git.samba.org / ddiss / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
[ddiss/samba.git] / source3 / librpc / rpc / dcerpc_helpers.c
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index dc3b570a6c362585b49b0c6ffeb3778b172214a1..1e8edc334715cb4c383df04cb7fff44b2bc7f38a 100644 (file)
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -267,6 +267,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 {
        size_t max_len;
        size_t mod_len;
+       struct gensec_security *gensec_security;
        struct schannel_state *schannel_auth;
        struct spnego_context *spnego_ctx;
        struct gse_context *gse_ctx;
@@ -315,7 +316,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
                }
                switch (auth_type) {
                case SPNEGO_NTLMSSP:
-                       *auth_len = NTLMSSP_SIG_SIZE;
+                       gensec_security = talloc_get_type_abort(auth_ctx,
+                                                               struct gensec_security);
+                       *auth_len = gensec_sig_size(gensec_security, max_len);
                        break;
 
                case SPNEGO_KRB5:
@@ -334,7 +337,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
                break;
 
        case DCERPC_AUTH_TYPE_NTLMSSP:
-               *auth_len = NTLMSSP_SIG_SIZE;
+               gensec_security = talloc_get_type_abort(auth->auth_ctx,
+                                                       struct gensec_security);
+               *auth_len = gensec_sig_size(gensec_security, max_len);
                break;
 
        case DCERPC_AUTH_TYPE_SCHANNEL:
@@ -379,7 +384,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
  Create and add the NTLMSSP sign/seal auth data.
  ********************************************************************/
 
-static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
+static NTSTATUS add_ntlmssp_auth_footer(struct gensec_security *gensec_security,
                                        enum dcerpc_AuthLevel auth_level,
                                        DATA_BLOB *rpc_out)
 {
@@ -389,14 +394,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
        DATA_BLOB auth_blob;
        NTSTATUS status;
 
-       if (!auth_state) {
+       if (!gensec_security) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
        switch (auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
                /* Data portion is encrypted. */
-               status = gensec_seal_packet(auth_state->gensec_security,
+               status = gensec_seal_packet(gensec_security,
                                            rpc_out->data,
                                            rpc_out->data
                                            + DCERPC_RESPONSE_LENGTH,
@@ -411,7 +416,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 
        case DCERPC_AUTH_LEVEL_INTEGRITY:
                /* Data is signed. */
-               status = gensec_sign_packet(auth_state->gensec_security,
+               status = gensec_sign_packet(gensec_security,
                                            rpc_out->data,
                                            rpc_out->data
                                            + DCERPC_RESPONSE_LENGTH,
@@ -447,7 +452,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
  Check/unseal the NTLMSSP auth data. (Unseal in place).
  ********************************************************************/
 
-static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
+static NTSTATUS get_ntlmssp_auth_footer(struct gensec_security *gensec_security,
                                        enum dcerpc_AuthLevel auth_level,
                                        DATA_BLOB *data, DATA_BLOB *full_pkt,
                                        DATA_BLOB *auth_token)
@@ -455,7 +460,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
        switch (auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
                /* Data portion is encrypted. */
-               return gensec_unseal_packet(auth_state->gensec_security,
+               return gensec_unseal_packet(gensec_security,
                                            data->data,
                                            data->length,
                                            full_pkt->data,
@@ -464,7 +469,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 
        case DCERPC_AUTH_LEVEL_INTEGRITY:
                /* Data is signed. */
-               return gensec_check_packet(auth_state->gensec_security,
+               return gensec_check_packet(gensec_security,
                                           data->data,
                                           data->length,
                                           full_pkt->data,
@@ -747,7 +752,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
                                size_t pad_len, DATA_BLOB *rpc_out)
 {
        struct schannel_state *schannel_auth;
-       struct auth_ntlmssp_state *ntlmssp_ctx;
+       struct gensec_security *gensec_security;
        struct spnego_context *spnego_ctx;
        struct gse_context *gse_ctx;
        char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
@@ -804,9 +809,9 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
                                                auth->auth_level, rpc_out);
                break;
        case DCERPC_AUTH_TYPE_NTLMSSP:
-               ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx,
-                                               struct auth_ntlmssp_state);
-               status = add_ntlmssp_auth_footer(ntlmssp_ctx,
+               gensec_security = talloc_get_type_abort(auth->auth_ctx,
+                                               struct gensec_security);
+               status = add_ntlmssp_auth_footer(gensec_security,
                                                 auth->auth_level,
                                                 rpc_out);
                break;
@@ -852,7 +857,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
                           size_t *pad_len)
 {
        struct schannel_state *schannel_auth;
-       struct auth_ntlmssp_state *ntlmssp_ctx;
+       struct gensec_security *gensec_security;
        struct spnego_context *spnego_ctx;
        struct gse_context *gse_ctx;
        NTSTATUS status;
@@ -936,9 +941,9 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
 
                DEBUG(10, ("NTLMSSP auth\n"));
 
-               ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx,
-                                               struct auth_ntlmssp_state);
-               status = get_ntlmssp_auth_footer(ntlmssp_ctx,
+               gensec_security = talloc_get_type_abort(auth->auth_ctx,
+                                               struct gensec_security);
+               status = get_ntlmssp_auth_footer(gensec_security,
                                                 auth->auth_level,
                                                 &data, &full_pkt,
                                                 &auth_info.credentials);
ddiss' public Samba repository