sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
d5edfef325
samba-mirror/source4/auth/ntlmssp/ntlmssp.c

378 lines
12 KiB
C
Raw Normal View History

r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
/*
Unix SMB/Netbios implementation.
Version 3.0
handle NLTMSSP, client server side parsing
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
Copyright (C) Stefan Metzmacher 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "auth/auth.h"
#include "lib/crypto/crypto.h"
#include "auth/ntlmssp/ntlmssp.h"
/**
* Callbacks for NTLMSSP - for both client and server operating modes
*
*/
static const struct ntlmssp_callbacks {
enum ntlmssp_role role;
enum ntlmssp_message_type ntlmssp_command;
r6460: Push the client credentials into NTLMSSP, allowing logins of the form user@REALM for the first time. Fix the build for smbencrypt.c Andrew Bartlett (This used to be commit 5a6a57cd93e22e612bfbb8a8f7bc29269a9a3ac6)
2005-04-25 10:33:20 +04:00
NTSTATUS (*fn)(struct gensec_security *gensec_security,
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
TALLOC_CTX *out_mem_ctx,
DATA_BLOB in, DATA_BLOB *out);
} ntlmssp_callbacks[] = {
{NTLMSSP_CLIENT, NTLMSSP_INITIAL, ntlmssp_client_initial},
{NTLMSSP_SERVER, NTLMSSP_NEGOTIATE, ntlmssp_server_negotiate},
{NTLMSSP_CLIENT, NTLMSSP_CHALLENGE, ntlmssp_client_challenge},
{NTLMSSP_SERVER, NTLMSSP_AUTH, ntlmssp_server_auth},
};
/**
* Print out the NTLMSSP flags for debugging
* @param neg_flags The flags from the packet
*/
void debug_ntlmssp_flags(uint32_t neg_flags)
{
DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
if (neg_flags & NTLMSSP_REQUEST_TARGET)
DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_128)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
}
r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab support in Heimdal. This removes the 'ext_keytab' step from my Samba4/WinXP client howto. In doing this work, I realised that the replay cache in Heimdal is currently a no-op, so I have removed the calls to it, and therefore the mutex calls from passdb/secrets.c. This patch also includes a replacement 'magic' mechanism detection, that does not issue extra error messages from deep inside the GSSAPI code. Andrew Bartlett (This used to be commit c19d5706f4fa760415b727b970bc99e7f1abd064)
2005-06-22 06:12:26 +04:00
static NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security,
const DATA_BLOB *first_packet)
{
if (first_packet->length > 8 && memcmp("NTLMSSP\0", first_packet->data, 8) == 0) {
return NT_STATUS_OK;
} else {
return NT_STATUS_INVALID_PARAMETER;
}
}
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
/**
* Next state function for the wrapped NTLMSSP state machine
*
* @param gensec_security GENSEC state, initialised to NTLMSSP
* @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
* @param in The request, as a DATA_BLOB
* @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
* @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
* or NT_STATUS_OK if the user is authenticated.
*/
r6460: Push the client credentials into NTLMSSP, allowing logins of the form user@REALM for the first time. Fix the build for smbencrypt.c Andrew Bartlett (This used to be commit 5a6a57cd93e22e612bfbb8a8f7bc29269a9a3ac6)
2005-04-25 10:33:20 +04:00
static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
r6462: Move the arcfour sbox state into it's own structure, and allocate it with talloc() for the NTLMSSP system. Andrew Bartlett (This used to be commit 7a93ac49c28d433ccf0f077294f473fe728b9995)
2005-04-25 12:26:53 +04:00
const DATA_BLOB input, DATA_BLOB *out)
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
NTSTATUS status;
uint32_t ntlmssp_command;
int i;
*out = data_blob(NULL, 0);
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (gensec_ntlmssp_state->expected_state == NTLMSSP_DONE) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return NT_STATUS_OK;
}
if (!out_mem_ctx) {
/* if the caller doesn't want to manage/own the memory,
we can put it on our context */
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
out_mem_ctx = gensec_ntlmssp_state;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (!input.length) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
switch (gensec_ntlmssp_state->role) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
case NTLMSSP_CLIENT:
ntlmssp_command = NTLMSSP_INITIAL;
break;
case NTLMSSP_SERVER:
/* 'datagram' mode - no neg packet */
ntlmssp_command = NTLMSSP_NEGOTIATE;
break;
}
} else {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (!msrpc_parse(gensec_ntlmssp_state,
