From 083025ccd53fe3ee90fcc81eb8d4c566e11fd6ac Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 18 Oct 2011 21:13:16 +1100
Subject: [PATCH] s3-ntlmssp Remove auth_ntlmssp_update wrapper

We now just call gensec_update directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/include/ntlmssp_wrap.h      |  4 ----
 source3/librpc/crypto/cli_spnego.c  |  5 +++--
 source3/libsmb/clifsinfo.c          |  5 +++--
 source3/libsmb/ntlmssp_wrap.c       |  7 -------
 source3/rpc_client/cli_pipe.c       |  7 ++++---
 source3/rpc_server/dcesrv_ntlmssp.c |  4 ++--
 source3/smbd/negprot.c              |  4 ++--
 source3/smbd/seal.c                 | 15 ++++++++-------
 source3/smbd/sesssetup.c            | 14 +++++++-------
 source3/smbd/smb2_sesssetup.c       | 23 ++++++++++++-----------
 10 files changed, 41 insertions(+), 47 deletions(-)

diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h
index bfbfdebd268..71fa3b73709 100644
--- a/source3/include/ntlmssp_wrap.h
+++ b/source3/include/ntlmssp_wrap.h
@@ -72,10 +72,6 @@ void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, 
 				       TALLOC_CTX *mem_ctx);
 
-NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
-			     TALLOC_CTX *mem_ctx,
-			     const DATA_BLOB request, DATA_BLOB *reply);
-
 NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx,
 				     struct auth_ntlmssp_state **_ans);
 NTSTATUS auth_ntlmssp_client_start(struct auth_ntlmssp_state *ans);
diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c
index 4742158b246..db03fdc852d 100644
--- a/source3/librpc/crypto/cli_spnego.c
+++ b/source3/librpc/crypto/cli_spnego.c
@@ -24,6 +24,7 @@
 #include "auth/ntlmssp/ntlmssp.h"
 #include "librpc/crypto/gse.h"
 #include "librpc/crypto/spnego.h"
+#include "auth/gensec/gensec.h"
 
 static NTSTATUS spnego_context_init(TALLOC_CTX *mem_ctx,
 				    bool do_sign, bool do_seal,
@@ -213,8 +214,8 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
 	case SPNEGO_NTLMSSP:
 
 		ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state;
-		status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx,
-					     token_in, &token_out);
+		status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL,
+				       token_in, &token_out);
 		if (NT_STATUS_EQUAL(status,
 				    NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 			mech_wants_more = true;
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index b312cfbd487..fa8dba5fbd0 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -27,6 +27,7 @@
 #include "smb_crypt.h"
 #include "trans2.h"
 #include "ntlmssp_wrap.h"
+#include "auth/gensec/gensec.h"
 
 /****************************************************************************
  Get UNIX extensions version info.
@@ -637,8 +638,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
 	}
 
 	do {
-		status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, es->s.auth_ntlmssp_state,
-					     blob_in, &blob_out);
+		status = gensec_update(es->s.auth_ntlmssp_state->gensec_security, es->s.auth_ntlmssp_state,
+				       NULL, blob_in, &blob_out);
 		data_blob_free(&blob_in);
 		data_blob_free(&param_out);
 		if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c
index 3d1d099a586..af5f2c9f686 100644
--- a/source3/libsmb/ntlmssp_wrap.c
+++ b/source3/libsmb/ntlmssp_wrap.c
@@ -127,13 +127,6 @@ DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CT
 	}
 }
 
-NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
-			     TALLOC_CTX *mem_ctx,
-			     const DATA_BLOB request, DATA_BLOB *reply)
-{
-	return gensec_update(ans->gensec_security, mem_ctx, NULL, request, reply);
-}
-
 static NTSTATUS gensec_ntlmssp3_client_update(struct gensec_security *gensec_security,
 					      TALLOC_CTX *out_mem_ctx,
 					      struct tevent_context *ev,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 94e4a5106f7..9af351b2748 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -34,6 +34,7 @@
 #include "rpc_dce.h"
 #include "cli_pipe.h"
 #include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_CLI
@@ -1048,7 +1049,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
 					    struct auth_ntlmssp_state);
 
 	DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
-	status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, null_blob, auth_token);
+	status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL, null_blob, auth_token);
 
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		data_blob_free(auth_token);
@@ -1773,8 +1774,8 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
 	case DCERPC_AUTH_TYPE_NTLMSSP:
 		ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx,
 						    struct auth_ntlmssp_state);
-		status = auth_ntlmssp_update(ntlmssp_ctx, state,
-					     auth.credentials, &auth_token);
+		status = gensec_update(ntlmssp_ctx->gensec_security, state, NULL,
+				       auth.credentials, &auth_token);
 		if (NT_STATUS_EQUAL(status,
 				    NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 			status = rpc_bind_next_send(req, state,
diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c
index 04dd9e65215..dcbfafb1c21 100644
--- a/source3/rpc_server/dcesrv_ntlmssp.c
+++ b/source3/rpc_server/dcesrv_ntlmssp.c
@@ -59,7 +59,7 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	status = auth_ntlmssp_update(a, mem_ctx, *token_in, token_out);
+	status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		DEBUG(0, (__location__ ": auth_ntlmssp_update failed: %s\n",
 			  nt_errstr(status)));
@@ -88,7 +88,7 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
 
