s4:schannel merge code with s3

[ira/wip.git] / source4 / auth / gensec / schannel.c

diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 15d64436e39958d601b0e3efe92c76aa55199640..939a383a04aca8b49e9184267168f4ee4ca0b921 100644 (file)
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -26,10 +26,9 @@
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_proto.h"
-#include "auth/gensec/schannel.h"
+#include "../libcli/auth/schannel.h"
 #include "librpc/rpc/dcerpc.h"
 #include "param/param.h"
-#include "auth/session_proto.h"
 
 static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
 {
@@ -51,7 +50,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
        struct NL_AUTH_MESSAGE bind_schannel;
        struct NL_AUTH_MESSAGE bind_schannel_ack;
        struct netlogon_creds_CredentialState *creds;
-       struct ldb_context *schannel_ldb;
        const char *workstation;
        const char *domain;
        uint32_t required_flags;
@@ -138,15 +136,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                        return NT_STATUS_LOGON_FAILURE;
                }
 
-               schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
-                                                  gensec_security->settings->lp_ctx);
-               if (!schannel_ldb) {
-                       return NT_STATUS_ACCESS_DENIED;
-               }
-               /* pull the session key for this client */
-               status = schannel_fetch_session_key_ldb(schannel_ldb,
-                                                       out_mem_ctx, workstation, &creds);
-               talloc_free(schannel_ldb);
+               status = schannel_get_creds_state(out_mem_ctx,
+                                                 gensec_security->settings->iconv_convenience,
+                                                 lp_private_dir(gensec_security->settings->lp_ctx),
+                                                 workstation, &creds);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
                                  workstation, nt_errstr(status)));
@@ -156,7 +149,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                        return status;
                }
 
-               state->creds = talloc_reference(state, creds);
+               state->creds = talloc_steal(state, creds);
 
                bind_schannel_ack.MessageType = NL_NEGOTIATE_RESPONSE;
                bind_schannel_ack.Flags = 0;
@@ -281,6 +274,75 @@ static bool schannel_have_feature(struct gensec_security *gensec_security,
        return false;
 }
 
+/*
+  unseal a packet
+*/
+static NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security,
+                                      TALLOC_CTX *mem_ctx,
+                                      uint8_t *data, size_t length,
+                                      const uint8_t *whole_pdu, size_t pdu_length,
+                                      const DATA_BLOB *sig)
+{
+       struct schannel_state *state =
+               talloc_get_type(gensec_security->private_data,
+                               struct schannel_state);
+
+       return netsec_incoming_packet(state, mem_ctx, true,
+                                     discard_const_p(uint8_t, data),
+                                     length, sig);
+}
+
+/*
+  check the signature on a packet
+*/
+static NTSTATUS schannel_check_packet(struct gensec_security *gensec_security,
+                                     TALLOC_CTX *mem_ctx,
+                                     const uint8_t *data, size_t length,
+                                     const uint8_t *whole_pdu, size_t pdu_length,
+                                     const DATA_BLOB *sig)
+{
+       struct schannel_state *state =
+               talloc_get_type(gensec_security->private_data,
+                               struct schannel_state);
+
+       return netsec_incoming_packet(state, mem_ctx, false,
+                                     discard_const_p(uint8_t, data),
+                                     length, sig);
+}
+/*
+  seal a packet
+*/
+static NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security,
+                                    TALLOC_CTX *mem_ctx,
+                                    uint8_t *data, size_t length,
+                                    const uint8_t *whole_pdu, size_t pdu_length,
+                                    DATA_BLOB *sig)
+{
+       struct schannel_state *state =
+               talloc_get_type(gensec_security->private_data,
+                               struct schannel_state);
+
+       return netsec_outgoing_packet(state, mem_ctx, true,
+                                     data, length, sig);
+}
+
+/*
+  sign a packet
+*/
+static NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security,
+                                    TALLOC_CTX *mem_ctx,
+                                    const uint8_t *data, size_t length,
+                                    const uint8_t *whole_pdu, size_t pdu_length,
+                                    DATA_BLOB *sig)
+{
+       struct schannel_state *state =
+               talloc_get_type(gensec_security->private_data,
+                               struct schannel_state);
+
+       return netsec_outgoing_packet(state, mem_ctx, false,
+                                     discard_const_p(uint8_t, data),
+                                     length, sig);
+}
 
 static const struct gensec_security_ops gensec_schannel_security_ops = {
        .name           = "schannel",