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
&input, "Cd",
"NTLMSSP",
&ntlmssp_command)) {
DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n"));
dump_data(2, input.data, input.length);
return NT_STATUS_INVALID_PARAMETER;
}
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (ntlmssp_command != gensec_ntlmssp_state->expected_state) {
r7536: doesn't spam the smbd_log in the build_farm... metze (This used to be commit 9f4ed54c58a1d029b171ad199dd4a7ccf1f96f64)
2005-06-13 18:39:39 +04:00
DEBUG(2, ("got NTLMSSP command %u, expected %u\n", ntlmssp_command, gensec_ntlmssp_state->expected_state));
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return NT_STATUS_INVALID_PARAMETER;
}
for (i=0; i < ARRAY_SIZE(ntlmssp_callbacks); i++) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (ntlmssp_callbacks[i].role == gensec_ntlmssp_state->role
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
&& ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) {
r6460: Push the client credentials into NTLMSSP, allowing logins of the form user@REALM for the first time. Fix the build for smbencrypt.c Andrew Bartlett (This used to be commit 5a6a57cd93e22e612bfbb8a8f7bc29269a9a3ac6)
2005-04-25 10:33:20 +04:00
status = ntlmssp_callbacks[i].fn(gensec_security, out_mem_ctx, input, out);
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
break;
}
}
if (i == ARRAY_SIZE(ntlmssp_callbacks)) {
DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n",
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->role, ntlmssp_command));
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return NT_STATUS_INVALID_PARAMETER;
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (!NT_STATUS_IS_OK(status)) {
/* error or more processing required */
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return status;
}
gensec_ntlmssp_state->have_features = 0;
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SIGN;
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SEAL;
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (gensec_ntlmssp_state->session_key.data) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SESSION_KEY;
}
r6705: let the gensec module decide if messages can be signed and sealed in a different order than a strict request - reply sequence Note: we should also fix the client code... metze (This used to be commit 0a61d1f65150546f7a7582512ca010d156f963bf)
2005-05-10 15:04:04 +04:00
/* only NTLMv2 can handle async replies */
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_ASYNC_REPLIES;
}
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return status;
}
/**
* Return the NTLMSSP master session key
*
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
* @param gensec_ntlmssp_state NTLMSSP State
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
*/
NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (!gensec_ntlmssp_state->session_key.data) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return NT_STATUS_NO_USER_SESSION_KEY;
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
*session_key = gensec_ntlmssp_state->session_key;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
return NT_STATUS_OK;
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
uint32_t neg_flags, BOOL allow_lm)
{
if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
gensec_ntlmssp_state->unicode = True;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
} else {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE;
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
gensec_ntlmssp_state->unicode = False;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm && !gensec_ntlmssp_state->use_ntlmv2) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
/* other end forcing us to use LM */
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
} else {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
if (neg_flags & NTLMSSP_NEGOTIATE_56) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
}
/**
Weaken NTLMSSP keys to cope with down-level clients and servers.
We probably should have some parameters to control this, but as
it only occours for LM_KEY connections, and this is controlled
by the client lanman auth/lanman auth parameters, it isn't too bad.
*/
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
void ntlmssp_weaken_keys(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
{
/* Key weakening not performed on the master key for NTLM2
and does not occour for NTLM1. Therefore we only need
to do this for the LM_KEY.
