summaryrefslogtreecommitdiff
path: root/auth/gensec/spnego.c
Commit message (Collapse)AuthorAgeFilesLines
* auth/spnego: invert the fallback logic in gensec_spnego_client_negTokenInit()Stefan Metzmacher2017-07-251-7/+6
| | | | | | | We should do the return first, that will simplify further changes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out gensec_spnego_update_pre/post() functionsStefan Metzmacher2017-07-251-81/+153
| | | | | | | | | | | For now we keep doing sync processing only, in future we'll do some preprocessing before a gensec_update_send() on the subcontext in gensec_spnego_update_pre() and handle the the result of gensec_update_recv() in gensec_spnego_update_post(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_parse_negTokenInit() into ↵Stefan Metzmacher2017-07-251-144/+123
| | | | | | | gensec_spnego_server_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove more dead code from gensec_spnego_parse_negTokenInit()Stefan Metzmacher2017-07-251-39/+1
| | | | | | | Now we finally have a logic that someone can understand while reading it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add an early return for OK or MORE PROCESSING in ↵Stefan Metzmacher2017-07-251-1/+1
| | | | | | | gensec_spnego_parse_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add an early return for a hard error in ↵Stefan Metzmacher2017-07-251-0/+7
| | | | | | | gensec_spnego_parse_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: do an early return when we downgraded the mech in ↵Stefan Metzmacher2017-07-251-1/+1
| | | | | | | gensec_spnego_parse_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove one more useless indentation level from ↵Stefan Metzmacher2017-07-251-54/+58
| | | | | | | | | | gensec_spnego_parse_negTokenInit() Check with 'git show -w -U45' and carefully check the 'break' vs. 'continue' changes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()Stefan Metzmacher2017-07-251-85/+0
| | | | | | | Check with git show -U15 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove unused indentation level from ↵Stefan Metzmacher2017-07-251-63/+65
| | | | | | | | | gensec_spnego_parse_negTokenInit() gensec_spnego_parse_negTokenInit() is only used as server now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_parse_negTokenInit() client logic into ↵Stefan Metzmacher2017-07-251-7/+121
| | | | | | | gensec_spnego_client_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: let gensec_spnego_parse_negTokenInit() require client provides ↵Stefan Metzmacher2017-07-251-0/+7
| | | | | | | mechs Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_update_server() into ↵Stefan Metzmacher2017-07-251-36/+10
| | | | | | | gensec_spnego_update_send() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_update_client() into ↵Stefan Metzmacher2017-07-251-38/+10
| | | | | | | gensec_spnego_update_send() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_server_negTokenTarg() functionStefan Metzmacher2017-07-251-115/+125
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce a 'struct spnego_negTokenTarg *ta' helper variable in ↵Stefan Metzmacher2017-07-251-6/+7
| | | | | | | gensec_spnego_update_server() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_client_negTokenTarg() functionStefan Metzmacher2017-07-251-295/+324
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make more use of the 'ta' helper variable in ↵Stefan Metzmacher2017-07-251-15/+15
| | | | | | | gensec_spnego_update_client() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_server_negTokenInit() function.Stefan Metzmacher2017-07-251-31/+42
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_client_negTokenInit() function.Stefan Metzmacher2017-07-251-55/+68
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in ↵Stefan Metzmacher2017-07-251-3/+2
| | | | | | | gensec_spnego_update_client() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in ↵Stefan Metzmacher2017-07-251-2/+1
| | | | | | | gensec_spnego_create_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in ↵Stefan Metzmacher2017-07-251-17/+14
| | | | | | | | | gensec_spnego_update_send() Check with git show -U15 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: simplify the error handling logic in ↵Stefan Metzmacher2017-07-251-4/+2
| | | | | | | | | | | | gensec_spnego_parse_negTokenInit() We can just use GENSEC_UPDATE_IS_NTERROR() as NT_STATUS_INVALID_PARAMETER is mapped to NT_STATUS_MORE_PROCESSING_REQUIRED in the lines above. Check with git show -U10 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: call gensec_spnego_create_negTokenInit() directly in ↵Stefan Metzmacher2017-07-251-15/+18
| | | | | | | | | gensec_spnego_update_send() This simplifies further refactoring. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: do parse the incoming blob already in gensec_spnego_update_send()Stefan Metzmacher2017-07-251-124/+85
| | | | | | | It's easier to have this in one central place. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce a 'spnego_in' helper variable in ↵Stefan Metzmacher2017-07-251-7/+10
