[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-329-g1f41236

Günther Deschner Tue, 15 Sep 2009 15:16:45 -0700

The branch, master has been updated
       via  1f4123677e509f4479b87c0a9c20abdc556890b1 (commit)
       via  9cb205d7535ce1ff811892580e3419c3f562d607 (commit)
      from  f8014d30e7023532dfdfce7469024f20af37a3d3 (commit)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1f4123677e509f4479b87c0a9c20abdc556890b1
Author: GÃ¼nther Deschner <g...@samba.org>
Date:   Sun Sep 13 18:42:45 2009 +0200

    s4-schannel: first step of decoupling schannel from gensec.
    
    Guenther

commit 9cb205d7535ce1ff811892580e3419c3f562d607
Author: GÃ¼nther Deschner <g...@samba.org>
Date:   Sun Sep 13 15:21:20 2009 +0200

    s4-schannel: strip trailing whitespace.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/gensec/schannel.c      |   51 ++++++++++++++++++++++--
 source4/auth/gensec/schannel_sign.c |   74 ++++++++++++++--------------------
 2 files changed, 78 insertions(+), 47 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 15d6443..90b90fc 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -281,6 +281,49 @@ static bool schannel_have_feature(struct gensec_security 
*gensec_security,
        return false;
 }
 
+static NTSTATUS schannel_seal_packet_wrap(struct gensec_security 
*gensec_security,
+                                         TALLOC_CTX *mem_ctx,
+                                         uint8_t *data, size_t length,
+                                         const uint8_t *whole_pdu, size_t 
pdu_length,
+                                         DATA_BLOB *sig)
+{
+       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
+
+       return schannel_seal_packet(state, mem_ctx, data, length, sig);
+}
+
+static NTSTATUS schannel_sign_packet_wrap(struct gensec_security 
*gensec_security,
+                                         TALLOC_CTX *mem_ctx,
+                                         const uint8_t *data, size_t length,
+                                         const uint8_t *whole_pdu, size_t 
pdu_length,
+                                         DATA_BLOB *sig)
+{
+       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
+
+       return schannel_sign_packet(state, mem_ctx, data, length, sig);
+}
+
+static NTSTATUS schannel_check_packet_wrap(struct gensec_security 
*gensec_security,
+                                          TALLOC_CTX *mem_ctx,
+                                          const uint8_t *data, size_t length,
+                                          const uint8_t *whole_pdu, size_t 
pdu_length,
+                                          const DATA_BLOB *sig)
+{
+       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
+
+       return schannel_check_packet(state, mem_ctx, data, length, sig);
+}
+
+static NTSTATUS schannel_unseal_packet_wrap(struct gensec_security 
*gensec_security,
+                                           TALLOC_CTX *mem_ctx,
+                                           uint8_t *data, size_t length,
+                                           const uint8_t *whole_pdu, size_t 
pdu_length,
+                                           const DATA_BLOB *sig)
+{
+       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
+
+       return schannel_unseal_packet(state, mem_ctx, data, length, sig);
+}
 
 static const struct gensec_security_ops gensec_schannel_security_ops = {
        .name           = "schannel",
@@ -288,10 +331,10 @@ static const struct gensec_security_ops 
gensec_schannel_security_ops = {
        .client_start   = schannel_client_start,
        .server_start   = schannel_server_start,
        .update         = schannel_update,
-       .seal_packet    = schannel_seal_packet,
-       .sign_packet    = schannel_sign_packet,
-       .check_packet   = schannel_check_packet,
-       .unseal_packet  = schannel_unseal_packet,
+       .seal_packet    = schannel_seal_packet_wrap,
+       .sign_packet    = schannel_sign_packet_wrap,
+       .check_packet   = schannel_check_packet_wrap,
+       .unseal_packet  = schannel_unseal_packet_wrap,
        .session_key    = schannel_session_key,
        .session_info   = schannel_session_info,
        .sig_size       = schannel_sig_size,
diff --git a/source4/auth/gensec/schannel_sign.c 
b/source4/auth/gensec/schannel_sign.c
index 17a0c17..ca066b1 100644
--- a/source4/auth/gensec/schannel_sign.c
+++ b/source4/auth/gensec/schannel_sign.c
@@ -1,21 +1,21 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
 