*/
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
} else if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
gensec_ntlmssp_state->session_key.data[7] = 0xa0;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
} else { /* forty bits */
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->session_key.data[5] = 0xe5;
gensec_ntlmssp_state->session_key.data[6] = 0x38;
gensec_ntlmssp_state->session_key.data[7] = 0xb0;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
r6464: Remove the last of the Samba3 NTLMSSP API. This removes the rudundent struct ntlmssp_state, and pushes all the member elements into struct gensec_ntlmssp_state. This also removes the 2-layer start function, caused by the previous double abstraction layer. Andrew Bartlett (This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
2005-04-25 14:33:00 +04:00
gensec_ntlmssp_state->session_key.length = 8;
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
}
}
static BOOL gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
if (gensec_ntlmssp_state->have_features & feature) {
return True;
}
return False;
}
NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state;
r6465: Use talloc_zero for the gensec_ntlmssp_state structure, as the history of this code has too many pre-zeroed structure assumptions. Remove unused 'stub' functions Andrew Bartlett (This used to be commit 78dc57c65513ba4c271308d84fc2a2a533f76061)
2005-04-25 14:58:46 +04:00
gensec_ntlmssp_state = talloc_zero(gensec_security, struct gensec_ntlmssp_state);
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
if (!gensec_ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
}
gensec_ntlmssp_state->auth_context = NULL;
gensec_ntlmssp_state->server_info = NULL;
gensec_ntlmssp_state->have_features = 0;
gensec_security->private_data = gensec_ntlmssp_state;
return NT_STATUS_OK;
}
r6800: A big GENSEC update: Finally remove the distinction between 'krb5' and 'ms_krb5'. We now don't do kerberos stuff twice on failure. The solution to this is slightly more general than perhaps was really required (as this is a special case), but it works, and I'm happy with the cleanup I achived in the process. All modules have been updated to supply a NULL-terminated list of OIDs. In that process, SPNEGO code has been generalised, as I realised that two of the functions should have been identical in behaviour. Over in the actual modules, I have worked to remove the 'kinit' code from gensec_krb5, and placed it in kerberos/kerberos_util.c. The GSSAPI module has been extended to use this, so no longer requires a manual kinit at the command line. It will soon loose the requirement for a on-disk keytab too. The general kerberos code has also been updated to move from error_message() to our routine which gets the Heimdal error string (which may be much more useful) when available. Andrew Bartlett (This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
2005-05-16 03:42:11 +04:00
static const char *gensec_ntlmssp_oids[] = {
GENSEC_OID_NTLMSSP,
NULL
};
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
static const struct gensec_security_ops gensec_ntlmssp_security_ops = {
.name = "ntlmssp",
.sasl_name = "NTLM",
.auth_type = DCERPC_AUTH_TYPE_NTLMSSP,
r6800: A big GENSEC update: Finally remove the distinction between 'krb5' and 'ms_krb5'. We now don't do kerberos stuff twice on failure. The solution to this is slightly more general than perhaps was really required (as this is a special case), but it works, and I'm happy with the cleanup I achived in the process. All modules have been updated to supply a NULL-terminated list of OIDs. In that process, SPNEGO code has been generalised, as I realised that two of the functions should have been identical in behaviour. Over in the actual modules, I have worked to remove the 'kinit' code from gensec_krb5, and placed it in kerberos/kerberos_util.c. The GSSAPI module has been extended to use this, so no longer requires a manual kinit at the command line. It will soon loose the requirement for a on-disk keytab too. The general kerberos code has also been updated to move from error_message() to our routine which gets the Heimdal error string (which may be much more useful) when available. Andrew Bartlett (This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
2005-05-16 03:42:11 +04:00
.oid = gensec_ntlmssp_oids,
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
.client_start = gensec_ntlmssp_client_start,
.server_start = gensec_ntlmssp_server_start,
r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab support in Heimdal. This removes the 'ext_keytab' step from my Samba4/WinXP client howto. In doing this work, I realised that the replay cache in Heimdal is currently a no-op, so I have removed the calls to it, and therefore the mutex calls from passdb/secrets.c. This patch also includes a replacement 'magic' mechanism detection, that does not issue extra error messages from deep inside the GSSAPI code. Andrew Bartlett (This used to be commit c19d5706f4fa760415b727b970bc99e7f1abd064)
2005-06-22 06:12:26 +04:00
.magic = gensec_ntlmssp_magic,
r6458: Split up NTLMSSP into a new directory, and into seperate files for the client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2005-04-25 09:03:50 +04:00
.update = gensec_ntlmssp_update,
.sig_size = gensec_ntlmssp_sig_size,
.sign_packet = gensec_ntlmssp_sign_packet,
.check_packet = gensec_ntlmssp_check_packet,
.seal_packet = gensec_ntlmssp_seal_packet,
.unseal_packet = gensec_ntlmssp_unseal_packet,
.wrap = gensec_ntlmssp_wrap,
.unwrap = gensec_ntlmssp_unwrap,
.session_key = gensec_ntlmssp_session_key,
.session_info = gensec_ntlmssp_session_info,
.have_feature = gensec_ntlmssp_have_feature,
.enabled = True
};
NTSTATUS gensec_ntlmssp_init(void)
{
NTSTATUS ret;
ret = gensec_register(&gensec_ntlmssp_security_ops);
if (!NT_STATUS_IS_OK(ret)) {
DEBUG(0,("Failed to register '%s' gensec backend!\n",
gensec_ntlmssp_security_ops.name));
return ret;
}
return ret;
}
Copy Permalink