size_t nread;
if (!conn->gensec || !conn->session_info ||
- !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) &&
- gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) {
+ !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) &&
+ gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) {
return read_into_buf(sock, &conn->in_buffer);
}
tmp_blob.data = buf + (4 + creds.length);
tmp_blob.length = (4 + sasl_length) - (4 + creds.length);
- if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) {
+ if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
status = gensec_unseal_packet(conn->gensec, mem_ctx,
tmp_blob.data, tmp_blob.length,
tmp_blob.data, tmp_blob.length,
TALLOC_CTX *mem_ctx;
if (!conn->gensec || !conn->session_info ||
- !(gensec_have_feature(conn->gensec, GENSEC_WANT_SIGN) &&
- gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL))) {
+ !(gensec_have_feature(conn->gensec, GENSEC_FEATURE_SIGN) &&
+ gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL))) {
return write_from_buf(sock, &conn->out_buffer);
}
goto nodata;
}
- if (gensec_have_feature(conn->gensec, GENSEC_WANT_SEAL)) {
+ if (gensec_have_feature(conn->gensec, GENSEC_FEATURE_SEAL)) {
status = gensec_seal_packet(conn->gensec, mem_ctx,
tmp_blob.data, tmp_blob.length,
tmp_blob.data, tmp_blob.length,
(*gensec_security)->subcontext = False;
(*gensec_security)->want_features = 0;
+ (*gensec_security)->have_features = 0;
return NT_STATUS_OK;
}
return NT_STATUS_INVALID_PARAMETER;
}
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- gensec_want_feature(gensec_security, GENSEC_WANT_SIGN);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
}
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- gensec_want_feature(gensec_security, GENSEC_WANT_SIGN);
- gensec_want_feature(gensec_security, GENSEC_WANT_SEAL);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
}
return gensec_start_mech(gensec_security);
if (!gensec_security->ops->unseal_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SEAL)) {
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return gensec_check_packet(gensec_security, mem_ctx,
data, length,
whole_pdu, pdu_length,
if (!gensec_security->ops->check_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_PARAMETER;
}
if (!gensec_security->ops->seal_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SEAL)) {
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return gensec_sign_packet(gensec_security, mem_ctx,
data, length,
whole_pdu, pdu_length,
if (!gensec_security->ops->sign_packet) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return NT_STATUS_INVALID_PARAMETER;
}
if (!gensec_security->ops->sig_size) {
return 0;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SIGN)) {
+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
return 0;
}
if (!gensec_security->ops->session_key) {
return NT_STATUS_NOT_IMPLEMENTED;
}
- if (!(gensec_security->want_features & GENSEC_WANT_SESSION_KEY)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
return gensec_security->ops->session_key(gensec_security, session_key);
}
BOOL gensec_have_feature(struct gensec_security *gensec_security,
uint32 feature)
{
- if (gensec_security->want_features & feature) {
+ if (gensec_security->have_features & feature) {
return True;
}
const char *service;
};
-#define GENSEC_WANT_SESSION_KEY 0x1
-#define GENSEC_WANT_SIGN 0x2
-#define GENSEC_WANT_SEAL 0x4
+#define GENSEC_FEATURE_SESSION_KEY 0x00000001
+#define GENSEC_FEATURE_SIGN 0x00000002
+#define GENSEC_FEATURE_SEAL 0x00000004
/* GENSEC mode */
enum gensec_role
enum gensec_role gensec_role;
BOOL subcontext;
uint32 want_features;
+ uint32 have_features;
};
/* this structure is used by backends to determine the size of some critical types */
return nt_status;
}
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
- if (gensec_security->want_features & GENSEC_WANT_SEAL) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
return status;
}
- if (gensec_security->want_features & GENSEC_WANT_SESSION_KEY) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
/*
* We need to set this to allow a later SetPassword
* via the SAMR pipe to succeed. Strange.... We could
*/
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
- if (gensec_security->want_features & GENSEC_WANT_SIGN) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
- if (gensec_security->want_features & GENSEC_WANT_SEAL) {
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
gensec_ntlmssp_state->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ NTSTATUS status;
+
+ status = ntlmssp_update(gensec_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (gensec_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+ gensec_security->have_features |= GENSEC_FEATURE_SIGN;
+ }
+
+ if (gensec_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+ gensec_security->have_features |= GENSEC_FEATURE_SEAL;
+ }
- return ntlmssp_update(gensec_ntlmssp_state->ntlmssp_state, out_mem_ctx, in, out);
+ if (gensec_ntlmssp_state->ntlmssp_state->session_key.data) {
+ gensec_security->have_features |= GENSEC_FEATURE_SESSION_KEY;
+ }
+
+ return status;
}
/**
return result;
}
- gensec_want_feature(conn->gensec, GENSEC_WANT_SIGN | GENSEC_WANT_SEAL);
+ gensec_want_feature(conn->gensec, GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
status = gensec_set_domain(conn->gensec, domain);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- gensec_want_feature(gensec_ctx, GENSEC_WANT_SESSION_KEY);
+ gensec_want_feature(gensec_ctx, GENSEC_FEATURE_SESSION_KEY);
status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(status)) {
git.samba.org / samba.git / commitdiff