    schannel library code
 
    Copyright (C) Andrew Tridgell 2004
    Copyright (C) Andrew Bartlett <abart...@samba.org> 2005
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -49,11 +49,11 @@ static void netsec_deal_with_seq_num(struct schannel_state 
*state,
 
 
 /*******************************************************************
- Calculate the key with which to encode the data payload 
+ Calculate the key with which to encode the data payload
  ********************************************************************/
 static void netsec_get_sealing_key(const uint8_t session_key[16],
                                   const uint8_t seq_num[8],
-                                  uint8_t sealing_key[16]) 
+                                  uint8_t sealing_key[16])
 {
        static const uint8_t zeros[4];
        uint8_t digest2[16];
@@ -63,26 +63,26 @@ static void netsec_get_sealing_key(const uint8_t 
session_key[16],
        for (i = 0; i < 16; i++) {
                sess_kf0[i] = session_key[i] ^ 0xf0;
        }
-       
+
        hmac_md5(sess_kf0, zeros, 4, digest2);
        hmac_md5(digest2, seq_num, 8, sealing_key);
 }
 
 
 /*******************************************************************
- Create a digest over the entire packet (including the data), and 
+ Create a digest over the entire packet (including the data), and
  MD5 it with the session key.
  ********************************************************************/
 static void schannel_digest(const uint8_t sess_key[16],
                            const uint8_t netsec_sig[8],
                            const uint8_t *confounder,
                            const uint8_t *data, size_t data_len,
-                           uint8_t digest_final[16]) 
+                           uint8_t digest_final[16])
 {
        uint8_t packet_digest[16];
        static const uint8_t zeros[4];
        struct MD5Context ctx;
-       
+
        MD5Init(&ctx);
        MD5Update(&ctx, zeros, 4);
        MD5Update(&ctx, netsec_sig, 8);
@@ -91,7 +91,7 @@ static void schannel_digest(const uint8_t sess_key[16],
        }
        MD5Update(&ctx, data, data_len);
        MD5Final(packet_digest, &ctx);
-       
+
        hmac_md5(sess_key, packet_digest, sizeof(packet_digest), digest_final);
 }
 
@@ -99,14 +99,11 @@ static void schannel_digest(const uint8_t sess_key[16],
 /*
   unseal a packet
 */
-NTSTATUS schannel_unseal_packet(struct gensec_security *gensec_security, 
-                               TALLOC_CTX *mem_ctx, 
-                               uint8_t *data, size_t length, 
-                               const uint8_t *whole_pdu, size_t pdu_length, 
+NTSTATUS schannel_unseal_packet(struct schannel_state *state,
+                               TALLOC_CTX *mem_ctx,
+                               uint8_t *data, size_t length,
                                const DATA_BLOB *sig)
 {
-       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
-       
        uint8_t digest_final[16];
        uint8_t confounder[8];
        uint8_t seq_num[8];
@@ -126,8 +123,8 @@ NTSTATUS schannel_unseal_packet(struct gensec_security 
*gensec_security,
        arcfour_crypt(confounder, sealing_key, 8);
        arcfour_crypt(data, sealing_key, length);
 
