From 2cd3e51e19c0ae851ea2f294125c387f72d4432c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 19 Jun 2015 12:47:10 +0200 Subject: [PATCH] auth/gensec: remove unused gensec_[un]wrap_packets() hooks Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- auth/gensec/gensec.h | 21 -------- auth/gensec/gensec_internal.h | 12 ----- auth/gensec/gensec_util.c | 116 ------------------------------------------ auth/gensec/spnego.c | 56 -------------------- auth/gensec/wscript_build | 2 +- 5 files changed, 1 insertion(+), 206 deletions(-) diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index 0d3a29ca831..d09813e218e 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -107,30 +107,9 @@ const struct gensec_critical_sizes *gensec_interface_version(void); /* Socket wrapper */ struct gensec_security; -struct socket_context; struct auth4_context; struct auth_user_info_dc; -/* These functions are for use here only (public because SPNEGO must - * use them for recursion) */ -NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); -/* These functions are for use here only (public because SPNEGO must - * use them for recursion) */ -NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - -/* These functions are for use here only (public because SPNEGO must - * use them for recursion) */ -NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size); - struct loadparm_context; NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h index c04164a3dbd..45a66f8a4bc 100644 --- a/auth/gensec/gensec_internal.h +++ b/auth/gensec/gensec_internal.h @@ -74,18 +74,6 @@ struct gensec_security_ops { TALLOC_CTX *mem_ctx, const DATA_BLOB *in, DATA_BLOB *out); - NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed); - NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size); NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, DATA_BLOB *session_key); NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c index b8e38b7f7c9..8ef4b252aff 100644 --- a/auth/gensec/gensec_util.c +++ b/auth/gensec/gensec_util.c @@ -68,122 +68,6 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx, } /* - * These functions are for use in the deprecated - * gensec_socket code (public because SPNEGO must - * use them for recursion) - */ -_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed) -{ - if (!gensec_security->ops->wrap_packets) { - NTSTATUS nt_status; - size_t max_input_size; - DATA_BLOB unwrapped, wrapped; - max_input_size = gensec_max_input_size(gensec_security); - unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length)); - - nt_status = gensec_wrap(gensec_security, - mem_ctx, - &unwrapped, &wrapped); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - *out = data_blob_talloc(mem_ctx, NULL, 4); - if (!out->data) { - return NT_STATUS_NO_MEMORY; - } - RSIVAL(out->data, 0, wrapped.length); - - if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) { - return NT_STATUS_NO_MEMORY; - } - *len_processed = unwrapped.length; - return NT_STATUS_OK; - } - return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out, - len_processed); -} - -/* - * These functions are for use in the deprecated - * gensec_socket code (public because SPNEGO must - * use them for recursion) - */ -NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed) -{ - if (!gensec_security->ops->unwrap_packets) { - DATA_BLOB wrapped; - NTSTATUS nt_status; - size_t packet_size; - if (in->length < 4) { - /* Missing the header we already had! */ - DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - packet_size = RIVAL(in->data, 0); - - wrapped = data_blob_const(in->data + 4, packet_size); - - if (wrapped.length > (in->length - 4)) { - DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n", - (int)wrapped.length, (int)(in->length - 4))); - return NT_STATUS_INTERNAL_ERROR; - } - - nt_status = gensec_unwrap(gensec_security, - mem_ctx, - &wrapped, out); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - *len_processed = packet_size + 4; - return nt_status; - } - return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out, - len_processed); -} - -/* - * These functions are for use in the deprecated - * gensec_socket code (public because SPNEGO must - * use them for recursion) - */ -NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size) -{ - if (gensec_security->ops->packet_full_request) { - return gensec_security->ops->packet_full_request(gensec_security, - blob, size); - } - if (gensec_security->ops->unwrap_packets) { - if (blob.length) { - *size = blob.length; - return NT_STATUS_OK; - } - return STATUS_MORE_ENTRIES; - } - - if (blob.length < 4) { - return STATUS_MORE_ENTRIES; - } - *size = 4 + RIVAL(blob.data, 0); - if (*size > blob.length) { - return STATUS_MORE_ENTRIES; - } - return NT_STATUS_OK; -} - -/* magic check a GSS-API wrapper packet for an Kerberos OID */ static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid) diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 20cacdb9b45..85c70e12f64 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -221,59 +221,6 @@ static NTSTATUS gensec_spnego_unwrap(struct gensec_security *gensec_security, mem_ctx, in, out); } -static NTSTATUS gensec_spnego_wrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed) -{ - struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; - - if (spnego_state->state_position != SPNEGO_DONE - && spnego_state->state_position != SPNEGO_FALLBACK) { - DEBUG(1, ("gensec_spnego_wrap: wrong state for wrap\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - return gensec_wrap_packets(spnego_state->sub_sec_security, - mem_ctx, in, out, - len_processed); -} - -static NTSTATUS gensec_spnego_packet_full_request(struct gensec_security *gensec_security, - DATA_BLOB blob, size_t *size) -{ - struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; - - if (spnego_state->state_position != SPNEGO_DONE - && spnego_state->state_position != SPNEGO_FALLBACK) { - DEBUG(1, ("gensec_spnego_unwrap: wrong state for unwrap\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - return gensec_packet_full_request(spnego_state->sub_sec_security, - blob, size); -} - -static NTSTATUS gensec_spnego_unwrap_packets(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out, - size_t *len_processed) -{ - struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; - - if (spnego_state->state_position != SPNEGO_DONE - && spnego_state->state_position != SPNEGO_FALLBACK) { - DEBUG(1, ("gensec_spnego_unwrap: wrong state for unwrap\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - return gensec_unwrap_packets(spnego_state->sub_sec_security, - mem_ctx, in, out, - len_processed); -} - static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security, size_t data_size) { struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; @@ -1384,11 +1331,8 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .max_input_size = gensec_spnego_max_input_size, .check_packet = gensec_spnego_check_packet, .unseal_packet = gensec_spnego_unseal_packet, - .packet_full_request = gensec_spnego_packet_full_request, .wrap = gensec_spnego_wrap, .unwrap = gensec_spnego_unwrap, - .wrap_packets = gensec_spnego_wrap_packets, - .unwrap_packets = gensec_spnego_unwrap_packets, .session_key = gensec_spnego_session_key, .session_info = gensec_spnego_session_info, .want_feature = gensec_spnego_want_feature, diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build index e6d179b5806..e4c4a08e33e 100755 --- a/auth/gensec/wscript_build +++ b/auth/gensec/wscript_build @@ -3,7 +3,7 @@ bld.SAMBA_LIBRARY('gensec', source='gensec.c gensec_start.c gensec_util.c', pc_files='gensec.pc', autoproto='gensec_toplevel_proto.h', - public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util asn1util', + public_deps='tevent-util samba-util errors auth_system_session samba-modules gensec_util asn1util', public_headers='gensec.h', deps='com_err', vnum='0.0.1' -- 2.11.4.GIT