From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 18 Oct 2011 10:27:39 +0000 (+1100)
Subject: s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet
X-Git-Url: http://git.samba.org/?p=rusty%2Fsamba.git;a=commitdiff_plain;h=bd29f79463009ff7383cb17a3f766fddcdb1f302

s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet

This avoids the indirection via the auth_ntlmsssp wrapper functions.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index a2c4f7a6be4..f58e63e85e6 100644
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -34,32 +34,6 @@ struct auth_ntlmssp_state {
 	struct gensec_security *gensec_security;
 };
 
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
-				  TALLOC_CTX *sig_mem_ctx,
-				  const uint8_t *data,
-				  size_t length,
-				  const uint8_t *whole_pdu,
-				  size_t pdu_length,
-				  DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
-				   const uint8_t *data,
-				   size_t length,
-				   const uint8_t *whole_pdu,
-				   size_t pdu_length,
-				   const DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
-				  TALLOC_CTX *sig_mem_ctx,
-				  uint8_t *data,
-				  size_t length,
-				  const uint8_t *whole_pdu,
-				  size_t pdu_length,
-				  DATA_BLOB *sig);
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
-				    uint8_t *data,
-				    size_t length,
-				    const uint8_t *whole_pdu,
-				    size_t pdu_length,
-				    const DATA_BLOB *sig);
 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
 				   const char *user);
 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index db03fdc852d..1320a95216f 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -354,12 +354,12 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
 				sp_ctx->mech_ctx.gssapi_state,
 				data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_sign_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					mem_ctx,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_sign_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			mem_ctx,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -376,11 +376,11 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
 				    sp_ctx->mech_ctx.gssapi_state,
 				    data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_check_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_check_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -397,12 +397,12 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
 				sp_ctx->mech_ctx.gssapi_state,
 				data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_seal_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					mem_ctx,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_seal_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			mem_ctx,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -419,11 +419,11 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
 				    sp_ctx->mech_ctx.gssapi_state,
 				    data, signature);
 	case SPNEGO_NTLMSSP:
-		return auth_ntlmssp_unseal_packet(
-					sp_ctx->mech_ctx.ntlmssp_state,
-					data->data, data->length,
-					full_data->data, full_data->length,
-					signature);
+		return gensec_unseal_packet(
+			sp_ctx->mech_ctx.ntlmssp_state->gensec_security,
+			data->data, data->length,
+			full_data->data, full_data->length,
+			signature);
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 32dbfdfe483..dc3b570a6c3 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -28,6 +28,7 @@
 #include "ntlmssp_wrap.h"
 #include "librpc/crypto/gse.h"
 #include "librpc/crypto/spnego.h"
+#include "auth/gensec/gensec.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_PARSE
@@ -395,14 +396,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 	switch (auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
-		status = auth_ntlmssp_seal_packet(auth_state,
-					     rpc_out->data,
-					     rpc_out->data
-						+ DCERPC_RESPONSE_LENGTH,
-					     data_and_pad_len,
-					     rpc_out->data,
-					     rpc_out->length,
-					     &auth_blob);
+		status = gensec_seal_packet(auth_state->gensec_security,
+					    rpc_out->data,
+					    rpc_out->data
+					    + DCERPC_RESPONSE_LENGTH,
+					    data_and_pad_len,
+					    rpc_out->data,
+					    rpc_out->length,
+					    &auth_blob);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -410,14 +411,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		/* Data is signed. */
-		status = auth_ntlmssp_sign_packet(auth_state,
-					     rpc_out->data,
-					     rpc_out->data
-						+ DCERPC_RESPONSE_LENGTH,
-					     data_and_pad_len,
-					     rpc_out->data,
-					     rpc_out->length,
-					     &auth_blob);
+		status = gensec_sign_packet(auth_state->gensec_security,
+					    rpc_out->data,
+					    rpc_out->data
+					    + DCERPC_RESPONSE_LENGTH,
+					    data_and_pad_len,
+					    rpc_out->data,
+					    rpc_out->length,
+					    &auth_blob);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -454,21 +455,21 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
 	switch (auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
-		return auth_ntlmssp_unseal_packet(auth_state,
-						  data->data,
-						  data->length,
-						  full_pkt->data,
-						  full_pkt->length,
-						  auth_token);
+		return gensec_unseal_packet(auth_state->gensec_security,
+					    data->data,
+					    data->length,
+					    full_pkt->data,
+					    full_pkt->length,
+					    auth_token);
 
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		/* Data is signed. */
-		return auth_ntlmssp_check_packet(auth_state,
-						 data->data,
-						 data->length,
-						 full_pkt->data,
-						 full_pkt->length,
-						 auth_token);
+		return gensec_check_packet(auth_state->gensec_security,
+					   data->data,
+					   data->length,
+					   full_pkt->data,
+					   full_pkt->length,
+					   auth_token);
 
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index e18a60b730d..a4704440547 100644
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -26,52 +26,6 @@
 #include "librpc/rpc/dcerpc.h"
 #include "lib/param/param.h"
 
-NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
-				  TALLOC_CTX *sig_mem_ctx,
-				  const uint8_t *data,
-				  size_t length,
-				  const uint8_t *whole_pdu,
-				  size_t pdu_length,
-				  DATA_BLOB *sig)
-{
-	return gensec_sign_packet(ans->gensec_security,
-				  sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
-				   const uint8_t *data,
-				   size_t length,
-				   const uint8_t *whole_pdu,
-				   size_t pdu_length,
-				   const DATA_BLOB *sig)
-{
-	return gensec_check_packet(ans->gensec_security,
-				   data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
-				  TALLOC_CTX *sig_mem_ctx,
-				  uint8_t *data,
-				  size_t length,
-				  const uint8_t *whole_pdu,
-				  size_t pdu_length,
-				  DATA_BLOB *sig)
-{
-	return gensec_seal_packet(ans->gensec_security,
-				  sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
-}
-
-NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
-				    uint8_t *data,
-				    size_t length,
-				    const uint8_t *whole_pdu,
-				    size_t pdu_length,
-				    const DATA_BLOB *sig)
-{
-	return gensec_unseal_packet(ans->gensec_security,
-				    data, length, whole_pdu, pdu_length, sig);
-}
-
 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
 				   const char *user)
 {
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 950f3e3822f..f767f16be50 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -23,6 +23,7 @@
 #include "libsmb/libsmb.h"
 #include "ntlmssp_wrap.h"
 #include "libcli/auth/krb5_wrap.h"
+#include "auth/gensec/gensec.h"
 
 #undef malloc
 
@@ -99,7 +100,7 @@ static NTSTATUS common_ntlm_decrypt_buffer(struct auth_ntlmssp_state *auth_ntlms
 	/* Point at the signature. */
 	sig = data_blob_const(inbuf+8, NTLMSSP_SIG_SIZE);
 
-	status = auth_ntlmssp_unseal_packet(auth_ntlmssp_state,
+	status = gensec_unseal_packet(auth_ntlmssp_state->gensec_security,
 		(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'E' <enc> <ctx> */
 		data_len,
 		(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE,
@@ -163,8 +164,8 @@ static NTSTATUS common_ntlm_encrypt_buffer(struct auth_ntlmssp_state *auth_ntlms
 
 	ZERO_STRUCT(sig);
 
-	status = auth_ntlmssp_seal_packet(auth_ntlmssp_state,
-				     frame,
+	status = gensec_seal_packet(auth_ntlmssp_state->gensec_security,
+				    frame,
 		(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' <enc> <ctx> */
 		data_len,
 		(unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE,