diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-21 19:13:59 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-03 18:48:02 +1000 |
commit | a942401c1f6ee614080cee76c4364afbd729a446 (patch) | |
tree | e1cc944765753be2b19529bf64eece16069f9873 /source3 | |
parent | 9edb9763df07fbceee49d54fd6972c5ffb83d133 (diff) | |
download | samba-a942401c1f6ee614080cee76c4364afbd729a446.tar.gz samba-a942401c1f6ee614080cee76c4364afbd729a446.tar.xz samba-a942401c1f6ee614080cee76c4364afbd729a446.zip |
s3-ntlmssp Use auth_ntlmssp_*() functions in more places
This allows auth_ntlmssp_get_ntlmssp_state() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/ntlmssp_wrap.h | 3 | ||||
-rw-r--r-- | source3/include/smb_crypt.h | 2 | ||||
-rw-r--r-- | source3/libsmb/clifsinfo.c | 17 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_wrap.c | 11 | ||||
-rw-r--r-- | source3/libsmb/proto.h | 4 | ||||
-rw-r--r-- | source3/libsmb/smb_seal.c | 18 | ||||
-rw-r--r-- | source3/smbd/seal.c | 4 |
7 files changed, 30 insertions, 29 deletions
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index abe1e7a3b9..6924ea655f 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -59,8 +59,6 @@ NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans, const DATA_BLOB *sig); bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans); bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans); -struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state( - struct auth_ntlmssp_state *ans); const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans); const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans); const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *ans); @@ -73,6 +71,7 @@ NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans, const char *password); void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags); void auth_ntlmssp_or_flags(struct auth_ntlmssp_state *ans, uint32_t flags); +void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature); DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans); NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, diff --git a/source3/include/smb_crypt.h b/source3/include/smb_crypt.h index a5930d186d..4449a1605d 100644 --- a/source3/include/smb_crypt.h +++ b/source3/include/smb_crypt.h @@ -52,7 +52,7 @@ struct smb_trans_enc_state { uint16 enc_ctx_num; bool enc_on; union { - struct ntlmssp_state *ntlmssp_state; + struct auth_ntlmssp_state *auth_ntlmssp_state; #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) struct smb_tran_enc_state_gss *gss_state; #endif diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 5f8e551a56..db6260efc7 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -26,6 +26,7 @@ #include "async_smb.h" #include "smb_crypt.h" #include "trans2.h" +#include "ntlmssp_wrap.h" /**************************************************************************** Get UNIX extensions version info. @@ -612,30 +613,30 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, if (!es) { return NT_STATUS_NO_MEMORY; } - status = ntlmssp_client_start(NULL, + status = auth_ntlmssp_client_start(NULL, lp_netbios_name(), lp_workgroup(), lp_client_ntlmv2_auth(), - &es->s.ntlmssp_state); + &es->s.auth_ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { goto fail; } - ntlmssp_want_feature(es->s.ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); - es->s.ntlmssp_state->neg_flags |= (NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); + auth_ntlmssp_want_feature(es->s.auth_ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + auth_ntlmssp_or_flags(es->s.auth_ntlmssp_state, NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL); - if (!NT_STATUS_IS_OK(status = ntlmssp_set_username(es->s.ntlmssp_state, user))) { + if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_username(es->s.auth_ntlmssp_state, user))) { goto fail; } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_domain(es->s.ntlmssp_state, domain))) { + if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_domain(es->s.auth_ntlmssp_state, domain))) { goto fail; } - if (!NT_STATUS_IS_OK(status = ntlmssp_set_password(es->s.ntlmssp_state, pass))) { + if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_password(es->s.auth_ntlmssp_state, pass))) { goto fail; } do { - status = ntlmssp_update(es->s.ntlmssp_state, blob_in, &blob_out); + status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, blob_in, &blob_out); data_blob_free(&blob_in); data_blob_free(¶m_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c index e9e00d5d48..00aede9ee9 100644 --- a/source3/libsmb/ntlmssp_wrap.c +++ b/source3/libsmb/ntlmssp_wrap.c @@ -88,12 +88,6 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans) return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL; } -struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state( - struct auth_ntlmssp_state *ans) -{ - return ans->ntlmssp_state; -} - /* Needed for 'smb username' processing */ const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans) { @@ -133,6 +127,11 @@ void auth_ntlmssp_or_flags(struct