s4:schannel merge code with s3

[ira/wip.git] / source4 / auth / gensec / schannel.c

diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 0233f5e57c36d0495c336ac72aa0c684db855010..939a383a04aca8b49e9184267168f4ee4ca0b921 100644 (file)
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -27,10 +27,8 @@
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_proto.h"
 #include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
 #include "librpc/rpc/dcerpc.h"
 #include "param/param.h"
-#include "auth/session_proto.h"
 
 static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
 {
@@ -52,7 +50,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
        struct NL_AUTH_MESSAGE bind_schannel;
        struct NL_AUTH_MESSAGE bind_schannel_ack;
        struct netlogon_creds_CredentialState *creds;
-       struct ldb_context *schannel_ldb;
        const char *workstation;
        const char *domain;
        uint32_t required_flags;
@@ -139,15 +136,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                        return NT_STATUS_LOGON_FAILURE;
                }
 
-               schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
-                                                  gensec_security->settings->lp_ctx);
-               if (!schannel_ldb) {
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-               /* pull the session key for this client */
-               status = schannel_fetch_session_key_ldb(schannel_ldb,
-                                                       out_mem_ctx, workstation, &creds);
-               talloc_free(schannel_ldb);
+               status = schannel_get_creds_state(out_mem_ctx,
+                                                 gensec_security->settings->iconv_convenience,
+                                                 lp_private_dir(gensec_security->settings->lp_ctx),
+                                                 workstation, &creds);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
                                  workstation, nt_errstr(status)));
@@ -157,7 +149,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                        return status;
                }
 
-               state->creds = talloc_reference(state, creds);
+               state->creds = talloc_steal(state, creds);
 
                bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
                bind_schannel_ack.Flags = 0;
@@ -296,7 +288,8 @@ static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
                                struct schannel_state);
 
        return netsec_incoming_packet(state, mem_ctx, true,
-                                     data, length, sig);
+                                     discard_const_p(uint8_t, data),
+                                     length, sig);
 }
 
 /*
@@ -313,7 +306,8 @@ static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
                                struct schannel_state);
 
        return netsec_incoming_packet(state, mem_ctx, false,
-                                     data, length, sig);
+                                     discard_const_p(uint8_t, data),
+                                     length, sig);
 }
 /*
   seal a packet
@@ -346,7 +340,8 @@ static NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security,
                                struct schannel_state);
 
        return netsec_outgoing_packet(state, mem_ctx, false,
-                                     data, length, sig);
+                                     discard_const_p(uint8_t, data),
+                                     length, sig);
 }
 
 static const struct gensec_security_ops gensec_schannel_security_ops = {