sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code

s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code

Browse Source 
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2011-10-19 18:39:27 +11:00 committed by Stefan Metzmacher
parent 38de149e9b
commit 321204eaeb
7 changed files with 75 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
source3/librpc/crypto/cli_spnego.c
View File

@ -92,6 +92,7 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
struct spnego_context **spnego_ctx) struct spnego_context **spnego_ctx)
{ {
struct spnego_context *sp_ctx = NULL; struct spnego_context *sp_ctx = NULL;
struct auth_ntlmssp_state *auth_ntlmssp_state;
NTSTATUS status; NTSTATUS status;
status = spnego_context_init(mem_ctx, do_sign, do_seal, &sp_ctx); status = spnego_context_init(mem_ctx, do_sign, do_seal, &sp_ctx);
@ -101,27 +102,27 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
sp_ctx->mech = SPNEGO_NTLMSSP; sp_ctx->mech = SPNEGO_NTLMSSP;
status = auth_ntlmssp_client_prepare(sp_ctx, status = auth_ntlmssp_client_prepare(sp_ctx,
&sp_ctx->mech_ctx.ntlmssp_state); &auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx); TALLOC_FREE(sp_ctx);
return status; return status;
} }
status = auth_ntlmssp_set_username(sp_ctx->mech_ctx.ntlmssp_state, status = auth_ntlmssp_set_username(auth_ntlmssp_state,
username); username);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx); TALLOC_FREE(sp_ctx);
return status; return status;
} }
status = auth_ntlmssp_set_domain(sp_ctx->mech_ctx.ntlmssp_state, status = auth_ntlmssp_set_domain(auth_ntlmssp_state,
domain); domain);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx); TALLOC_FREE(sp_ctx);
return status; return status;
} }
status = auth_ntlmssp_set_password(sp_ctx->mech_ctx.ntlmssp_state, status = auth_ntlmssp_set_password(auth_ntlmssp_state,
password); password);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx); TALLOC_FREE(sp_ctx);
@ -129,19 +130,21 @@ NTSTATUS spnego_ntlmssp_init_client(TALLOC_CTX *mem_ctx,
} }
if (do_sign) { if (do_sign) {
gensec_want_feature(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, gensec_want_feature(auth_ntlmssp_state->gensec_security,
GENSEC_FEATURE_SIGN); GENSEC_FEATURE_SIGN);
} else if (do_seal) { } else if (do_seal) {
gensec_want_feature(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, gensec_want_feature(auth_ntlmssp_state->gensec_security,
GENSEC_FEATURE_SEAL); GENSEC_FEATURE_SEAL);
} }
status = auth_ntlmssp_client_start(sp_ctx->mech_ctx.ntlmssp_state); status = auth_ntlmssp_client_start(auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sp_ctx); TALLOC_FREE(sp_ctx);
return status; return status;
} }
sp_ctx->mech_ctx.gensec_security = talloc_move(sp_ctx, &auth_ntlmssp_state->gensec_security);
TALLOC_FREE(auth_ntlmssp_state);
*spnego_ctx = sp_ctx; *spnego_ctx = sp_ctx;
return NT_STATUS_OK; return NT_STATUS_OK;
} }
@ -152,7 +155,7 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
DATA_BLOB *spnego_out) DATA_BLOB *spnego_out)
{ {
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct spnego_data sp_in, sp_out; struct spnego_data sp_in, sp_out;
DATA_BLOB token_in = data_blob_null; DATA_BLOB token_in = data_blob_null;
DATA_BLOB token_out = data_blob_null; DATA_BLOB token_out = data_blob_null;
