svn commit: samba r9487 - in trunk/source: include rpc_parse rpc_server

[jra at samba.org]

Author: jra
Date: 2005-08-22 19:48:20 +0000 (Mon, 22 Aug 2005)
New Revision: 9487

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9487

Log:
Get rid of the "auth_flags" member for schannel processing.
It was only an abstraction for the rpc auth_level anyway and
isn't needed. Now to separate out the auth_flags into auth_type
and auth_level in the client code.
Jeremy

Modified:
   trunk/source/include/ntdomain.h
   trunk/source/rpc_parse/parse_prs.c
   trunk/source/rpc_server/srv_pipe.c


Changeset:
Modified: trunk/source/include/ntdomain.h
===================================================================
--- trunk/source/include/ntdomain.h	2005-08-22 19:47:56 UTC (rev 9486)
+++ trunk/source/include/ntdomain.h	2005-08-22 19:48:20 UTC (rev 9487)
@@ -179,21 +179,8 @@
 struct schannel_auth_struct {
 	uchar sess_key[16];
 	uint32 seq_num;
-	int auth_flags;
 };
 
-#if 0
-/* auth state for ntlmssp. */
-struct ntlmssp_auth_struct {
-	uint32 ntlmssp_chal_flags; /* Client challenge flags. */
-	BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */
-	BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */
-	unsigned char challenge[8];
-	unsigned char ntlmssp_arc4_state[258];
-	uint32 ntlmssp_seq_num;
-};
-#endif
-
 /* auth state for all bind types. */
 
 struct pipe_auth_data {
@@ -233,19 +220,6 @@
 	struct pipe_auth_data auth;
 	enum pipe_auth_level auth_level;
 
-#if 0
-	uint32 ntlmssp_chal_flags; /* Client challenge flags. */
-	BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */
-	BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */
-	unsigned char challenge[8];
-	unsigned char ntlmssp_hash[258];
-	uint32 ntlmssp_seq_num;
-
-	/* schannel auth state. */
-	BOOL netsec_auth_validated;
-	struct netsec_auth_struct netsec_auth;
-#endif
-
 	struct dcinfo dc; /* Keeps the creds data. */
 
 	/*

Modified: trunk/source/rpc_parse/parse_prs.c
===================================================================
--- trunk/source/rpc_parse/parse_prs.c	2005-08-22 19:47:56 UTC (rev 9486)
+++ trunk/source/rpc_parse/parse_prs.c	2005-08-22 19:48:20 UTC (rev 9487)
@@ -1412,7 +1412,7 @@
  ********************************************************************/
 
 static void schannel_digest(struct schannel_auth_struct *a,
-			  int auth_flags,
+			  enum pipe_auth_level auth_level,
 			  RPC_AUTH_SCHANNEL_CHK * verf,
 			  char *data, size_t data_len,
 			  uchar digest_final[16]) 
@@ -1427,7 +1427,7 @@
 	   out of order */
 	MD5Update(&ctx3, zeros, sizeof(zeros));
 	MD5Update(&ctx3, verf->sig, sizeof(verf->sig));
-	if (auth_flags & AUTH_PIPE_SEAL) {
+	if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
 		MD5Update(&ctx3, verf->confounder, sizeof(verf->confounder));
 	}
 	MD5Update(&ctx3, (const unsigned char *)data, data_len);
@@ -1517,7 +1517,7 @@
  quite compatible with what MS does.
  ********************************************************************/
 
-void schannel_encode(struct schannel_auth_struct *a, int auth_flags, 
+void schannel_encode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
 		   enum schannel_direction direction,
 		   RPC_AUTH_SCHANNEL_CHK * verf,
 		   char *data, size_t data_len)
@@ -1533,9 +1533,9 @@
 
 	DEBUG(10,("SCHANNEL: schannel_encode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
 	
-	if (auth_flags & AUTH_PIPE_SEAL) {
+	if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
 		schannel_sig = schannel_seal_sig;
-	} else if (auth_flags & AUTH_PIPE_SIGN) {
+	} else {
 		schannel_sig = schannel_sign_sig;
 	}
 
@@ -1561,10 +1561,10 @@
 				 seq_num, confounder);
 				
 	/* produce a digest of the packet to prove it's legit (before we seal it) */
-	schannel_digest(a, auth_flags, verf, data, data_len, digest_final);
+	schannel_digest(a, auth_level, verf, data, data_len, digest_final);
 	memcpy(verf->packet_digest, digest_final, sizeof(verf->packet_digest));
 
