{
struct dcerpc_schannel_state *dce_schan_state = gensec_security->private_data;
- *creds = dce_schan_state->creds;
+ *creds = talloc_reference(mem_ctx, dce_schan_state->creds);
+ if (!*creds) {
+ return NT_STATUS_NO_MEMORY;
+ }
return NT_STATUS_OK;
}
+/*
+ end crypto state
+*/
+static int dcerpc_schannel_destroy(void *ptr)
+{
+ struct dcerpc_schannel_state *dce_schan_state = ptr;
+
+ schannel_end(&dce_schan_state->schannel_state);
+
+ return 0;
+}
+
static NTSTATUS dcerpc_schannel_start(struct gensec_security *gensec_security)
{
struct dcerpc_schannel_state *dce_schan_state;
dce_schan_state->state = DCERPC_SCHANNEL_STATE_START;
gensec_security->private_data = dce_schan_state;
+ gensec_security->have_features =
+ GENSEC_FEATURE_SESSION_KEY |
+ GENSEC_FEATURE_SIGN |
+ GENSEC_FEATURE_SEAL;
+
+ talloc_set_destructor(dce_schan_state, dcerpc_schannel_destroy);
return NT_STATUS_OK;
}
return NT_STATUS_OK;
}
-/*
- end crypto state
-*/
-static void dcerpc_schannel_end(struct gensec_security *gensec_security)
-{
- struct dcerpc_schannel_state *dce_schan_state = gensec_security->private_data;
-
- schannel_end(&dce_schan_state->schannel_state);
-
- talloc_free(dce_schan_state);
-
- gensec_security->private_data = NULL;
-}
-
/*
get a schannel key using a netlogon challenge on a secondary pipe
status = gensec_set_username(p->security_state.generic_state, username);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set schannel username to %s: %s\n", username, nt_errstr(status)));
- gensec_end(&p->security_state.generic_state);
+ talloc_free(p->security_state.generic_state);
+ p->security_state.generic_state = NULL;
return status;
}
status = gensec_set_domain(p->security_state.generic_state, domain);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to set schannel domain to %s: %s\n", domain, nt_errstr(status)));
- gensec_end(&p->security_state.generic_state);
+ talloc_free(p->security_state.generic_state);
+ p->security_state.generic_state = NULL;
return status;
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start SCHANNEL GENSEC backend: %s\n", nt_errstr(status)));
- gensec_end(&p->security_state.generic_state);
+ talloc_free(p->security_state.generic_state);
+ p->security_state.generic_state = NULL;
return status;
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to bind to pipe with SCHANNEL: %s\n", nt_errstr(status)));
- gensec_end(&p->security_state.generic_state);
+ talloc_free(p->security_state.generic_state);
+ p->security_state.generic_state = NULL;
return status;
}
.session_key = dcerpc_schannel_session_key,
.session_info = dcerpc_schannel_session_info,
.sig_size = dcerpc_schannel_sig_size,
- .end = dcerpc_schannel_end
};
NTSTATUS gensec_dcerpc_schannel_init(void)
{
NTSTATUS ret;
- ret = register_backend("gensec", &gensec_dcerpc_schannel_security_ops);
+ ret = gensec_register(&gensec_dcerpc_schannel_security_ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register '%s' gensec backend!\n",
gensec_dcerpc_schannel_security_ops.name));