2010-07-19 13:36:33 -04:00
/*
NLTMSSP wrappers
Copyright ( C ) Andrew Tridgell 2001
2011-10-18 08:42:25 +11:00
Copyright ( C ) Andrew Bartlett 2001 - 2003 , 2011
2010-07-19 13:36:33 -04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2011-07-25 16:04:38 +10:00
# include "auth/ntlmssp/ntlmssp.h"
2010-07-19 13:36:33 -04:00
# include "ntlmssp_wrap.h"
2011-07-27 13:34:34 +10:00
# include "auth/gensec/gensec.h"
2010-07-19 13:36:33 -04:00
NTSTATUS auth_ntlmssp_sign_packet ( struct auth_ntlmssp_state * ans ,
TALLOC_CTX * sig_mem_ctx ,
const uint8_t * data ,
size_t length ,
const uint8_t * whole_pdu ,
size_t pdu_length ,
DATA_BLOB * sig )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
return gensec_sign_packet ( ans - > gensec_security ,
sig_mem_ctx , data , length , whole_pdu , pdu_length , sig ) ;
}
2010-07-19 13:36:33 -04:00
return ntlmssp_sign_packet ( ans - > ntlmssp_state ,
sig_mem_ctx ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
}
NTSTATUS auth_ntlmssp_check_packet ( struct auth_ntlmssp_state * ans ,
const uint8_t * data ,
size_t length ,
const uint8_t * whole_pdu ,
size_t pdu_length ,
const DATA_BLOB * sig )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
return gensec_check_packet ( ans - > gensec_security ,
data , length , whole_pdu , pdu_length , sig ) ;
}
2010-07-19 13:36:33 -04:00
return ntlmssp_check_packet ( ans - > ntlmssp_state ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
}
NTSTATUS auth_ntlmssp_seal_packet ( struct auth_ntlmssp_state * ans ,
TALLOC_CTX * sig_mem_ctx ,
uint8_t * data ,
size_t length ,
const uint8_t * whole_pdu ,
size_t pdu_length ,
DATA_BLOB * sig )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
return gensec_seal_packet ( ans - > gensec_security ,
sig_mem_ctx , data , length , whole_pdu , pdu_length , sig ) ;
}
2010-07-19 13:36:33 -04:00
return ntlmssp_seal_packet ( ans - > ntlmssp_state ,
sig_mem_ctx ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
}
NTSTATUS auth_ntlmssp_unseal_packet ( struct auth_ntlmssp_state * ans ,
uint8_t * data ,
size_t length ,
const uint8_t * whole_pdu ,
size_t pdu_length ,
const DATA_BLOB * sig )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
return gensec_unseal_packet ( ans - > gensec_security ,
data , length , whole_pdu , pdu_length , sig ) ;
}
2010-07-19 13:36:33 -04:00
return ntlmssp_unseal_packet ( ans - > ntlmssp_state ,
data , length ,
whole_pdu , pdu_length ,
sig ) ;
}
bool auth_ntlmssp_negotiated_sign ( struct auth_ntlmssp_state * ans )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
return gensec_have_feature ( ans - > gensec_security , GENSEC_FEATURE_SIGN ) ;
}
2010-07-19 13:36:33 -04:00
return ans - > ntlmssp_state - > neg_flags & NTLMSSP_NEGOTIATE_SIGN ;
}
bool auth_ntlmssp_negotiated_seal ( struct auth_ntlmssp_state * ans )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
return gensec_have_feature ( ans - > gensec_security , GENSEC_FEATURE_SEAL ) ;
}
2010-07-19 13:36:33 -04:00
return ans - > ntlmssp_state - > neg_flags & NTLMSSP_NEGOTIATE_SEAL ;
}
2010-07-19 13:39:01 -04:00
NTSTATUS auth_ntlmssp_set_username ( struct auth_ntlmssp_state * ans ,
const char * user )
{
return ntlmssp_set_username ( ans - > ntlmssp_state , user ) ;
}
