4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libcli/auth/ntlmssp.h"
23 #include "ntlmssp_wrap.h"
24 #include "auth/gensec/gensec.h"
26 NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
27 TALLOC_CTX *sig_mem_ctx,
30 const uint8_t *whole_pdu,
34 if (ans->gensec_security) {
35 return gensec_sign_packet(ans->gensec_security,
36 sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
38 return ntlmssp_sign_packet(ans->ntlmssp_state,
41 whole_pdu, pdu_length,
45 NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
48 const uint8_t *whole_pdu,
52 if (ans->gensec_security) {
53 return gensec_check_packet(ans->gensec_security,
54 data, length, whole_pdu, pdu_length, sig);
56 return ntlmssp_check_packet(ans->ntlmssp_state,
58 whole_pdu, pdu_length,
62 NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
63 TALLOC_CTX *sig_mem_ctx,
66 const uint8_t *whole_pdu,
70 if (ans->gensec_security) {
71 return gensec_seal_packet(ans->gensec_security,
72 sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
74 return ntlmssp_seal_packet(ans->ntlmssp_state,
77 whole_pdu, pdu_length,
81 NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
84 const uint8_t *whole_pdu,
88 if (ans->gensec_security) {
89 return gensec_unseal_packet(ans->gensec_security,
90 data, length, whole_pdu, pdu_length, sig);
92 return ntlmssp_unseal_packet(ans->ntlmssp_state,
94 whole_pdu, pdu_length,
98 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
100 if (ans->gensec_security) {
101 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
103 return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
106 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
108 if (ans->gensec_security) {
109 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
111 return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
114 /* Needed for 'smb username' processing */
115 const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
117 if (ans->gensec_security) {
118 return ""; /* We can't get at this value, and it's just for the %U macros */
120 return ans->ntlmssp_state->user;
123 const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans)
125 return ans->ntlmssp_state->nt_hash;
128 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
131 return ntlmssp_set_username(ans->ntlmssp_state, user);
134 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
137 return ntlmssp_set_domain(ans->ntlmssp_state, domain);
140 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
141 const char *password)
143 return ntlmssp_set_password(ans->ntlmssp_state, password);
146 void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
148 ans->ntlmssp_state->neg_flags &= flags;
151 void auth_ntlmssp_or_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
153 ans->ntlmssp_state->neg_flags |= flags;
156 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
158 if (ans->gensec_security) {
159 /* You need to negotiate signing to get a windows server to calculate a session key */
160 if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
161 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SESSION_KEY);
163 if (feature & NTLMSSP_FEATURE_SIGN) {
164 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
166 if (feature & NTLMSSP_FEATURE_SEAL) {
167 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
170 ntlmssp_want_feature(ans->ntlmssp_state, feature);
174 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx)
176 if (ans->gensec_security) {
177 DATA_BLOB session_key;
178 NTSTATUS status = gensec_session_key(ans->gensec_security, mem_ctx, &session_key);
179 if (NT_STATUS_IS_OK(status)) {
182 return data_blob_null;
185 return data_blob_talloc(mem_ctx, ans->ntlmssp_state->session_key.data, ans->ntlmssp_state->session_key.length);
188 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
189 const DATA_BLOB request, DATA_BLOB *reply)
191 if (ans->gensec_security) {
192 return gensec_update(ans->gensec_security, ans, request, reply);
194 return ntlmssp_update(ans->ntlmssp_state, request, reply);
197 NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
198 const char *netbios_name,
199 const char *netbios_domain,
201 struct auth_ntlmssp_state **_ans)
203 struct auth_ntlmssp_state *ans;
206 ans = talloc_zero(mem_ctx, struct auth_ntlmssp_state);
208 status = ntlmssp_client_start(ans,
209 netbios_name, netbios_domain,
210 use_ntlmv2, &ans->ntlmssp_state);
211 if (!NT_STATUS_IS_OK(status)) {