auth_ntlmssp_state *ans, uint32_t flags) ans->ntlmssp_state->neg_flags |= flags; } +void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature) +{ + ntlmssp_want_feature(ans->ntlmssp_state, feature); +} + DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans) { return ans->ntlmssp_state->session_key; diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index 005ccf6b59..b38903aebb 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -835,8 +835,8 @@ NTSTATUS cli_trans(TALLOC_CTX *mem_ctx, struct cli_state *cli, NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16 *p_enc_ctx_num); bool common_encryption_on(struct smb_trans_enc_state *es); -NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *buf); -NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state, +NTSTATUS common_ntlm_decrypt_buffer(struct auth_ntlmssp_state *auth_ntlmssp_state, char *buf); +NTSTATUS common_ntlm_encrypt_buffer(struct auth_ntlmssp_state *auth_ntlmssp_state, uint16 enc_ctx_num, char *buf, char **ppbuf_out); diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 73786ac54a..fd9de1de8e 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -21,6 +21,8 @@ #include "../libcli/auth/ntlmssp.h" #include "smb_crypt.h" #include "libsmb/libsmb.h" +#include "ntlmssp_wrap.h" + /****************************************************************************** Pull out the encryption context for this packet. 0 means global context. @@ -62,7 +64,7 @@ bool common_encryption_on(struct smb_trans_enc_state *es) output, so cope with the same for compatibility. ******************************************************************************/ -NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *buf) +NTSTATUS common_ntlm_decrypt_buffer(struct auth_ntlmssp_state *auth_ntlmssp_state, char *buf) { NTSTATUS status; size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */ @@ -82,7 +84,7 @@ NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *b /* Point at the signature. */ sig = data_blob_const(inbuf+8, NTLMSSP_SIG_SIZE); - status = ntlmssp_unseal_packet(ntlmssp_state, + status = auth_ntlmssp_unseal_packet(auth_ntlmssp_state, (unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'E' <enc> <ctx> */ data_len, (unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, @@ -110,7 +112,7 @@ NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *b output, so do the same for compatibility. ******************************************************************************/ -NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state, +NTSTATUS common_ntlm_encrypt_buffer(struct auth_ntlmssp_state *auth_ntlmssp_state, uint16 enc_ctx_num, char *buf, char **ppbuf_out) @@ -142,7 +144,7 @@ NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state, ZERO_STRUCT(sig); - status = ntlmssp_seal_packet(ntlmssp_state, + status = auth_ntlmssp_seal_packet(auth_ntlmssp_state, frame, (unsigned char *)buf_out + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'S' <enc> <ctx> */ data_len, @@ -304,7 +306,7 @@ NTSTATUS common_encrypt_buffer(struct smb_trans_enc_state *es, char *buffer, cha switch (es->smb_enc_type) { case SMB_TRANS_ENC_NTLM: - return common_ntlm_encrypt_buffer(es->s.ntlmssp_state, es->enc_ctx_num, buffer, buf_out); + return common_ntlm_encrypt_buffer(es->s.auth_ntlmssp_state, es->enc_ctx_num, buffer, buf_out); #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) case SMB_TRANS_ENC_GSS: return common_gss_encrypt_buffer(es->s.gss_state, es->enc_ctx_num, buffer, buf_out); @@ -329,7 +331,7 @@ NTSTATUS common_decrypt_buffer(struct smb_trans_enc_state *es, char *buf) switch (es->smb_enc_type) { case SMB_TRANS_ENC_NTLM: - return common_ntlm_decrypt_buffer(es->s.ntlmssp_state, buf); + return common_ntlm_decrypt_buffer(es->s.auth_ntlmssp_state, buf); #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) case SMB_TRANS_ENC_GSS: return common_gss_decrypt_buffer(es->s.gss_state, buf); @@ -372,8 +374,8 @@ void common_free_encryption_state(struct smb_trans_enc_state **pp_es) } if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { - if (es->s.ntlmssp_state) { - TALLOC_FREE(es->s.ntlmssp_state); + if (es->s.auth_ntlmssp_state) { + TALLOC_FREE(es->s.auth_ntlmssp_state); } } #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5) diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index f1c0f9cf3b..e6b683d97f 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -96,7 +96,7 @@ static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address, * We must remember to update the pointer copy for the common * functions after any auth_ntlmssp_start/auth_ntlmssp_end. */ - ec->es->s.ntlmssp_state = auth_ntlmssp_get_ntlmssp_state(ec->auth_ntlmssp_state); + ec->es->s.auth_ntlmssp_state = ec->auth_ntlmssp_state; return status; } @@ -114,7 +114,7 @@ static void destroy_auth_ntlmssp(struct smb_srv_trans_enc_ctx *ec) if (ec->auth_ntlmssp_state) { TALLOC_FREE(ec->auth_ntlmssp_state); /* The auth_ntlmssp_end killed this already. */ - ec->es->s.ntlmssp_state = NULL; + ec->es->s.auth_ntlmssp_state = NULL; } } |