We let the caller use auth_generic_server_step() instead.
This allows us to request GENSEC_FEATURE_SIGN_PKT_HEADER before
starting the gensec_update() dance.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
- DATA_BLOB *token_in,
- DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
const struct tsocket_address *local_address,
const char *service_description,
return status;
}
- status = gensec_update(gensec_security, mem_ctx, *token_in, token_out);
- if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(2, (__location__ ": gensec_update failed: %s\n",
- nt_errstr(status)));
- TALLOC_FREE(gensec_security);
- return status;
- }
-
/* steal gensec context to the caller */
*ctx = talloc_move(mem_ctx, &gensec_security);
return status;
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
- DATA_BLOB *token_in,
- DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
const struct tsocket_address *local_address,
const char *service_description,
/* this has to be done as root in order to create the messaging socket */
status = auth_generic_server_authtype_start_as_root(mem_ctx,
auth_type, auth_level,
- token_in,
- token_out,
remote_address,
local_address,
service_description,
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
- DATA_BLOB *token_in,
- DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
const struct tsocket_address *local_address,
const char *service_description,
status = auth_generic_server_authtype_start(p,
auth_info->auth_type,
auth_info->auth_level,
- &auth_info->credentials,
- response,
p->remote_address,
p->local_address,
service_description,
&gensec_security);
- if (!NT_STATUS_IS_OK(status) &&
- !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
- {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": auth_generic_server_authtype_start[%u/%u] failed: %s\n",
auth_info->auth_type, auth_info->auth_level, nt_errstr(status)));
return false;
}
- /* Make sure data is bound to the memctx, to be freed the caller */
- talloc_steal(mem_ctx, response->data);
-
p->auth.auth_ctx = gensec_security;
p->auth.auth_type = auth_info->auth_type;
p->auth.auth_level = auth_info->auth_level;
GENSEC_FEATURE_SIGN_PKT_HEADER);
}
+ status = auth_generic_server_step(gensec_security, mem_ctx,
+ &auth_info->credentials,
+ response);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ DEBUG(2, (__location__ ": "
+ "auth_generic_server_step[%u/%u] failed: %s\n",
+ auth_info->auth_type, auth_info->auth_level,
+ nt_errstr(status)));
+ return false;
+ }
+
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
return true;
}