This avoids the indirection via the auth_ntlmsssp wrapper functions.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
struct gensec_security *gensec_security;
};
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig);
NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
const char *user);
NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_sign_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- mem_ctx,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_sign_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_check_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_check_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_seal_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- mem_ctx,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_seal_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ mem_ctx,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
sp_ctx->mech_ctx.gssapi_state,
data, signature);
case SPNEGO_NTLMSSP:
- return auth_ntlmssp_unseal_packet(
- sp_ctx->mech_ctx.ntlmssp_state,
- data->data, data->length,
- full_data->data, full_data->length,
- signature);
+ return gensec_unseal_packet(
+ sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+ data->data, data->length,
+ full_data->data, full_data->length,
+ signature);
default:
return NT_STATUS_INVALID_PARAMETER;
}
#include "ntlmssp_wrap.h"
#include "librpc/crypto/gse.h"
#include "librpc/crypto/spnego.h"
+#include "auth/gensec/gensec.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_PARSE
switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- status = auth_ntlmssp_seal_packet(auth_state,
- rpc_out->data,
- rpc_out->data
- + DCERPC_RESPONSE_LENGTH,
- data_and_pad_len,
- rpc_out->data,
- rpc_out->length,
- &auth_blob);
+ status = gensec_seal_packet(auth_state->gensec_security,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = auth_ntlmssp_sign_packet(auth_state,
- rpc_out->data,
- rpc_out->data
- + DCERPC_RESPONSE_LENGTH,
- data_and_pad_len,
- rpc_out->data,
- rpc_out->length,
- &auth_blob);
+ status = gensec_sign_packet(auth_state->gensec_security,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- return auth_ntlmssp_unseal_packet(auth_state,
- data->data,
- data->length,
- full_pkt->data,
- full_pkt->length,
- auth_token);
+ return gensec_unseal_packet(auth_state->gensec_security,
+ data->data,
+ data->length,
+ full_pkt->data,
+ full_pkt->length,
+ auth_token);
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- return auth_ntlmssp_check_packet(auth_state,
- data->data,
- data->length,
- full_pkt->data,
- full_pkt->length,
- auth_token);
+ return gensec_check_packet(auth_state->gensec_security,
+ data->data,
+ data->length,
+ full_pkt->data,
+ full_pkt->length,
+ auth_token);
default:
return NT_STATUS_INVALID_PARAMETER;
#include "librpc/rpc/dcerpc.h"
#include "lib/param/param.h"
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig)
-{
- return gensec_sign_packet(ans->gensec_security,
- sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
- const uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return gensec_check_packet(ans->gensec_security,
- data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- DATA_BLOB *sig)
-{
- return gensec_seal_packet(ans->gensec_security,
- sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
- uint8_t *data,
- size_t length,
- const uint8_t *whole_pdu,
- size_t pdu_length,
- const DATA_BLOB *sig)
-{
- return gensec_unseal_packet(ans->gensec_security,
- data, length, whole_pdu, pdu_length, sig);
-}
-
NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
const char *user)
{
#include "libsmb/libsmb.h"
#include "ntlmssp_wrap.h"
#include "libcli/auth/krb5_wrap.h"
+#include "auth/gensec/gensec.h"
#undef malloc
/* Point at the signature. */
sig = data_blob_const(inbuf+8, NTLMSSP_SIG_SIZE);
- status = auth_ntlmssp_unseal_packet(auth_ntlmssp_state,
+ status = gensec_unseal_packet(auth_ntlmssp_state->gensec_security,
(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'E' <enc> <ctx> */
data_len,
(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE,
ZERO_STRUCT(sig);
- status = auth_ntlmssp_seal_packet(auth_ntlmssp_state,
- frame,
+ status = gensec_seal_packet(auth_ntlmssp_state->gensec_security,
+ frame,
(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' <enc> <ctx> */
data_len,
(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE,