4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libcli/auth/ntlmssp.h"
23 #include "ntlmssp_wrap.h"
24 #include "auth/gensec/gensec.h"
26 NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
27 TALLOC_CTX *sig_mem_ctx,
30 const uint8_t *whole_pdu,
34 if (ans->gensec_security) {
35 return gensec_sign_packet(ans->gensec_security,
36 sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
38 return ntlmssp_sign_packet(ans->ntlmssp_state,
41 whole_pdu, pdu_length,
45 NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
48 const uint8_t *whole_pdu,
52 if (ans->gensec_security) {
53 return gensec_check_packet(ans->gensec_security,
54 data, length, whole_pdu, pdu_length, sig);
56 return ntlmssp_check_packet(ans->ntlmssp_state,
58 whole_pdu, pdu_length,
62 NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
63 TALLOC_CTX *sig_mem_ctx,
66 const uint8_t *whole_pdu,
70 if (ans->gensec_security) {
71 return gensec_seal_packet(ans->gensec_security,
72 sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
74 return ntlmssp_seal_packet(ans->ntlmssp_state,
77 whole_pdu, pdu_length,
81 NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
84 const uint8_t *whole_pdu,
88 if (ans->gensec_security) {
89 return gensec_unseal_packet(ans->gensec_security,
90 data, length, whole_pdu, pdu_length, sig);
92 return ntlmssp_unseal_packet(ans->ntlmssp_state,
94 whole_pdu, pdu_length,
98 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
100 if (ans->gensec_security) {
101 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
103 return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
106 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
108 if (ans->gensec_security) {
109 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
111 return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
114 /* Needed for 'smb username' processing */
115 const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
117 if (ans->gensec_security) {
118 return ""; /* We can't get at this value, and it's just for the %U macros */
120 return ans->ntlmssp_state->user;
123 const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans)
125 return ans->ntlmssp_state->nt_hash;
128 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
131 return ntlmssp_set_username(ans->ntlmssp_state, user);
134 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
137 return ntlmssp_set_domain(ans->ntlmssp_state, domain);
140 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
141 const char *password)
143 return ntlmssp_set_password(ans->ntlmssp_state, password);
146 void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
148 ans->ntlmssp_state->neg_flags &= flags;
151 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
153 if (ans->gensec_security) {
154 /* You need to negotiate signing to get a windows server to calculate a session key */
155 if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
156 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SESSION_KEY);
158 if (feature & NTLMSSP_FEATURE_SIGN) {
159 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
161 if (feature & NTLMSSP_FEATURE_SEAL) {
162 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
165 ntlmssp_want_feature(ans->ntlmssp_state, feature);
169 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx)
171 if (ans->gensec_security) {
172 DATA_BLOB session_key;
173 NTSTATUS status = gensec_session_key(ans->gensec_security, mem_ctx, &session_key);
174 if (NT_STATUS_IS_OK(status)) {
177 return data_blob_null;
180 return data_blob_talloc(mem_ctx, ans->ntlmssp_state->session_key.data, ans->ntlmssp_state->session_key.length);
183 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
185 const DATA_BLOB request, DATA_BLOB *reply)
188 if (ans->gensec_security) {
189 return gensec_update(ans->gensec_security, mem_ctx, request, reply);
191 status = ntlmssp_update(ans->ntlmssp_state, request, reply);
192 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
195 talloc_steal(mem_ctx, reply->data);
199 NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
200 const char *netbios_name,
201 const char *netbios_domain,
203 struct auth_ntlmssp_state **_ans)
205 struct auth_ntlmssp_state *ans;
208 ans = talloc_zero(mem_ctx, struct auth_ntlmssp_state);
210 status = ntlmssp_client_start(ans,
211 netbios_name, netbios_domain,
212 use_ntlmv2, &ans->ntlmssp_state);
213 if (!NT_STATUS_IS_OK(status)) {