2010-01-07 10:24:12 +01:00
/*
2003-11-26 01:16:41 +00:00
* Unix SMB / CIFS implementation .
* Version 3.0
* NTLMSSP Signing routines
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 2001
2005-04-25 03:37:37 +00:00
* Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2003 - 2005
2010-01-07 10:24:12 +01:00
*
2003-11-26 01:16:41 +00:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-10 02:46:15 +00:00
* the Free Software Foundation ; either version 3 of the License , or
2003-11-26 01:16:41 +00:00
* ( at your option ) any later version .
2010-01-07 10:24:12 +01:00
*
2003-11-26 01:16:41 +00:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2010-01-07 10:24:12 +01:00
*
2003-11-26 01:16:41 +00:00
* You should have received a copy of the GNU General Public License
2007-07-10 03:42:26 +00:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2003-11-26 01:16:41 +00:00
*/
# include "includes.h"
2005-04-25 05:03:50 +00:00
# include "auth/ntlmssp/ntlmssp.h"
2006-11-07 00:48:36 +00:00
# include "auth/gensec/gensec.h"
2013-08-05 07:12:01 +02:00
# include "auth/gensec/gensec_internal.h"
2011-07-25 16:04:38 +10:00
# include "auth/ntlmssp/ntlmssp_private.h"
NTSTATUS gensec_ntlmssp_magic ( struct gensec_security * gensec_security ,
const DATA_BLOB * first_packet )
{
if ( ntlmssp_blob_matches_magic ( first_packet ) ) {
return NT_STATUS_OK ;
} else {
return NT_STATUS_INVALID_PARAMETER ;
}
}
/**
* Return the NTLMSSP master session key
*
* @ param ntlmssp_state NTLMSSP State
*/
NTSTATUS gensec_ntlmssp_session_key ( struct gensec_security * gensec_security ,
TALLOC_CTX * mem_ctx ,
DATA_BLOB * session_key )
{
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
struct ntlmssp_state * ntlmssp_state = gensec_ntlmssp - > ntlmssp_state ;
if ( ntlmssp_state - > expected_state ! = NTLMSSP_DONE ) {
return NT_STATUS_NO_USER_SESSION_KEY ;
}
if ( ! ntlmssp_state - > session_key . data ) {
return NT_STATUS_NO_USER_SESSION_KEY ;
}
* session_key = data_blob_talloc ( mem_ctx , ntlmssp_state - > session_key . data , ntlmssp_state - > session_key . length ) ;
if ( ! session_key - > data ) {
return NT_STATUS_NO_MEMORY ;
}
return NT_STATUS_OK ;
}
bool gensec_ntlmssp_have_feature ( struct gensec_security * gensec_security ,
uint32_t feature )
{
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
struct ntlmssp_state * ntlmssp_state = gensec_ntlmssp - > ntlmssp_state ;
if ( feature & GENSEC_FEATURE_SIGN ) {
if ( ! ntlmssp_state - > session_key . length ) {
return false ;
}
if ( ntlmssp_state - > neg_flags & NTLMSSP_NEGOTIATE_SIGN ) {
return true ;
}
}
if ( feature & GENSEC_FEATURE_SEAL ) {
if ( ! ntlmssp_state - > session_key . length ) {
return false ;
}
if ( ntlmssp_state - > neg_flags & NTLMSSP_NEGOTIATE_SEAL ) {
return true ;
}
}
if ( feature & GENSEC_FEATURE_SESSION_KEY ) {
if ( ntlmssp_state - > session_key . length ) {
return true ;
}
}
if ( feature & GENSEC_FEATURE_DCE_STYLE ) {
return true ;
}
if ( feature & GENSEC_FEATURE_ASYNC_REPLIES ) {
if ( ntlmssp_state - > neg_flags & NTLMSSP_NEGOTIATE_NTLM2 ) {
return true ;
}
}
2013-12-31 09:53:55 +01:00
if ( feature & GENSEC_FEATURE_SIGN_PKT_HEADER ) {
return true ;
}
2015-11-19 16:02:58 +01:00
if ( feature & GENSEC_FEATURE_NEW_SPNEGO ) {
if ( ! ntlmssp_state - > session_key . length ) {
return false ;
}
if ( ! ( ntlmssp_state - > neg_flags & NTLMSSP_NEGOTIATE_SIGN ) ) {
return false ;
}
return ntlmssp_state - > new_spnego ;
}