 	/* this has to be done as root in order to verify the password */
 	become_root();
-	status = auth_ntlmssp_update(ctx, mem_ctx, *token_in, token_out);
+	status = gensec_update(ctx->gensec_security, mem_ctx, NULL, *token_in, token_out);
 	unbecome_root();
 
 	return status;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 89ef52c6e86..a0ed52d6590 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -208,8 +208,8 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 	if (NT_STATUS_IS_OK(status)) {
 		status = auth_generic_start(auth_ntlmssp_state, GENSEC_OID_SPNEGO);
 		if (NT_STATUS_IS_OK(status)) {
-			status = auth_ntlmssp_update(auth_ntlmssp_state, ctx,
-						     data_blob_null, &blob);
+			status = gensec_update(auth_ntlmssp_state->gensec_security, ctx,
+					       NULL, data_blob_null, &blob);
 			/* If we get the list of OIDs, the 'OK' answer
 			 * is NT_STATUS_MORE_PROCESSING_REQUIRED */
 			if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index f68b6c7a8fa..73efc6ceff7 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -28,6 +28,7 @@
 #include "auth.h"
 #include "libsmb/libsmb.h"
 #include "../lib/tsocket/tsocket.h"
+#include "auth/gensec/gensec.h"
 
 /******************************************************************************
  Server side encryption.
@@ -488,9 +489,9 @@ static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_addr
 		return status;
 	}
 
-	status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state,
-				     talloc_tos(),
-				     secblob, &chal);
+	status = gensec_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state->gensec_security,
+			       talloc_tos(), NULL,
+			       secblob, &chal);
 
 	/* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED
 	 * for success ... */
@@ -613,7 +614,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	status = auth_ntlmssp_update(ec->auth_ntlmssp_state, talloc_tos(), auth, &auth_reply);
+	status = gensec_update(ec->auth_ntlmssp_state->gensec_security, talloc_tos(), NULL, auth, &auth_reply);
 	data_blob_free(&auth);
 
 	/* From RFC4178.
@@ -683,9 +684,9 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn,
 	}
 
 	/* Second step. */
-	status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state,
-				     talloc_tos(),
-				     blob, &response);
+	status = gensec_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state->gensec_security,
+			       talloc_tos(), NULL,
+			       blob, &response);
 
 	if (NT_STATUS_IS_OK(status)) {
 		/* Return the context we're using for this encryption state. */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index a5f2030ee59..7729ff675b6 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -644,8 +644,8 @@ static void reply_spnego_negotiate(struct smb_request *req,
 		return;
 	}
 
-	status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
-					secblob, &chal);
+	status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(),
+			       NULL, secblob, &chal);
 
 	data_blob_free(&secblob);
 
@@ -757,8 +757,8 @@ static void reply_spnego_auth(struct smb_request *req,
 		}
 	}
 
-	status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(),
-				     auth, &auth_reply);
+	status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(),
+			       NULL, auth, &auth_reply);
 
 	data_blob_free(&auth);
 
@@ -1171,9 +1171,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 			}
 		}
 
-		status = auth_ntlmssp_update(vuser->auth_ntlmssp_state,
-					     talloc_tos(),
-					     blob1, &chal);
+		status = gensec_update(vuser->auth_ntlmssp_state->gensec_security,
+				       talloc_tos(), NULL,
+				       blob1, &chal);
 
 		data_blob_free(&blob1);
 
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index aa898eaad79..059b26f0bfb 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -388,10 +388,10 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 			goto out;
 		}
 
-		status = auth_ntlmssp_update(session->auth_ntlmssp_state,
-					     talloc_tos(),
-					     secblob_in,
-					     &chal_out);
+		status = gensec_update(session->auth_ntlmssp_state->gensec_security,
+				       talloc_tos(), NULL,
+				       secblob_in,
+				       &chal_out);
 	}
 
 	if (!NT_STATUS_IS_OK(status) &&
@@ -582,9 +582,10 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 		}
 	}
 
-	status = auth_ntlmssp_update(session->auth_ntlmssp_state,
-				     talloc_tos(), auth,
-				     &auth_out);
+	status = gensec_update(session->auth_ntlmssp_state->gensec_security,
+			       talloc_tos(), NULL,
+			       auth,
+			       &auth_out);
 	/* If status is NT_STATUS_OK then we need to get the token.
 	 * Map to guest is now internal to auth_ntlmssp */
 	if (NT_STATUS_IS_OK(status)) {
@@ -661,10 +662,10 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 	}
 
 	/* RAW NTLMSSP */
-	status = auth_ntlmssp_update(session->auth_ntlmssp_state,
-				     smb2req,
-				     in_security_buffer,
-				     out_security_buffer);
+	status = gensec_update(session->auth_ntlmssp_state->gensec_security,
+			       smb2req, NULL,
+			       in_security_buffer,
+			       out_security_buffer);
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		*out_session_id = session->vuid;
-- 
2.34.1