| | | | | | | | | | gensec_spnego_update_client() In the following commits we'll pass that variable from the caller and this preparation will reduce the diff for the following patches. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce a 'spnego_in' helper variable in ↵Stefan Metzmacher2017-07-251-17/+20
| | | | | | | | | | gensec_spnego_update_client() In the following commits we'll pass that variable from the caller and this preparation will reduce the diff for the following patches. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: skip gensec_update_ev() if sub_sec_ready is already true in ↵Stefan Metzmacher2017-07-251-9/+13
| | | | | | | | | gensec_spnego_update_server() This matches the flow already used in the client case. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move gensec_update_ev() out of gensec_spnego_server_try_fallback()Stefan Metzmacher2017-07-251-9/+21
| | | | | | | | This makes it easier to handle SPNEGO_FALLBACK code path completely async from the first packet in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: Fix withespace and indent in gensec_spnego_server_try_fallback()Andreas Schneider2017-07-251-3/+5
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth/spnego: pass spnego_in to gensec_spnego_parse_negTokenInit()Stefan Metzmacher2017-07-051-9/+17
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 5 06:43:17 CEST 2017 on sn-devel-144
* auth/spnego: remove useless indentation level for SPNEGO_SERVER_STARTStefan Metzmacher2017-07-051-42/+40
| | | | | | | Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move SERVER gensec_spnego_create_negTokenInit() handling to the topStefan Metzmacher2017-07-051-6/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: set spnego_state->{state_position,expected_packet} ↵Stefan Metzmacher2017-07-051-10/+16
| | | | | | | | | | gensec_spnego_create_negTokenInit() We should only do the state change in a defined place and not with any error gensec_spnego_create_negTokenInit() might return. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: don't pass 'in' to gensec_spnego_create_negTokenInit()Stefan Metzmacher2017-07-051-3/+3
| | | | | | | It's always en empty blob. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add a struct spnego_negTokenTarg *ta variable to make some ↵Stefan Metzmacher2017-07-051-10/+11
| | | | | | | | | lines shorter This makes future modifications easier to review. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: use a helper variable for spnego.negTokenInit.targetPrincipalStefan Metzmacher2017-07-051-4/+5
| | | | | | | This makes the lines a bit shorter and the future diff easier to review. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: rename gensec_spnego_server_negTokenTarg() into ↵Stefan Metzmacher2017-07-051-18/+18
| | | | | | | | | | gensec_spnego_server_response() gensec_spnego_server_negTokenTarg() will reappear as function that handles the whole negTokenTarg processing. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: do basic state_position checking in gensec_spnego_update_in()Stefan Metzmacher2017-06-291-7/+19
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jun 29 20:15:05 CEST 2017 on sn-devel-144
* auth/spnego: move gensec_spnego_update() into gensec_spnego_update_send()Stefan Metzmacher2017-06-291-37/+36
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out gensec_spnego_update_{client,server}() functionsStefan Metzmacher2017-06-291-200/+256
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove unused out_mem_ctx = spnego_state fallback in ↵Stefan Metzmacher2017-06-291-5/+0
| | | | | | | | | gensec_spnego_update() The only caller never passes NULL. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add gensec_spnego_update_sub_abort() helper functionStefan Metzmacher2017-06-291-22/+31
| | | | | | | This helps to be consistent when destroying a unuseable sub context. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove useless spnego_state->sub_sec_ready checkStefan Metzmacher2017-06-291-3/+1
| | | | | | | | | The lines above make sure it's always true. Check with git show -U15 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: consitently set spnego_state->sub_sec_ready = true after ↵Stefan Metzmacher2017-06-291-10/+15
| | | | | | | gensec_update_ev() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: rename spnego_state->no_response_expected to ->sub_sec_readyStefan Metzmacher2017-06-291-10/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move gensec_spnego_update_out() behind gensec_spnego_update_in()Stefan Metzmacher2017-06-291-59/+62
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move some more logic to gensec_spnego_update_in()Stefan Metzmacher2017-06-291-6/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move gensec_spnego_update_in() after gensec_spnego_update_send()Stefan Metzmacher2017-06-291-86/+89
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status