@ -213,8 +216,8 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx,
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state; gensec_security = sp_ctx->mech_ctx.gensec_security;
status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL, status = gensec_update(gensec_security, mem_ctx, NULL,
token_in, &token_out); token_in, &token_out);
if (NT_STATUS_EQUAL(status, if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) { NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@ -317,7 +320,7 @@ NTSTATUS spnego_get_negotiated_mech(struct spnego_context *sp_ctx,
*auth_context = sp_ctx->mech_ctx.gssapi_state; *auth_context = sp_ctx->mech_ctx.gssapi_state;
break; break;
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
*auth_context = sp_ctx->mech_ctx.ntlmssp_state; *auth_context = sp_ctx->mech_ctx.gensec_security;
break; break;
default: default:
return NT_STATUS_INTERNAL_ERROR; return NT_STATUS_INTERNAL_ERROR;
@ -337,7 +340,7 @@ DATA_BLOB spnego_get_session_key(TALLOC_CTX *mem_ctx,
return gse_get_session_key(mem_ctx, return gse_get_session_key(mem_ctx,
sp_ctx->mech_ctx.gssapi_state); sp_ctx->mech_ctx.gssapi_state);
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
status = gensec_session_key(sp_ctx->mech_ctx.ntlmssp_state->gensec_security, mem_ctx, &sk); status = gensec_session_key(sp_ctx->mech_ctx.gensec_security, mem_ctx, &sk);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
return data_blob_null; return data_blob_null;
} }
@ -360,7 +363,7 @@ NTSTATUS spnego_sign(TALLOC_CTX *mem_ctx,
data, signature); data, signature);
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
return gensec_sign_packet( return gensec_sign_packet(
sp_ctx->mech_ctx.ntlmssp_state->gensec_security, sp_ctx->mech_ctx.gensec_security,
mem_ctx, mem_ctx,
data->data, data->length, data->data, data->length,
full_data->data, full_data->length, full_data->data, full_data->length,
@ -382,7 +385,7 @@ NTSTATUS spnego_sigcheck(TALLOC_CTX *mem_ctx,
data, signature); data, signature);
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
return gensec_check_packet( return gensec_check_packet(
sp_ctx->mech_ctx.ntlmssp_state->gensec_security, sp_ctx->mech_ctx.gensec_security,
data->data, data->length, data->data, data->length,
full_data->data, full_data->length, full_data->data, full_data->length,
signature); signature);
@ -403,7 +406,7 @@ NTSTATUS spnego_seal(TALLOC_CTX *mem_ctx,
data, signature); data, signature);
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
return gensec_seal_packet( return gensec_seal_packet(
sp_ctx->mech_ctx.ntlmssp_state->gensec_security, sp_ctx->mech_ctx.gensec_security,
mem_ctx, mem_ctx,
data->data, data->length, data->data, data->length,
full_data->data, full_data->length, full_data->data, full_data->length,
@ -425,7 +428,7 @@ NTSTATUS spnego_unseal(TALLOC_CTX *mem_ctx,
data, signature); data, signature);
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
return gensec_unseal_packet( return gensec_unseal_packet(
sp_ctx->mech_ctx.ntlmssp_state->gensec_security, sp_ctx->mech_ctx.gensec_security,
data->data, data->length, data->data, data->length,
full_data->data, full_data->length, full_data->data, full_data->length,
signature); signature);

