From d4c2f252dac7b756958c9df3192581cf9ccde529 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 30 Dec 2009 16:02:37 +0100
Subject: s4:ntlmssp: split gensec_ntlmssp_seal_packet() and
 ntlmssp_seal_packet()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source4/auth/ntlmssp/ntlmssp_sign.c | 56 ++++++++++++++++++++++++-------------
 1 file changed, 37 insertions(+), 19 deletions(-)

(limited to 'source4/auth/ntlmssp')

diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 3c18c34f82..3b18976d3c 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -211,41 +211,39 @@ NTSTATUS ntlmssp_check_packet(struct gensec_ntlmssp_state *ntlmssp_state,
  *
  */
 
-NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
-				    TALLOC_CTX *sig_mem_ctx,
-				    uint8_t *data, size_t length,
-				    const uint8_t *whole_pdu, size_t pdu_length,
-				    DATA_BLOB *sig)
+NTSTATUS ntlmssp_seal_packet(struct gensec_ntlmssp_state *ntlmssp_state,
+			     TALLOC_CTX *sig_mem_ctx,
+			     uint8_t *data, size_t length,
+			     const uint8_t *whole_pdu, size_t pdu_length,
+			     DATA_BLOB *sig)
 {
-	struct gensec_ntlmssp_context *gensec_ntlmssp =
-		talloc_get_type_abort(gensec_security->private_data,
-				      struct gensec_ntlmssp_context);
-	struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
 	NTSTATUS nt_status;
-	if (!gensec_ntlmssp_state->session_key.length) {
+
+	if (!ntlmssp_state->session_key.length) {
 		DEBUG(3, ("NO session key, cannot seal packet\n"));
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 
 	DEBUG(10,("ntlmssp_seal_data: seal\n"));
 	dump_data_pw("ntlmssp clear data\n", data, length);
-	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+	if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
 		/* The order of these two operations matters - we must first seal the packet,
 		   then seal the sequence number - this is because the send_seal_hash is not
 		   constant, but is is rather updated with each iteration */
-		nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
+		nt_status = ntlmssp_make_packet_signature(ntlmssp_state, sig_mem_ctx,
 							  data, length,
 							  whole_pdu, pdu_length,
 							  NTLMSSP_SEND, sig, false);
-		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, data, length);
-		if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
-			arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, sig->data+4, 8);
+		arcfour_crypt_sbox(ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, data, length);
+		if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
+			arcfour_crypt_sbox(ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, sig->data+4, 8);
 		}
 	} else {
 		uint32_t crc;
 		crc = crc32_calc_buffer(data, length);
 		if (!msrpc_gen(sig_mem_ctx,
-			       sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, gensec_ntlmssp_state->crypt.ntlm.seq_num)) {
+			       sig, "dddd", NTLMSSP_SIGN_VERSION, 0,
+			       crc, ntlmssp_state->crypt.ntlm.seq_num)) {
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -255,10 +253,10 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
 		   constant, but is is rather updated with each
 		   iteration */
 
-		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
-		arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4, sig->length-4);
+		arcfour_crypt_sbox(ntlmssp_state->crypt.ntlm.arcfour_state, data, length);
+		arcfour_crypt_sbox(ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4, sig->length-4);
 		/* increment counter on send */
-		gensec_ntlmssp_state->crypt.ntlm.seq_num++;
+		ntlmssp_state->crypt.ntlm.seq_num++;
 		nt_status = NT_STATUS_OK;
 	}
 	dump_data_pw("ntlmssp signature\n", sig->data, sig->length);
@@ -491,6 +489,26 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
 	return nt_status;
 }
 
+NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
+				    TALLOC_CTX *sig_mem_ctx,
+				    uint8_t *data, size_t length,
+				    const uint8_t *whole_pdu, size_t pdu_length,
+				    DATA_BLOB *sig)
+{
+	struct gensec_ntlmssp_context *gensec_ntlmssp =
+		talloc_get_type_abort(gensec_security->private_data,
+				      struct gensec_ntlmssp_context);
+	NTSTATUS nt_status;
+
+	nt_status = ntlmssp_seal_packet(gensec_ntlmssp->ntlmssp_state,
+					sig_mem_ctx,
+					data, length,
+					whole_pdu, pdu_length,
+					sig);
+
+	return nt_status;
+}
+
 size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
 	return NTLMSSP_SIG_SIZE;
-- 
cgit