This needs a small re-arrangement of the supporting code.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
--- /dev/null
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0
+ handle NLTMSSP, server side
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2003
+ Copyright (C) Andrew Bartlett 2005 (Updated from gensec).
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/auth/ntlmssp.h"
+#include "../libcli/auth/ntlmssp_private.h"
+
+/**
+ * Print out the NTLMSSP flags for debugging
+ * @param neg_flags The flags from the packet
+ */
+void debug_ntlmssp_flags(uint32_t neg_flags)
+{
+ DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
+
+ if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
+ if (neg_flags & NTLMSSP_REQUEST_TARGET)
+ DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
+ if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
+ DEBUGADD(4, (" NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_VERSION)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_VERSION\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_128)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_56)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n"));
+}
union ntlmssp_crypt_state *crypt;
};
+
+/* The following definitions come from libcli/auth/ntlmssp_sign.c */
+
+NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *sig_mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig) ;
+NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
+ TALLOC_CTX *sig_mem_ctx,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
+NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig);
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
--- /dev/null
+/*
+ * Unix SMB/CIFS implementation.
+ * Version 3.0
+ * NTLMSSP Signing routines
+ * Copyright (C) Andrew Bartlett 2003-2005
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* For structures internal to the NTLMSSP implementation that should not be exposed */
+
+/* The following definitions come from libcli/auth/ntlmssp.c */
+
+void debug_ntlmssp_flags(uint32_t neg_flags);
#include "../lib/crypto/arcfour.h"
#include "../lib/crypto/hmacmd5.h"
#include "../lib/crypto/crc32.h"
+#include "../libcli/auth/ntlmssp_private.h"
#define CLI_SIGN "session key to client-to-server signing key magic constant"
#define CLI_SEAL "session key to client-to-server sealing key magic constant"
LIBSMB_OBJ0 = \
../libcli/auth/ntlm_check.o \
libsmb/ntlmssp.o \
- libsmb/ntlmssp_sign.o \
+ ../libcli/auth/ntlmssp.o \
+ ../libcli/auth/ntlmssp_sign.o \
$(LIBNDR_NTLMSSP_OBJ) \
../libcli/auth/ntlmssp_ndr.o
/* The following definitions come from libsmb/ntlmssp.c */
-void debug_ntlmssp_flags(uint32 neg_flags);
NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
const uint8_t lm_hash[16],
bool use_ntlmv2,
struct ntlmssp_state **_ntlmssp_state);
-/* The following definitions come from libsmb/ntlmssp_sign.c */
-
-NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
- const uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig) ;
-NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
- TALLOC_CTX *sig_mem_ctx,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
-NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
- uint8_t *data, size_t length,
- const uint8_t *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig);
-NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
-
/* The following definitions come from libsmb/passchange.c */
NTSTATUS remote_password_change(const char *remote_machine, const char *user_name,
#include "includes.h"
#include "../libcli/auth/ntlmssp.h"
+#include "../libcli/auth/ntlmssp_private.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_ntlmssp.h"
#include "../libcli/auth/ntlmssp_ndr.h"
};
-/**
- * Print out the NTLMSSP flags for debugging
- * @param neg_flags The flags from the packet
- */
-
-void debug_ntlmssp_flags(uint32_t neg_flags)
-{
- DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
-
- if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
- if (neg_flags & NTLMSSP_REQUEST_TARGET)
- DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
- if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
- DEBUGADD(4, (" NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_VERSION)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_VERSION\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_128)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_56)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n"));
-}
-
/**
* Default challenge generation code.
*