NTSTATUS auth_ntlmssp_set_domain ( struct auth_ntlmssp_state * ans ,
const char * domain )
{
return ntlmssp_set_domain ( ans - > ntlmssp_state , domain ) ;
}
NTSTATUS auth_ntlmssp_set_password ( struct auth_ntlmssp_state * ans ,
const char * password )
{
return ntlmssp_set_password ( ans - > ntlmssp_state , password ) ;
}
2011-07-21 19:13:59 +10:00
void auth_ntlmssp_want_feature ( struct auth_ntlmssp_state * ans , uint32_t feature )
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
if ( feature & NTLMSSP_FEATURE_SESSION_KEY ) {
2011-08-04 08:38:21 +10:00
gensec_want_feature ( ans - > gensec_security , GENSEC_FEATURE_SESSION_KEY ) ;
2011-07-27 13:34:34 +10:00
}
if ( feature & NTLMSSP_FEATURE_SIGN ) {
2011-08-04 08:38:21 +10:00
gensec_want_feature ( ans - > gensec_security , GENSEC_FEATURE_SIGN ) ;
2011-07-27 13:34:34 +10:00
}
if ( feature & NTLMSSP_FEATURE_SEAL ) {
2011-08-04 08:38:21 +10:00
gensec_want_feature ( ans - > gensec_security , GENSEC_FEATURE_SEAL ) ;
2011-07-27 13:34:34 +10:00
}
} else {
ntlmssp_want_feature ( ans - > ntlmssp_state , feature ) ;
}
2011-07-21 19:13:59 +10:00
}
2011-08-02 10:24:28 +10:00
DATA_BLOB auth_ntlmssp_get_session_key ( struct auth_ntlmssp_state * ans , TALLOC_CTX * mem_ctx )
2010-07-19 13:39:01 -04:00
{
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
DATA_BLOB session_key ;
NTSTATUS status = gensec_session_key ( ans - > gensec_security , mem_ctx , & session_key ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
return session_key ;
} else {
return data_blob_null ;
}
}
2011-08-02 10:24:28 +10:00
return data_blob_talloc ( mem_ctx , ans - > ntlmssp_state - > session_key . data , ans - > ntlmssp_state - > session_key . length ) ;
2010-07-19 13:39:01 -04:00
}
2010-07-19 13:36:33 -04:00
NTSTATUS auth_ntlmssp_update ( struct auth_ntlmssp_state * ans ,
2011-07-26 17:20:35 +10:00
TALLOC_CTX * mem_ctx ,
2010-07-19 13:36:33 -04:00
const DATA_BLOB request , DATA_BLOB * reply )
{
2011-07-26 17:20:35 +10:00
NTSTATUS status ;
2011-07-27 13:34:34 +10:00
if ( ans - > gensec_security ) {
2011-10-17 09:22:33 +02:00
return gensec_update ( ans - > gensec_security , mem_ctx , NULL , request , reply ) ;
2011-07-26 17:20:35 +10:00
}
status = ntlmssp_update ( ans - > ntlmssp_state , request , reply ) ;
if ( ! NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_EQUAL ( status , NT_STATUS_MORE_PROCESSING_REQUIRED ) ) {
return status ;
2011-07-27 13:34:34 +10:00
}
2011-07-26 17:20:35 +10:00
talloc_steal ( mem_ctx , reply - > data ) ;
return status ;
2010-07-19 13:36:33 -04:00
}
2011-10-17 20:19:11 +11:00
NTSTATUS auth_ntlmssp_client_prepare ( TALLOC_CTX * mem_ctx ,
2010-07-19 13:39:01 -04:00
struct auth_ntlmssp_state * * _ans )
{
struct auth_ntlmssp_state * ans ;
NTSTATUS status ;
ans = talloc_zero ( mem_ctx , struct auth_ntlmssp_state ) ;
status = ntlmssp_client_start ( ans ,
2011-10-17 20:19:11 +11:00
lp_netbios_name ( ) , lp_workgroup ( ) ,
lp_client_ntlmv2_auth ( ) , & ans - > ntlmssp_state ) ;
2010-07-19 13:39:01 -04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
* _ans = ans ;
return NT_STATUS_OK ;
}
2011-10-17 20:19:11 +11:00
NTSTATUS auth_ntlmssp_client_start ( struct auth_ntlmssp_state * ans )
{
NTSTATUS status ;
return NT_STATUS_OK ;
}
