 			  nt_errstr(status)));
@@ -617,7 +617,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
 	/* Make sure data is bound to the memctx, to be freed the caller */
 	talloc_steal(mem_ctx, response->data);
 
-	p->auth.auth_ctx = ntlmssp_state;
+	p->auth.auth_ctx = gensec_security;
 	p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
 
 	DEBUG(10, (__location__ ": NTLMSSP auth started\n"));
@@ -633,7 +633,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
 *******************************************************************/
 
 static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
-				struct auth_ntlmssp_state *ntlmssp_ctx,
+				struct gensec_security *gensec_security,
 				enum dcerpc_AuthLevel auth_level,
 				struct auth_session_info **session_info)
 {
@@ -646,7 +646,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
 	   ensure the underlying NTLMSSP flags are also set. If not we should
 	   refuse the bind. */
 
-	status = ntlmssp_server_check_flags(ntlmssp_ctx,
+	status = ntlmssp_server_check_flags(gensec_security,
 					    (auth_level ==
 						DCERPC_AUTH_LEVEL_INTEGRITY),
 					    (auth_level ==
@@ -659,7 +659,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
 
 	TALLOC_FREE(*session_info);
 
-	status = ntlmssp_server_get_user_info(ntlmssp_ctx,
+	status = ntlmssp_server_get_user_info(gensec_security,
 						mem_ctx, session_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, (__location__ ": failed to obtain the server info "
@@ -772,7 +772,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
 static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
 {
 	enum spnego_mech auth_type;
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct spnego_context *spnego_ctx;
 	struct gse_context *gse_ctx;
 	void *mech_ctx;
@@ -780,9 +780,9 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
 
 	switch (p->auth.auth_type) {
 	case DCERPC_AUTH_TYPE_NTLMSSP:
-		ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
-						    struct auth_ntlmssp_state);
-		if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx,
+		gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
+							struct gensec_security);
+		if (!pipe_ntlmssp_verify_final(p, gensec_security,
 						p->auth.auth_level,
 						&p->session_info)) {
 			return NT_STATUS_ACCESS_DENIED;
@@ -824,9 +824,9 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
 			}
 			break;
 		case SPNEGO_NTLMSSP:
-			ntlmssp_ctx = talloc_get_type_abort(mech_ctx,
-						struct auth_ntlmssp_state);
-			if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx,
+			gensec_security = talloc_get_type_abort(mech_ctx,
+						struct gensec_security);
+			if (!pipe_ntlmssp_verify_final(p, gensec_security,
 							p->auth.auth_level,
 							&p->session_info)) {
 				return NT_STATUS_ACCESS_DENIED;
@@ -1163,7 +1163,7 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
 {
 	struct dcerpc_auth auth_info;
 	DATA_BLOB response = data_blob_null;
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct spnego_context *spnego_ctx;
 	struct gse_context *gse_ctx;
 	NTSTATUS status;
@@ -1211,9 +1211,9 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
 
 	switch (auth_info.auth_type) {
 	case DCERPC_AUTH_TYPE_NTLMSSP:
-		ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
-						    struct auth_ntlmssp_state);
-		status = ntlmssp_server_step(ntlmssp_ctx,
+		gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
+						    struct gensec_security);
+		status = ntlmssp_server_step(gensec_security,
 					     pkt, &auth_info.credentials,
 					     &response);
 		break;
@@ -1282,7 +1282,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
 	DATA_BLOB auth_resp = data_blob_null;
 	DATA_BLOB auth_blob = data_blob_null;
 	int pad_len = 0;
-	struct auth_ntlmssp_state *ntlmssp_ctx;
+	struct gensec_security *gensec_security;
 	struct spnego_context *spnego_ctx;
 	struct gse_context *gse_ctx;
 
@@ -1379,9 +1379,9 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
 						    &auth_resp);
 			break;
 		case DCERPC_AUTH_TYPE_NTLMSSP:
-			ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
-						    struct auth_ntlmssp_state);
-			status = ntlmssp_server_step(ntlmssp_ctx,
+			gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
+						    struct gensec_security);
+			status = ntlmssp_server_step(gensec_security,
 						     pkt,
 						     &auth_info.credentials,
 						     &auth_resp);
-- 
cgit