2
source3/librpc/crypto/spnego.h
View File

@ -30,7 +30,7 @@ struct spnego_context {
enum spnego_mech mech; enum spnego_mech mech;
union { union {
struct auth_ntlmssp_state *ntlmssp_state; struct gensec_security *gensec_security;
struct gse_context *gssapi_state; struct gse_context *gssapi_state;
} mech_ctx; } mech_ctx;

30
source3/librpc/rpc/dcerpc_helpers.c
View File

@ -379,7 +379,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
Create and add the NTLMSSP sign/seal auth data. Create and add the NTLMSSP sign/seal auth data.
********************************************************************/ ********************************************************************/
static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, static NTSTATUS add_ntlmssp_auth_footer(struct gensec_security *gensec_security,
enum dcerpc_AuthLevel auth_level, enum dcerpc_AuthLevel auth_level,
DATA_BLOB *rpc_out) DATA_BLOB *rpc_out)
{ {
@ -389,14 +389,14 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
DATA_BLOB auth_blob; DATA_BLOB auth_blob;
NTSTATUS status; NTSTATUS status;
if (!auth_state) { if (!gensec_security) {
return NT_STATUS_INVALID_PARAMETER; return NT_STATUS_INVALID_PARAMETER;
} }
switch (auth_level) { switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY: case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */ /* Data portion is encrypted. */
status = gensec_seal_packet(auth_state->gensec_security, status = gensec_seal_packet(gensec_security,
rpc_out->data, rpc_out->data,
rpc_out->data rpc_out->data
+ DCERPC_RESPONSE_LENGTH, + DCERPC_RESPONSE_LENGTH,
@ -411,7 +411,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
case DCERPC_AUTH_LEVEL_INTEGRITY: case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */ /* Data is signed. */
status = gensec_sign_packet(auth_state->gensec_security, status = gensec_sign_packet(gensec_security,
rpc_out->data, rpc_out->data,
rpc_out->data rpc_out->data
+ DCERPC_RESPONSE_LENGTH, + DCERPC_RESPONSE_LENGTH,
@ -447,7 +447,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
Check/unseal the NTLMSSP auth data. (Unseal in place). Check/unseal the NTLMSSP auth data. (Unseal in place).
********************************************************************/ ********************************************************************/
static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state, static NTSTATUS get_ntlmssp_auth_footer(struct gensec_security *gensec_security,
enum dcerpc_AuthLevel auth_level, enum dcerpc_AuthLevel auth_level,
DATA_BLOB *data, DATA_BLOB *full_pkt, DATA_BLOB *data, DATA_BLOB *full_pkt,
DATA_BLOB *auth_token) DATA_BLOB *auth_token)
@ -455,7 +455,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
switch (auth_level) { switch (auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY: case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */ /* Data portion is encrypted. */
return gensec_unseal_packet(auth_state->gensec_security, return gensec_unseal_packet(gensec_security,
data->data, data->data,
data->length, data->length,
full_pkt->data, full_pkt->data,
@ -464,7 +464,7 @@ static NTSTATUS get_ntlmssp_auth_footer(struct auth_ntlmssp_state *auth_state,
case DCERPC_AUTH_LEVEL_INTEGRITY: case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */ /* Data is signed. */
return gensec_check_packet(auth_state->gensec_security, return gensec_check_packet(gensec_security,
data->data, data->data,
data->length, data->length,
full_pkt->data, full_pkt->data,
@ -747,7 +747,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
size_t pad_len, DATA_BLOB *rpc_out) size_t pad_len, DATA_BLOB *rpc_out)
{ {
struct schannel_state *schannel_auth; struct schannel_state *schannel_auth;
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx; struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
char pad[CLIENT_NDR_PADDING_SIZE] = { 0, }; char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
@ -804,9 +804,9 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
auth->auth_level, rpc_out); auth->auth_level, rpc_out);
break; break;
case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_NTLMSSP:
ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx, gensec_security = talloc_get_type_abort(auth->auth_ctx,
struct auth_ntlmssp_state); struct gensec_security);
status = add_ntlmssp_auth_footer(ntlmssp_ctx, status = add_ntlmssp_auth_footer(gensec_security,
auth->auth_level, auth->auth_level,
rpc_out); rpc_out);
break; break;
@ -852,7 +852,7 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
size_t *pad_len) size_t *pad_len)
{ {
struct schannel_state *schannel_auth; struct schannel_state *schannel_auth;
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx; struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
NTSTATUS status; NTSTATUS status;
@ -936,9 +936,9 @@ NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
DEBUG(10, ("NTLMSSP auth\n")); DEBUG(10, ("NTLMSSP auth\n"));
ntlmssp_ctx = talloc_get_type_abort(auth->auth_ctx, gensec_security = talloc_get_type_abort(auth->auth_ctx,
struct auth_ntlmssp_state); struct gensec_security);
status = get_ntlmssp_auth_footer(ntlmssp_ctx, status = get_ntlmssp_auth_footer(gensec_security,
auth->auth_level, auth->auth_level,
&data, &full_pkt, &data, &full_pkt,
&auth_info.credentials); &auth_info.credentials);