-       schannel_digest(state->creds->session_key, 
-                       netsec_sig, confounder, 
+       schannel_digest(state->creds->session_key,
+                       netsec_sig, confounder,
                        data, length, digest_final);
 
        if (memcmp(digest_final, sig->data+16, 8) != 0) {
@@ -150,14 +147,11 @@ NTSTATUS schannel_unseal_packet(struct gensec_security 
*gensec_security,
 /*
   check the signature on a packet
 */
-NTSTATUS schannel_check_packet(struct gensec_security *gensec_security, 
-                              TALLOC_CTX *mem_ctx, 
-                              const uint8_t *data, size_t length, 
-                              const uint8_t *whole_pdu, size_t pdu_length, 
+NTSTATUS schannel_check_packet(struct schannel_state *state,
+                              TALLOC_CTX *mem_ctx,
+                              const uint8_t *data, size_t length,
                               const DATA_BLOB *sig)
 {
-       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
-
        uint8_t digest_final[16];
        uint8_t seq_num[8];
        static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE;
@@ -173,8 +167,8 @@ NTSTATUS schannel_check_packet(struct gensec_security 
*gensec_security,
        dump_data_pw("seq_num:\n", seq_num, 8);
        dump_data_pw("sess_key:\n", state->creds->session_key, 16);
 
-       schannel_digest(state->creds->session_key, 
-                       netsec_sig, NULL, 
+       schannel_digest(state->creds->session_key,
+                       netsec_sig, NULL,
                        data, length, digest_final);
 
        netsec_deal_with_seq_num(state, digest_final, seq_num);
@@ -198,14 +192,11 @@ NTSTATUS schannel_check_packet(struct gensec_security 
*gensec_security,
 /*
   seal a packet
 */
-NTSTATUS schannel_seal_packet(struct gensec_security *gensec_security, 
-                             TALLOC_CTX *mem_ctx, 
-                             uint8_t *data, size_t length, 
-                             const uint8_t *whole_pdu, size_t pdu_length, 
+NTSTATUS schannel_seal_packet(struct schannel_state *state,
+                             TALLOC_CTX *mem_ctx,
+                             uint8_t *data, size_t length,
                              DATA_BLOB *sig)
 {
-       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
-
        uint8_t digest_final[16];
        uint8_t confounder[8];
        uint8_t seq_num[8];
@@ -217,8 +208,8 @@ NTSTATUS schannel_seal_packet(struct gensec_security 
*gensec_security,
        RSIVAL(seq_num, 0, state->seq_num);
        SIVAL(seq_num, 4, state->initiator?0x80:0);
 
-       schannel_digest(state->creds->session_key, 
-                       netsec_sig, confounder, 
+       schannel_digest(state->creds->session_key,
+                       netsec_sig, confounder,
                        data, length, digest_final);
 
        netsec_get_sealing_key(state->creds->session_key, seq_num, sealing_key);
@@ -246,14 +237,11 @@ NTSTATUS schannel_seal_packet(struct gensec_security 
*gensec_security,
 /*
   sign a packet
 */
-NTSTATUS schannel_sign_packet(struct gensec_security *gensec_security, 
-                             TALLOC_CTX *mem_ctx, 
-                             const uint8_t *data, size_t length, 
-                             const uint8_t *whole_pdu, size_t pdu_length, 
+NTSTATUS schannel_sign_packet(struct schannel_state *state,
+                             TALLOC_CTX *mem_ctx,
+                             const uint8_t *data, size_t length,
                              DATA_BLOB *sig)
 {
-       struct schannel_state *state = 
talloc_get_type(gensec_security->private_data, struct schannel_state);
-
        uint8_t digest_final[16];
        uint8_t seq_num[8];
        static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE;
@@ -261,8 +249,8 @@ NTSTATUS schannel_sign_packet(struct gensec_security 
*gensec_security,
        RSIVAL(seq_num, 0, state->seq_num);
        SIVAL(seq_num, 4, state->initiator?0x80:0);
 
-       schannel_digest(state->creds->session_key, 
-                       netsec_sig, NULL, 
+       schannel_digest(state->creds->session_key,
+                       netsec_sig, NULL,
                        data, length, digest_final);
 
        netsec_deal_with_seq_num(state, digest_final, seq_num);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-329-g1f41236

Reply via email to