NTLMSSP_NEGOTIATE = 1,
NTLMSSP_CHALLENGE = 2,
NTLMSSP_AUTH = 3,
- NTLMSSP_UNKNOWN = 4
+ NTLMSSP_UNKNOWN = 4,
+ NTLMSSP_DONE = 5 /* samba final state */
};
/* NTLMSSP negotiation flags */
#define NTLMSSP_CHAL_TARGET_INFO 0x00800000
#define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
-#define NTLMSSP_NEGOTIATE_080000000 0x80000000
+#define NTLMSSP_NEGOTIATE_56 0x80000000
#define NTLMSSP_NAME_TYPE_SERVER 0x01
#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
#define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x04
+#define NTLMSSP_SIG_SIZE 16
+
typedef struct ntlmssp_state
{
TALLOC_CTX *mem_ctx;
*
* @param ntlmssp_state This structure
* @param challenge 8 bytes of data, agreed by the client and server to be the effective challenge for NTLM2 authentication
- * @param challange 8 bytes of data, agreed by the client and server to be the effective challenge for NTLM2 authentication
*
*/
NTSTATUS (*set_challenge)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge);
const char *(*get_global_myname)(void);
const char *(*get_domain)(void);
- /* SMB Signing */
-
- uint32 ntlmssp_seq_num;
-
/* ntlmv2 */
- unsigned char send_sign_const[16];
- unsigned char send_seal_const[16];
- unsigned char recv_sign_const[16];
- unsigned char recv_seal_const[16];
- unsigned char send_sign_hash[258];
- unsigned char send_seal_hash[258];
- unsigned char recv_sign_hash[258];
- unsigned char recv_seal_hash[258];
+ unsigned char send_sign_key[16];
+ unsigned char send_seal_key[16];
+ unsigned char recv_sign_key[16];
+ unsigned char recv_seal_key[16];
+
+ unsigned char send_seal_arc4_state[258];
+ unsigned char recv_seal_arc4_state[258];
+
+ uint32 ntlm2_send_seq_num;
+ uint32 ntlm2_recv_seq_num;
/* ntlmv1 */
- unsigned char ntlmssp_hash[258];
+ unsigned char ntlmv1_arc4_state[258];
+ uint32 ntlmv1_seq_num;
/* it turns out that we don't always get the
response in at the time we want to process it.
DATA_BLOB stored_response;
} NTLMSSP_STATE;
-