-	if (auth_flags & AUTH_PIPE_SEAL) {
+	if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
 		uchar sealing_key[16];
 
 		/* get the key to encode the data with */
@@ -1596,7 +1596,7 @@
  as well as decode sealed messages
  ********************************************************************/
 
-BOOL schannel_decode(struct schannel_auth_struct *a, int auth_flags,
+BOOL schannel_decode(struct schannel_auth_struct *a, enum pipe_auth_level auth_level,
 		   enum schannel_direction direction, 
 		   RPC_AUTH_SCHANNEL_CHK * verf, char *data, size_t data_len)
 {
@@ -1610,9 +1610,9 @@
 
 	DEBUG(10,("SCHANNEL: schannel_decode seq_num=%d data_len=%lu\n", a->seq_num, (unsigned long)data_len));
 	
-	if (auth_flags & AUTH_PIPE_SEAL) {
+	if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
 		schannel_sig = schannel_seal_sig;
-	} else if (auth_flags & AUTH_PIPE_SIGN) {
+	} else {
 		schannel_sig = schannel_sign_sig;
 	}
 
@@ -1661,7 +1661,7 @@
 		return False;
 	}
 
-	if (auth_flags & AUTH_PIPE_SEAL) {
+	if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
 		uchar sealing_key[16];
 		
 		/* get the key to extract the data with */
@@ -1682,7 +1682,7 @@
 	}
 
 	/* digest includes 'data' after unsealing */
-	schannel_digest(a, auth_flags, verf, data, data_len, digest_final);
+	schannel_digest(a, auth_level, verf, data, data_len, digest_final);
 
 	dump_data_pw("Calculated digest:\n", digest_final, 
 		     sizeof(digest_final));

Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c	2005-08-22 19:47:56 UTC (rev 9486)
+++ trunk/source/rpc_server/srv_pipe.c	2005-08-22 19:48:20 UTC (rev 9487)
@@ -405,7 +405,6 @@
 		/*
 		 * Schannel processing.
 		 */
-		int auth_type, auth_level;
 		char *data;
 		RPC_HDR_AUTH auth_info;
 
@@ -416,9 +415,11 @@
 		data = prs_data_p(&outgoing_pdu) + data_pos;
 		/* Check it's the type of reply we were expecting to decode */
 
-		get_auth_type_level(p->auth.a_u.schannel_auth->auth_flags, &auth_type, &auth_level);
-		init_rpc_hdr_auth(&auth_info, auth_type, auth_level, 
-					  ss_padding_len, 1);
+		init_rpc_hdr_auth(&auth_info,
+				RPC_SCHANNEL_AUTH_TYPE,
+				p->auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
+					RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
+				ss_padding_len, 1);
 
 		if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
 			DEBUG(0,("create_next_pdu_schannel: failed to marshall RPC_HDR_AUTH.\n"));
@@ -430,7 +431,7 @@
 		prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
 
 		schannel_encode(p->auth.a_u.schannel_auth, 
-			      p->auth.a_u.schannel_auth->auth_flags,
+			      p->auth_level,
 			      SENDER_IS_ACCEPTOR,
 			      &verf, data, data_len + ss_padding_len);
 
@@ -1978,25 +1979,13 @@
 		return False;
 	}
 
-	if (auth_info.auth_level == RPC_AUTH_LEVEL_PRIVACY) {
-		p->auth.a_u.schannel_auth->auth_flags = AUTH_PIPE_SCHANNEL|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
-	} else if (auth_info.auth_level == RPC_AUTH_LEVEL_INTEGRITY) {
-		p->auth.a_u.schannel_auth->auth_flags = AUTH_PIPE_SCHANNEL|AUTH_PIPE_SIGN;
-	} else {
-		DEBUG(0,("Invalid auth level %d on schannel\n",
-			 auth_info.auth_level));
-		return False;
-	}
-
-	if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, 
-		&schannel_chk, rpc_in, 0)) 
-	{
+	if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, &schannel_chk, rpc_in, 0)) {
 		DEBUG(0,("failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
 		return False;
 	}
 
 	if (!schannel_decode(p->auth.a_u.schannel_auth,
-			   p->auth.a_u.schannel_auth->auth_flags,
+			   p->auth_level,
 			   SENDER_IS_INITIATOR,
 			   &schannel_chk,
 			   prs_data_p(rpc_in)+old_offset, data_len)) {