2013-12-31 09:53:55 +01:00
2011-07-25 16:04:38 +10:00
return false ;
}
NTSTATUS gensec_ntlmssp_start ( struct gensec_security * gensec_security )
{
struct gensec_ntlmssp_context * gensec_ntlmssp ;
gensec_ntlmssp = talloc_zero ( gensec_security ,
struct gensec_ntlmssp_context ) ;
if ( ! gensec_ntlmssp ) {
return NT_STATUS_NO_MEMORY ;
}
gensec_security - > private_data = gensec_ntlmssp ;
return NT_STATUS_OK ;
}
2005-04-25 03:37:37 +00:00
2009-12-30 15:58:05 +01:00
NTSTATUS gensec_ntlmssp_sign_packet ( struct gensec_security * gensec_security ,
TALLOC_CTX * sig_mem_ctx ,
const uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
DATA_BLOB * sig )
{
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
NTSTATUS nt_status ;
nt_status = ntlmssp_sign_packet ( gensec_ntlmssp - > ntlmssp_state ,
sig_mem_ctx ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
return nt_status ;
}
2009-12-30 16:01:28 +01:00
NTSTATUS gensec_ntlmssp_check_packet ( struct gensec_security * gensec_security ,
const uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
const DATA_BLOB * sig )
{
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
NTSTATUS nt_status ;
nt_status = ntlmssp_check_packet ( gensec_ntlmssp - > ntlmssp_state ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
return nt_status ;
}
2009-12-30 16:02:37 +01:00
NTSTATUS gensec_ntlmssp_seal_packet ( struct gensec_security * gensec_security ,
TALLOC_CTX * sig_mem_ctx ,
uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
DATA_BLOB * sig )
{
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
NTSTATUS nt_status ;
nt_status = ntlmssp_seal_packet ( gensec_ntlmssp - > ntlmssp_state ,
sig_mem_ctx ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
return nt_status ;
}
2009-12-30 16:02:37 +01:00
/*
wrappers for the ntlmssp_ * ( ) functions
*/
NTSTATUS gensec_ntlmssp_unseal_packet ( struct gensec_security * gensec_security ,
uint8_t * data , size_t length ,
const uint8_t * whole_pdu , size_t pdu_length ,
const DATA_BLOB * sig )
{
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
NTSTATUS nt_status ;
nt_status = ntlmssp_unseal_packet ( gensec_ntlmssp - > ntlmssp_state ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
return nt_status ;
}
2011-07-25 16:04:38 +10:00
size_t gensec_ntlmssp_sig_size ( struct gensec_security * gensec_security , size_t data_size )
2005-04-25 03:37:37 +00:00
{
return NTLMSSP_SIG_SIZE ;
}
2011-07-25 16:04:38 +10:00
NTSTATUS gensec_ntlmssp_wrap ( struct gensec_security * gensec_security ,
2011-01-20 16:37:04 +11:00
TALLOC_CTX * out_mem_ctx ,
2011-07-25 16:04:38 +10:00
const DATA_BLOB * in ,
2005-04-25 03:37:37 +00:00
DATA_BLOB * out )
{
2011-01-20 16:37:04 +11:00
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
2005-04-25 03:37:37 +00:00
2011-01-20 16:37:04 +11:00
return ntlmssp_wrap ( gensec_ntlmssp - > ntlmssp_state ,
out_mem_ctx ,
in , out ) ;
2005-04-25 03:37:37 +00:00
}
2011-07-25 16:04:38 +10:00
NTSTATUS gensec_ntlmssp_unwrap ( struct gensec_security * gensec_security ,
2011-01-20 16:37:04 +11:00
TALLOC_CTX * out_mem_ctx ,
2011-07-25 16:04:38 +10:00
const DATA_BLOB * in ,
2005-04-25 03:37:37 +00:00
DATA_BLOB * out )
{
2009-12-30 08:23:13 +01:00
struct gensec_ntlmssp_context * gensec_ntlmssp =
talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
2005-04-25 03:37:37 +00:00
2011-01-20 16:37:04 +11:00
return ntlmssp_unwrap ( gensec_ntlmssp - > ntlmssp_state ,
out_mem_ctx ,
in , out ) ;
}