From 3b706865f6bae7a2b04590da160bda939a3bafe5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 May 2010 15:34:06 +1000
Subject: s3:auth Make AUTH_NTLMSSP_STATE a private structure.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This makes it a little easier for it to writen in terms of GENSEC in future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/rpc_server/srv_pipe.c | 53 ++++++++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 26 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 272b5360ad..bd09386dc0 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -225,8 +225,8 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
 	switch (p->auth.auth_level) {
 		case DCERPC_AUTH_LEVEL_PRIVACY:
 			/* Data portion is encrypted. */
-			status = ntlmssp_seal_packet(
-				a->ntlmssp_state,
+			status = auth_ntlmssp_seal_packet(
+				a,
 				(uint8_t *)prs_data_p(&p->out_data.frag)
 				+ RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
 				data_len + ss_padding_len,
@@ -241,8 +241,8 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
 			break;
 		case DCERPC_AUTH_LEVEL_INTEGRITY:
 			/* Data is signed. */
-			status = ntlmssp_sign_packet(
-				a->ntlmssp_state,
+			status = auth_ntlmssp_sign_packet(
+				a,
 				(unsigned char *)prs_data_p(&p->out_data.frag)
 				+ RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
 				data_len + ss_padding_len,
@@ -684,7 +684,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 	   refuse the bind. */
 
 	if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
-		if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+		if (!auth_ntlmssp_negotiated_sign(a)) {
 			DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
 				"but client declined signing.\n",
 				 get_pipe_name_from_syntax(talloc_tos(),
@@ -693,7 +693,7 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 		}
 	}
 	if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
-		if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+		if (!auth_ntlmssp_negotiated_seal(a)) {
 			DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
 				"but client declined sealing.\n",
 				 get_pipe_name_from_syntax(talloc_tos(),
@@ -703,23 +703,24 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 	}
 
 	DEBUG(5, ("pipe_ntlmssp_verify_final: OK: user: %s domain: %s "
-		  "workstation: %s\n", a->ntlmssp_state->user,
-		  a->ntlmssp_state->domain,
-		  a->ntlmssp_state->client.netbios_name));
-
-	if (a->server_info->ptok == NULL) {
-		DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
-		return False;
-	}
+		  "workstation: %s\n",
+		  auth_ntlmssp_get_username(a),
+		  auth_ntlmssp_get_domain(a),
+		  auth_ntlmssp_get_client(a)));
 
 	TALLOC_FREE(p->server_info);
 
-	p->server_info = copy_serverinfo(p, a->server_info);
+	p->server_info = auth_ntlmssp_server_info(p, a);
 	if (p->server_info == NULL) {
-		DEBUG(0, ("copy_serverinfo failed\n"));
+		DEBUG(0, ("auth_ntlmssp_server_info failed to obtain the server info for authenticated user\n"));
 		return false;
 	}
 
+	if (p->server_info->ptok == NULL) {
+		DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
+		return False;
+	}
+
 	/*
 	 * We're an authenticated bind over smb, so the session key needs to
 	 * be set to "SystemLibraryDTC". Weird, but this is what Windows
@@ -2324,22 +2325,22 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
 	switch (p->auth.auth_level) {
 		case DCERPC_AUTH_LEVEL_PRIVACY:
 			/* Data is encrypted. */
-			*pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
-							data, data_len,
-							full_packet_data,
-							full_packet_data_len,
-							&auth_blob);
+			*pstatus = auth_ntlmssp_unseal_packet(a,
+							      data, data_len,
+							      full_packet_data,
+							      full_packet_data_len,
+							      &auth_blob);
 			if (!NT_STATUS_IS_OK(*pstatus)) {
 				return False;
 			}
 			break;
 		case DCERPC_AUTH_LEVEL_INTEGRITY:
 			/* Data is signed. */
-			*pstatus = ntlmssp_check_packet(a->ntlmssp_state,
-							data, data_len,
-							full_packet_data,
-							full_packet_data_len,
-							&auth_blob);
+			*pstatus = auth_ntlmssp_check_packet(a,
+							     data, data_len,
+							     full_packet_data,
+							     full_packet_data_len,
+							     &auth_blob);
 			if (!NT_STATUS_IS_OK(*pstatus)) {
 				return False;
 			}
-- 
cgit