diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-05-11 09:04:02 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-21 21:05:10 +0200 |
commit | 1e997d7a66c55c554df4d5910c685d7043e63aed (patch) | |
tree | 3747344c50710222af849a7b71330cc5d9502441 /source3/librpc | |
parent | 86f1ca2dadaa89484e0dd66f4c524ca443317ec2 (diff) | |
download | samba-1e997d7a66c55c554df4d5910c685d7043e63aed.tar.gz |
s3:gse: add simple gensec_gse_update_send/recv() wrapper functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/librpc')
-rw-r--r-- | source3/librpc/crypto/gse.c | 86 |
1 files changed, 71 insertions, 15 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 972bbe023a8..bcda8de896f 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -22,6 +22,8 @@ /* We support only GSSAPI/KRB5 here */ #include "includes.h" +#include <tevent.h> +#include "lib/util/tevent_ntstatus.h" #include "gse.h" #include "libads/kerberos_proto.h" #include "auth/common_auth.h" @@ -807,21 +809,51 @@ static NTSTATUS gensec_gse_server_start(struct gensec_security *gensec_security) return NT_STATUS_OK; } -/** - * Next state function for the GSE GENSEC mechanism - * - * @param gensec_gse_state GSE State - * @param mem_ctx The TALLOC_CTX for *out to be allocated on - * @param in The request, as a DATA_BLOB - * @param out The reply, as an talloc()ed DATA_BLOB, on *mem_ctx - * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent, - * or NT_STATUS_OK if the user is authenticated. - */ +struct gensec_gse_update_state { + NTSTATUS status; + DATA_BLOB out; +}; -static NTSTATUS gensec_gse_update(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - const DATA_BLOB in, DATA_BLOB *out) +static NTSTATUS gensec_gse_update_internal(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB in, + DATA_BLOB *out); + +static struct tevent_req *gensec_gse_update_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct gensec_security *gensec_security, + const DATA_BLOB in) +{ + struct tevent_req *req = NULL; + struct gensec_gse_update_state *state = NULL; + NTSTATUS status; + + req = tevent_req_create(mem_ctx, &state, + struct gensec_gse_update_state); + if (req == NULL) { + return NULL; + } + + status = gensec_gse_update_internal(gensec_security, + state, in, + &state->out); + state->status = status; + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + tevent_req_done(req); + return tevent_req_post(req, ev); + } + if (tevent_req_nterror(req, status)) { + return tevent_req_post(req, ev); + } + + tevent_req_done(req); + return tevent_req_post(req, ev); +} + +static NTSTATUS gensec_gse_update_internal(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + const DATA_BLOB in, + DATA_BLOB *out) { NTSTATUS status; @@ -844,6 +876,29 @@ static NTSTATUS gensec_gse_update(struct gensec_security *gensec_security, return NT_STATUS_OK; } +static NTSTATUS gensec_gse_update_recv(struct tevent_req *req, + TALLOC_CTX *out_mem_ctx, + DATA_BLOB *out) +{ + struct gensec_gse_update_state *state = + tevent_req_data(req, + struct gensec_gse_update_state); + NTSTATUS status; + + *out = data_blob_null; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + *out = state->out; + talloc_steal(out_mem_ctx, state->out.data); + status = state->status; + tevent_req_received(req); + return status; +} + static NTSTATUS gensec_gse_wrap(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, const DATA_BLOB *in, @@ -1295,7 +1350,8 @@ const struct gensec_security_ops gensec_gse_krb5_security_ops = { .client_start = gensec_gse_client_start, .server_start = gensec_gse_server_start, .magic = gensec_magic_check_krb5_oid, - .update = gensec_gse_update, + .update_send = gensec_gse_update_send, + .update_recv = gensec_gse_update_recv, .session_key = gensec_gse_session_key, .session_info = gensec_gse_session_info, .sig_size = gensec_gse_sig_size, |