2 Unix SMB/CIFS implementation.
4 server side dcerpc authentication code - NTLMSSP auth/crypto code
6 Copyright (C) Andrew Tridgell 2004
7 Copyright (C) Stefan (metze) Metzmacher 2004
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 this provides the NTLMSSP backend for server side rpc
34 static NTSTATUS dcesrv_crypto_ntlmssp_start(struct dcesrv_auth *auth, DATA_BLOB *auth_blob)
36 struct auth_ntlmssp_state *ntlmssp = NULL;
39 /* TODO: we should parse the auth_blob and remember the client
40 hostname and target domain, then check against the auth3
43 status = auth_ntlmssp_start(&ntlmssp);
45 auth->crypto_ctx.private_data = ntlmssp;
53 static NTSTATUS dcesrv_crypto_ntlmssp_update(struct dcesrv_auth *auth, TALLOC_CTX *out_mem_ctx,
54 const DATA_BLOB in, DATA_BLOB *out)
56 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
58 return auth_ntlmssp_update(auth_ntlmssp_state, out_mem_ctx, in, out);
62 get auth_session_info state
64 static NTSTATUS dcesrv_crypto_ntlmssp_session_info(struct dcesrv_auth *auth, struct auth_session_info **session_info)
66 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
68 return auth_ntlmssp_get_session_info(auth_ntlmssp_state, session_info);
74 static NTSTATUS dcesrv_crypto_ntlmssp_seal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
75 uint8_t *data, size_t length, DATA_BLOB *sig)
77 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
79 return ntlmssp_seal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig);
85 static NTSTATUS dcesrv_crypto_ntlmssp_sign(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
86 const uint8_t *data, size_t length, DATA_BLOB *sig)
88 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
90 return ntlmssp_sign_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig);
94 check a packet signature
96 static NTSTATUS dcesrv_crypto_ntlmssp_check_sig(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
97 const uint8_t *data, size_t length, const DATA_BLOB *sig)
99 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
101 return ntlmssp_check_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig);
107 static NTSTATUS dcesrv_crypto_ntlmssp_unseal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
108 uint8_t *data, size_t length, DATA_BLOB *sig)
110 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
112 return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig);
118 static void dcesrv_crypto_ntlmssp_end(struct dcesrv_auth *auth)
120 struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
122 auth->crypto_ctx.private_data = NULL;
124 auth_ntlmssp_end(&auth_ntlmssp_state);
129 static const struct dcesrv_crypto_ops dcesrv_crypto_ntlmssp_ops = {
131 .auth_type = DCERPC_AUTH_TYPE_NTLMSSP,
132 .start = dcesrv_crypto_ntlmssp_start,
133 .update = dcesrv_crypto_ntlmssp_update,
134 .session_info = dcesrv_crypto_ntlmssp_session_info,
135 .seal = dcesrv_crypto_ntlmssp_seal,
136 .sign = dcesrv_crypto_ntlmssp_sign,
137 .check_sig = dcesrv_crypto_ntlmssp_check_sig,
138 .unseal = dcesrv_crypto_ntlmssp_unseal,
139 .end = dcesrv_crypto_ntlmssp_end
143 startup the cryptographic side of an authenticated dcerpc server
145 const struct dcesrv_crypto_ops *dcesrv_crypto_ntlmssp_get_ops(void)
147 return &dcesrv_crypto_ntlmssp_ops;