20
source3/rpc_server/dcesrv_ntlmssp.c
View File

@ -32,7 +32,7 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in, DATA_BLOB *token_in,
DATA_BLOB *token_out, DATA_BLOB *token_out,
const struct tsocket_address *remote_address, const struct tsocket_address *remote_address,
struct auth_ntlmssp_state **ctx) struct gensec_security **ctx)
{ {
struct auth_ntlmssp_state *a = NULL; struct auth_ntlmssp_state *a = NULL;
NTSTATUS status; NTSTATUS status;
@ -67,19 +67,17 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
} }
/* steal ntlmssp context too */ /* steal ntlmssp context too */
*ctx = talloc_move(mem_ctx, &a); *ctx = talloc_move(mem_ctx, &a->gensec_security);
status = NT_STATUS_OK; status = NT_STATUS_OK;
done: done:
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(a); TALLOC_FREE(a);
}
return status; return status;
} }
NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, NTSTATUS ntlmssp_server_step(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in, DATA_BLOB *token_in,
DATA_BLOB *token_out) DATA_BLOB *token_out)
@ -88,22 +86,22 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx,
/* this has to be done as root in order to verify the password */ /* this has to be done as root in order to verify the password */
become_root(); become_root();
status = gensec_update(ctx->gensec_security, mem_ctx, NULL, *token_in, token_out); status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
unbecome_root(); unbecome_root();
return status; return status;
} }
NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx, NTSTATUS ntlmssp_server_check_flags(struct gensec_security *gensec_security,
bool do_sign, bool do_seal) bool do_sign, bool do_seal)
{ {
if (do_sign && !gensec_have_feature(ctx->gensec_security, GENSEC_FEATURE_SIGN)) { if (do_sign && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
DEBUG(1, (__location__ "Integrity was requested but client " DEBUG(1, (__location__ "Integrity was requested but client "
"failed to negotiate signing.\n")); "failed to negotiate signing.\n"));
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
if (do_seal && !gensec_have_feature(ctx->gensec_security, GENSEC_FEATURE_SEAL)) { if (do_seal && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
DEBUG(1, (__location__ "Privacy was requested but client " DEBUG(1, (__location__ "Privacy was requested but client "
"failed to negotiate sealing.\n")); "failed to negotiate sealing.\n"));
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
@ -112,13 +110,13 @@ NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx,
return NT_STATUS_OK; return NT_STATUS_OK;
} }
NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx, NTSTATUS ntlmssp_server_get_user_info(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
struct auth_session_info **session_info) struct auth_session_info **session_info)
{ {
NTSTATUS status; NTSTATUS status;
status = gensec_session_info(ctx->gensec_security, mem_ctx, session_info); status = gensec_session_info(gensec_security, mem_ctx, session_info);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, (__location__ ": Failed to get authenticated user " DEBUG(1, (__location__ ": Failed to get authenticated user "
"info: %s\n", nt_errstr(status))); "info: %s\n", nt_errstr(status)));

