From 5ddec1182ec378e4560f0d98604060fdc4b6f542 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 2 Jan 2012 15:48:09 +1100
Subject: s3-librpc: Simplify SPNEGO code now that all mechs use a struct
 gensec_security

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/librpc/crypto/cli_spnego.c  | 103 ++++++++++--------------------------
 source3/librpc/crypto/spnego.h      |   1 -
 source3/librpc/rpc/dcerpc_helpers.c |   4 +-
 source3/rpc_server/dcesrv_spnego.c  |  15 ++----
 source3/rpc_server/srv_pipe.c       |   5 +-
 5 files changed, 32 insertions(+), 96 deletions(-)

(limited to 'source3')

diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 0a4bd18b22..dfc31b2d52 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -273,31 +273,13 @@ bool spnego_require_more_processing(struct spnego_context *sp_ctx)
 		return true;
 	}
 
-	/* otherwise see if underlying mechnism does */
-	switch (sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		return sp_ctx->more_processing;
-	default:
-		DEBUG(0, ("Unsupported type in request!\n"));
-		return false;
-	}
+	return sp_ctx->more_processing;
 }
 
 NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
-				    enum spnego_mech *type,
 				    struct gensec_security **auth_context)
 {
-	switch (sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		*auth_context = sp_ctx->mech_ctx.gensec_security;
-		break;
-	default:
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	*type = sp_ctx->mech;
+	*auth_context = sp_ctx->mech_ctx.gensec_security;
 	return NT_STATUS_OK;
 }
 
@@ -306,18 +288,11 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
 {
 	DATA_BLOB sk;
 	NTSTATUS status;
-	switch (sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk);
-		if (!NT_STATUS_IS_OK(status)) {
-			return data_blob_null;
-		}
-		return sk;
-	default:
-		DEBUG(0, ("Unsupported type in request!\n"));
+	status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk);
+	if (!NT_STATUS_IS_OK(status)) {
 		return data_blob_null;
 	}
+	return sk;
 }
 
 NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
@@ -325,18 +300,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
 			DATA_BLOB *data, DATA_BLOB *full_data,
 			DATA_BLOB *signature)
 {
-	switch(sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		return gensec_sign_packet(
-			sp_ctx->mech_ctx.gensec_security,
-			mem_ctx,
-			data->data, data->length,
-			full_data->data, full_data->length,
-			signature);
-	default:
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	return gensec_sign_packet(
+		sp_ctx->mech_ctx.gensec_security,
+		mem_ctx,
+		data->data, data->length,
+		full_data->data, full_data->length,
+		signature);
 }
 
 NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
@@ -344,17 +313,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
 			 DATA_BLOB *data, DATA_BLOB *full_data,
 			 DATA_BLOB *signature)
 {
-	switch(sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		return gensec_check_packet(
-			sp_ctx->mech_ctx.gensec_security,
-			data->data, data->length,
-			full_data->data, full_data->length,
-			signature);
-	default:
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	return gensec_check_packet(
+		sp_ctx->mech_ctx.gensec_security,
+		data->data, data->length,
+		full_data->data, full_data->length,
+		signature);
 }
 
 NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
@@ -362,18 +325,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
 			DATA_BLOB *data, DATA_BLOB *full_data,
 			DATA_BLOB *signature)
 {
-	switch(sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		return gensec_seal_packet(
-			sp_ctx->mech_ctx.gensec_security,
-			mem_ctx,
-			data->data, data->length,
-			full_data->data, full_data->length,
-			signature);
-	default:
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	return gensec_seal_packet(
+		sp_ctx->mech_ctx.gensec_security,
+		mem_ctx,
+		data->data, data->length,
+		full_data->data, full_data->length,
+		signature);
 }
 
 NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
@@ -381,15 +338,9 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
 			DATA_BLOB *data, DATA_BLOB *full_data,
 			DATA_BLOB *signature)
 {
-	switch(sp_ctx->mech) {
-	case SPNEGO_KRB5:
-	case SPNEGO_NTLMSSP:
-		return gensec_unseal_packet(
-			sp_ctx->mech_ctx.gensec_security,
-			data->data, data->length,
-			full_data->data, full_data->length,
-			signature);
-	default:
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	return gensec_unseal_packet(
+		sp_ctx->mech_ctx.gensec_security,
+		data->data, data->length,
+		full_data->data, full_data->length,
+		signature);
 }
diff --git a/source3/librpc/crypto/spnego.h b/source3/librpc/crypto/spnego.h
index 57396a63c5..5a63a7f9c4 100644
--- a/source3/librpc/crypto/spnego.h
+++ b/source3/librpc/crypto/spnego.h
@@ -72,7 +72,6 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
 bool spnego_require_more_processing(struct spnego_context *sp_ctx);
 
 NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
-				    enum spnego_mech *type,
 				    struct gensec_security **auth_context);
 
 DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index ed0e0fe932..5a50f2b24a 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -268,7 +268,6 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 	struct gensec_security *gensec_security;
 	struct schannel_state *schannel_auth;
 	struct spnego_context *spnego_ctx;
-	enum spnego_mech auth_type;
 	NTSTATUS status;
 
 	/* no auth token cases first */
@@ -303,8 +302,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 	case DCERPC_AUTH_TYPE_SPNEGO:
 		spnego_ctx = talloc_get_type_abort(auth->auth_ctx,
 						   struct spnego_context);
-		status = spnego_get_negotiated_mech(spnego_ctx,
-						    &auth_type, &gensec_security);
+		status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c
index 1bea2321ef..0a6b3b8512 100644
--- a/source3/rpc_server/dcesrv_spnego.c
+++ b/source3/rpc_server/dcesrv_spnego.c
@@ -136,18 +136,9 @@ NTSTATUS spnego_server_step(struct spnego_context *sp_ctx,
 
 	case SPNEGO_CONV_AUTH_MORE:
 
-		switch(sp_ctx->mech) {
-		case SPNEGO_KRB5:
-		case SPNEGO_NTLMSSP:
-			status = auth_generic_server_step(
-					sp_ctx->mech_ctx.gensec_security,
-					mem_ctx, &token_in, &token_out);
-			break;
-		default:
-			status = NT_STATUS_INVALID_PARAMETER;
-			goto done;
-		}
-
+		status = auth_generic_server_step(
+			sp_ctx->mech_ctx.gensec_security,
+			mem_ctx, &token_in, &token_out);
 		break;
 
 	case SPNEGO_CONV_AUTH_DONE:
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 18389b42e0..8731a28d82 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -678,10 +678,8 @@ static bool pipe_auth_generic_verify_final(TALLOC_CTX *mem_ctx,
 
 static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
 {
-	enum spnego_mech auth_type;
 	struct gensec_security *gensec_security;
 	struct spnego_context *spnego_ctx;
-	void *mech_ctx;
 	NTSTATUS status;
 
 	switch (p->auth.auth_type) {
@@ -698,8 +696,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
 	case DCERPC_AUTH_TYPE_SPNEGO:
 		spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx,
 						   struct spnego_context);
-		status = spnego_get_negotiated_mech(spnego_ctx,
-						    &auth_type, &gensec_security);
+		status = spnego_get_negotiated_mech(spnego_ctx, &gensec_security);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("Bad SPNEGO state (%s)\n",
 				  nt_errstr(status)));
-- 
cgit