From 0ad10aec63201c45b09f91541e9eee17fcf7ede5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Dec 2004 15:44:17 +0000 Subject: r4079: implement the gensec_have_feature() correctly by asking the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737) --- source4/libcli/auth/gensec.c | 27 ++++++++++++--------------- source4/libcli/auth/gensec.h | 7 ++++--- source4/libcli/auth/gensec_ntlmssp.c | 31 +++++++++++++++++++++++++------ 3 files changed, 41 insertions(+), 24 deletions(-) (limited to 'source4/libcli/auth') diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index 7243222b6d..147d1b12df 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -137,6 +137,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gense (*gensec_security)->subcontext = False; (*gensec_security)->want_features = 0; + (*gensec_security)->have_features = 0; return NT_STATUS_OK; } @@ -232,11 +233,11 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, return NT_STATUS_INVALID_PARAMETER; } if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { - gensec_want_feature(gensec_security, GENSEC_WANT_SIGN); + gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); } if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { - gensec_want_feature(gensec_security, GENSEC_WANT_SIGN); - gensec_want_feature(gensec_security, GENSEC_WANT_SEAL); + gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); + gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); } return gensec_start_mech(gensec_security); @@ -310,8 +311,8 @@ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, if (!gensec_security->ops->unseal_packet) { return NT_STATUS_NOT_IMPLEMENTED; } - if (!(gensec_security->want_features & GENSEC_WANT_SEAL)) { - if (gensec_security->want_features & GENSEC_WANT_SIGN) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return gensec_check_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, @@ -335,7 +336,7 @@ NTSTATUS gensec_check_packet(struct gensec_security *gensec_security, if (!gensec_security->ops->check_packet) { return NT_STATUS_NOT_IMPLEMENTED; } - if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return NT_STATUS_INVALID_PARAMETER; } @@ -351,8 +352,8 @@ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, if (!gensec_security->ops->seal_packet) { return NT_STATUS_NOT_IMPLEMENTED; } - if (!(gensec_security->want_features & GENSEC_WANT_SEAL)) { - if (gensec_security->want_features & GENSEC_WANT_SIGN) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return gensec_sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, @@ -373,7 +374,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, if (!gensec_security->ops->sign_packet) { return NT_STATUS_NOT_IMPLEMENTED; } - if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return NT_STATUS_INVALID_PARAMETER; } @@ -385,7 +386,7 @@ size_t gensec_sig_size(struct gensec_security *gensec_security) if (!gensec_security->ops->sig_size) { return 0; } - if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return 0; } @@ -398,10 +399,6 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, if (!gensec_security->ops->session_key) { return NT_STATUS_NOT_IMPLEMENTED; } - if (!(gensec_security->want_features & GENSEC_WANT_SESSION_KEY)) { - return NT_STATUS_INVALID_PARAMETER; - } - return gensec_security->ops->session_key(gensec_security, session_key); } @@ -474,7 +471,7 @@ void gensec_want_feature(struct gensec_security *gensec_security, BOOL gensec_have_feature(struct gensec_security *gensec_security, uint32 feature) { - if (gensec_security->want_features & feature) { + if (gensec_security->have_features & feature) { return True; } diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index f8b7e292e8..3d645bee82 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -41,9 +41,9 @@ struct gensec_target { const char *service; }; -#define GENSEC_WANT_SESSION_KEY 0x1 -#define GENSEC_WANT_SIGN 0x2 -#define GENSEC_WANT_SEAL 0x4 +#define GENSEC_FEATURE_SESSION_KEY 0x00000001 +#define GENSEC_FEATURE_SIGN 0x00000002 +#define GENSEC_FEATURE_SEAL 0x00000004 /* GENSEC mode */ enum gensec_role @@ -99,6 +99,7 @@ struct gensec_security { enum gensec_role gensec_role; BOOL subcontext; uint32 want_features; + uint32 have_features; }; /* this structure is used by backends to determine the size of some critical types */ diff --git a/source4/libcli/auth/gensec_ntlmssp.c b/source4/libcli/auth/gensec_ntlmssp.c index 147e2359f4..07dacfb5e0 100644 --- a/source4/libcli/auth/gensec_ntlmssp.c +++ b/source4/libcli/auth/gensec_ntlmssp.c @@ -178,10 +178,10 @@ static NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_secur return nt_status; } - if (gensec_security->want_features & GENSEC_WANT_SIGN) { + if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } - if (gensec_security->want_features & GENSEC_WANT_SEAL) { + if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } @@ -219,7 +219,7 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur return status; } - if (gensec_security->want_features & GENSEC_WANT_SESSION_KEY) { + if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { /* * We need to set this to allow a later SetPassword * via the SAMR pipe to succeed. Strange.... We could @@ -231,10 +231,10 @@ static NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_secur */ gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } - if (gensec_security->want_features & GENSEC_WANT_SIGN) { + if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } - if (gensec_security->want_features & GENSEC_WANT_SEAL) { + if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } @@ -343,8 +343,27 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, T const DATA_BLOB in, DATA_BLOB *out) { struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data; + NTSTATUS status; + + status = ntlmssp_update(gensec_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { + return status; + } + + if (gensec_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { + gensec_security->have_features |= GENSEC_FEATURE_SIGN; + } + + if (gensec_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { + gensec_security->have_features |= GENSEC_FEATURE_SEAL; + } - return ntlmssp_update(gensec_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out); + if (gensec_ntlmssp_state->ntlmssp_state->session_key.data) { + gensec_security->have_features |= GENSEC_FEATURE_SESSION_KEY; + } + + return status; } /** -- cgit