10
source3/rpc_server/dcesrv_ntlmssp.h
View File

@ -20,7 +20,7 @@
#ifndef _DCESRV_NTLMSSP_H_ #ifndef _DCESRV_NTLMSSP_H_
#define _DCESRV_NTLMSSP_H_ #define _DCESRV_NTLMSSP_H_
struct auth_ntlmssp_state; struct gensec_security;
NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
bool do_sign, bool do_sign,
@ -29,14 +29,14 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in, DATA_BLOB *token_in,
DATA_BLOB *token_out, DATA_BLOB *token_out,
const struct tsocket_address *remote_address, const struct tsocket_address *remote_address,
struct auth_ntlmssp_state **ctx); struct gensec_security **ctx);
NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, NTSTATUS ntlmssp_server_step(struct gensec_security *ctx,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in, DATA_BLOB *token_in,
DATA_BLOB *token_out); DATA_BLOB *token_out);
NTSTATUS ntlmssp_server_check_flags(struct auth_ntlmssp_state *ctx, NTSTATUS ntlmssp_server_check_flags(struct gensec_security *ctx,
bool do_sign, bool do_seal); bool do_sign, bool do_seal);
NTSTATUS ntlmssp_server_get_user_info(struct auth_ntlmssp_state *ctx, NTSTATUS ntlmssp_server_get_user_info(struct gensec_security *ctx,
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
struct auth_session_info **session_info); struct auth_session_info **session_info);

8
source3/rpc_server/dcesrv_spnego.c
View File

@ -54,7 +54,7 @@ static NTSTATUS spnego_server_mech_init(struct spnego_context *sp_ctx,
DATA_BLOB *token_in, DATA_BLOB *token_in,
DATA_BLOB *token_out) DATA_BLOB *token_out)
{ {
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
NTSTATUS status; NTSTATUS status;
@ -84,14 +84,14 @@ static NTSTATUS spnego_server_mech_init(struct spnego_context *sp_ctx,
token_in, token_in,
token_out, token_out,
sp_ctx->remote_address, sp_ctx->remote_address,
&ntlmssp_ctx); &gensec_security);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to init ntlmssp server " DEBUG(0, ("Failed to init ntlmssp server "
"(%s)\n", nt_errstr(status))); "(%s)\n", nt_errstr(status)));
return status; return status;
} }
sp_ctx->mech_ctx.ntlmssp_state = ntlmssp_ctx; sp_ctx->mech_ctx.gensec_security = gensec_security;
break; break;
default: default:
@ -155,7 +155,7 @@ NTSTATUS spnego_server_step(struct spnego_context *sp_ctx,
break; break;
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
status = ntlmssp_server_step( status = ntlmssp_server_step(
sp_ctx->mech_ctx.ntlmssp_state, sp_ctx->mech_ctx.gensec_security,
mem_ctx, &token_in, &token_out); mem_ctx, &token_in, &token_out);
break; break;
default: default:

