source3/libsmb/ntlmssp_wrap.c

   1 /*
   2    NLTMSSP wrappers
   3
   4    Copyright (C) Andrew Tridgell      2001
   5    Copyright (C) Andrew Bartlett 2001-2003
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "libcli/auth/ntlmssp.h"
  23 #include "ntlmssp_wrap.h"
  24 #include "auth/gensec/gensec.h"
  25
  26 NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
  27                                   TALLOC_CTX *sig_mem_ctx,
  28                                   const uint8_t *data,
  29                                   size_t length,
  30                                   const uint8_t *whole_pdu,
  31                                   size_t pdu_length,
  32                                   DATA_BLOB *sig)
  33 {
  34         if (ans->gensec_security) {
  35                 return gensec_sign_packet(ans->gensec_security,
  36                                           sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
  37         }
  38         return ntlmssp_sign_packet(ans->ntlmssp_state,
  39                                    sig_mem_ctx,
  40                                    data, length,
  41                                    whole_pdu, pdu_length,
  42                                    sig);
  43 }
  44
  45 NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
  46                                    const uint8_t *data,
  47                                    size_t length,
  48                                    const uint8_t *whole_pdu,
  49                                    size_t pdu_length,
  50                                    const DATA_BLOB *sig)
  51 {
  52         if (ans->gensec_security) {
  53                 return gensec_check_packet(ans->gensec_security,
  54                                            data, length, whole_pdu, pdu_length, sig);
  55         }
  56         return ntlmssp_check_packet(ans->ntlmssp_state,
  57                                     data, length,
  58                                     whole_pdu, pdu_length,
  59                                     sig);
  60 }
  61
  62 NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
  63                                   TALLOC_CTX *sig_mem_ctx,
  64                                   uint8_t *data,
  65                                   size_t length,
  66                                   const uint8_t *whole_pdu,
  67                                   size_t pdu_length,
  68                                   DATA_BLOB *sig)
  69 {
  70         if (ans->gensec_security) {
  71                 return gensec_seal_packet(ans->gensec_security,
  72                                           sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
  73         }
  74         return ntlmssp_seal_packet(ans->ntlmssp_state,
  75                                    sig_mem_ctx,
  76                                    data, length,
  77                                    whole_pdu, pdu_length,
  78                                    sig);
  79 }
  80
  81 NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
  82                                     uint8_t *data,
  83                                     size_t length,
  84                                     const uint8_t *whole_pdu,
  85                                     size_t pdu_length,
  86                                     const DATA_BLOB *sig)
  87 {
  88         if (ans->gensec_security) {
  89                 return gensec_unseal_packet(ans->gensec_security,
  90                                             data, length, whole_pdu, pdu_length, sig);
  91         }
  92         return ntlmssp_unseal_packet(ans->ntlmssp_state,
  93                                      data, length,
  94                                      whole_pdu, pdu_length,
  95                                      sig);
  96 }
  97
  98 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
  99 {
 100         if (ans->gensec_security) {
 101                 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
 102         }
 103         return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
 104 }
 105
 106 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
 107 {
 108         if (ans->gensec_security) {
 109                 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
 110         }
 111         return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
 112 }
 113
 114 /* Needed for 'smb username' processing */
 115 const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
 116 {
 117         if (ans->gensec_security) {
 118                 return ""; /* We can't get at this value, and it's just for the %U macros */
 119         }
 120         return ans->ntlmssp_state->user;
 121 }
 122
 123 const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans)
 124 {
 125         return ans->ntlmssp_state->nt_hash;
 126 }
 127
 128 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
 129                                    const char *user)
 130 {
 131         return ntlmssp_set_username(ans->ntlmssp_state, user);
 132 }
 133
 134 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
 135                                  const char *domain)
 136 {
 137         return ntlmssp_set_domain(ans->ntlmssp_state, domain);
 138 }
 139
 140 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
 141                                    const char *password)
 142 {
 143         return ntlmssp_set_password(ans->ntlmssp_state, password);
 144 }
 145
 146 void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
 147 {
 148         ans->ntlmssp_state->neg_flags &= flags;
 149 }
 150
 151 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
 152 {
 153         if (ans->gensec_security) {
 154                 /* You need to negotiate signing to get a windows server to calculate a session key */
 155                 if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
 156                         return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SESSION_KEY);
 157                 }
 158                 if (feature & NTLMSSP_FEATURE_SIGN) {
 159                         return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
 160                 }
 161                 if (feature & NTLMSSP_FEATURE_SEAL) {
 162                         return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
 163                 }
 164         } else {
 165                 ntlmssp_want_feature(ans->ntlmssp_state, feature);
 166         }
 167 }
 168
 169 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx)
 170 {
 171         if (ans->gensec_security) {
 172                 DATA_BLOB session_key;
 173                 NTSTATUS status = gensec_session_key(ans->gensec_security, mem_ctx, &session_key);
 174                 if (NT_STATUS_IS_OK(status)) {
 175                         return session_key;
 176                 } else {
 177                         return data_blob_null;
 178                 }
 179         }
 180         return data_blob_talloc(mem_ctx, ans->ntlmssp_state->session_key.data, ans->ntlmssp_state->session_key.length);
 181 }
 182
 183 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
 184                              TALLOC_CTX *mem_ctx,
 185                              const DATA_BLOB request, DATA_BLOB *reply)
 186 {
 187         NTSTATUS status;
 188         if (ans->gensec_security) {
 189                 return gensec_update(ans->gensec_security, mem_ctx, request, reply);
 190         }
 191         status = ntlmssp_update(ans->ntlmssp_state, request, reply);
 192         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 193                 return status;
 194         }
 195         talloc_steal(mem_ctx, reply->data);
 196         return status;
 197 }
 198
 199 NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
 200                                    const char *netbios_name,
 201                                    const char *netbios_domain,
 202                                    bool use_ntlmv2,
 203                                    struct auth_ntlmssp_state **_ans)
 204 {
 205         struct auth_ntlmssp_state *ans;
 206         NTSTATUS status;
 207
 208         ans = talloc_zero(mem_ctx, struct auth_ntlmssp_state);
 209
 210         status = ntlmssp_client_start(ans,
 211                                         netbios_name, netbios_domain,
 212                                         use_ntlmv2, &ans->ntlmssp_state);
 213         if (!NT_STATUS_IS_OK(status)) {
 214                 return status;
 215         }
 216
 217         *_ans = ans;
 218         return NT_STATUS_OK;
 219 }