42
source3/rpc_server/srv_pipe.c
View File

@ -589,7 +589,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
struct dcerpc_auth *auth_info, struct dcerpc_auth *auth_info,
DATA_BLOB *response) DATA_BLOB *response)
{ {
struct auth_ntlmssp_state *ntlmssp_state = NULL; struct gensec_security *gensec_security = NULL;
NTSTATUS status; NTSTATUS status;
if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) { if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) {
@ -607,7 +607,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
&auth_info->credentials, &auth_info->credentials,
response, response,
p->remote_address, p->remote_address,
&ntlmssp_state); &gensec_security);
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) { if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n", DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
nt_errstr(status))); nt_errstr(status)));
@ -617,7 +617,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
/* Make sure data is bound to the memctx, to be freed the caller */ /* Make sure data is bound to the memctx, to be freed the caller */
talloc_steal(mem_ctx, response->data); talloc_steal(mem_ctx, response->data);
p->auth.auth_ctx = ntlmssp_state; p->auth.auth_ctx = gensec_security;
p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
DEBUG(10, (__location__ ": NTLMSSP auth started\n")); DEBUG(10, (__location__ ": NTLMSSP auth started\n"));
@ -633,7 +633,7 @@ static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
*******************************************************************/ *******************************************************************/
static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx, static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *ntlmssp_ctx, struct gensec_security *gensec_security,
enum dcerpc_AuthLevel auth_level, enum dcerpc_AuthLevel auth_level,
struct auth_session_info **session_info) struct auth_session_info **session_info)
{ {
@ -646,7 +646,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
ensure the underlying NTLMSSP flags are also set. If not we should ensure the underlying NTLMSSP flags are also set. If not we should
refuse the bind. */ refuse the bind. */
status = ntlmssp_server_check_flags(ntlmssp_ctx, status = ntlmssp_server_check_flags(gensec_security,
(auth_level == (auth_level ==
DCERPC_AUTH_LEVEL_INTEGRITY), DCERPC_AUTH_LEVEL_INTEGRITY),
(auth_level == (auth_level ==
@ -659,7 +659,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
TALLOC_FREE(*session_info); TALLOC_FREE(*session_info);
status = ntlmssp_server_get_user_info(ntlmssp_ctx, status = ntlmssp_server_get_user_info(gensec_security,
mem_ctx, session_info); mem_ctx, session_info);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": failed to obtain the server info " DEBUG(0, (__location__ ": failed to obtain the server info "
@ -772,7 +772,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
{ {
enum spnego_mech auth_type; enum spnego_mech auth_type;
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx; struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
void *mech_ctx; void *mech_ctx;
@ -780,9 +780,9 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
switch (p->auth.auth_type) { switch (p->auth.auth_type) {
case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_NTLMSSP:
ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
struct auth_ntlmssp_state); struct gensec_security);
if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx, if (!pipe_ntlmssp_verify_final(p, gensec_security,
p->auth.auth_level, p->auth.auth_level,
&p->session_info)) { &p->session_info)) {
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
@ -824,9 +824,9 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
} }
break; break;
case SPNEGO_NTLMSSP: case SPNEGO_NTLMSSP:
ntlmssp_ctx = talloc_get_type_abort(mech_ctx, gensec_security = talloc_get_type_abort(mech_ctx,
struct auth_ntlmssp_state); struct gensec_security);
if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx, if (!pipe_ntlmssp_verify_final(p, gensec_security,
p->auth.auth_level, p->auth.auth_level,
&p->session_info)) { &p->session_info)) {
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
@ -1163,7 +1163,7 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
{ {
struct dcerpc_auth auth_info; struct dcerpc_auth auth_info;
DATA_BLOB response = data_blob_null; DATA_BLOB response = data_blob_null;
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx; struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
NTSTATUS status; NTSTATUS status;
@ -1211,9 +1211,9 @@ bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
switch (auth_info.auth_type) { switch (auth_info.auth_type) {
case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_NTLMSSP:
ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
struct auth_ntlmssp_state); struct gensec_security);
status = ntlmssp_server_step(ntlmssp_ctx, status = ntlmssp_server_step(gensec_security,
pkt, &auth_info.credentials, pkt, &auth_info.credentials,
&response); &response);
break; break;
@ -1282,7 +1282,7 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
DATA_BLOB auth_resp = data_blob_null; DATA_BLOB auth_resp = data_blob_null;
DATA_BLOB auth_blob = data_blob_null; DATA_BLOB auth_blob = data_blob_null;
int pad_len = 0; int pad_len = 0;
struct auth_ntlmssp_state *ntlmssp_ctx; struct gensec_security *gensec_security;
struct spnego_context *spnego_ctx; struct spnego_context *spnego_ctx;
struct gse_context *gse_ctx; struct gse_context *gse_ctx;
@ -1379,9 +1379,9 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
&auth_resp); &auth_resp);
break; break;
case DCERPC_AUTH_TYPE_NTLMSSP: case DCERPC_AUTH_TYPE_NTLMSSP:
ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, gensec_security = talloc_get_type_abort(p->auth.auth_ctx,
struct auth_ntlmssp_state); struct gensec_security);
status = ntlmssp_server_step(ntlmssp_ctx, status = ntlmssp_server_step(gensec_security,
pkt, pkt,
&auth_info.credentials, &auth_info.credentials,
&auth_resp); &auth_resp);