#include "includes.h"
#include "libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
+#include "auth/gensec/gensec.h"
NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
TALLOC_CTX *sig_mem_ctx,
size_t pdu_length,
DATA_BLOB *sig)
{
+ if (ans->gensec_security) {
+ return gensec_sign_packet(ans->gensec_security,
+ sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
+ }
return ntlmssp_sign_packet(ans->ntlmssp_state,
sig_mem_ctx,
data, length,
size_t pdu_length,
const DATA_BLOB *sig)
{
+ if (ans->gensec_security) {
+ return gensec_check_packet(ans->gensec_security,
+ data, length, whole_pdu, pdu_length, sig);
+ }
return ntlmssp_check_packet(ans->ntlmssp_state,
data, length,
whole_pdu, pdu_length,
size_t pdu_length,
DATA_BLOB *sig)
{
+ if (ans->gensec_security) {
+ return gensec_seal_packet(ans->gensec_security,
+ sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
+ }
return ntlmssp_seal_packet(ans->ntlmssp_state,
sig_mem_ctx,
data, length,
size_t pdu_length,
const DATA_BLOB *sig)
{
+ if (ans->gensec_security) {
+ return gensec_unseal_packet(ans->gensec_security,
+ data, length, whole_pdu, pdu_length, sig);
+ }
return ntlmssp_unseal_packet(ans->ntlmssp_state,
data, length,
whole_pdu, pdu_length,
bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
{
+ if (ans->gensec_security) {
+ return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
+ }
return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
}
bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
{
+ if (ans->gensec_security) {
+ return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
+ }
return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
}
-/* Needed for 'smb username' processing */
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
-{
- return ans->ntlmssp_state->user;
-}
-
-const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans)
-{
- return ans->ntlmssp_state->nt_hash;
-}
-
NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
const char *user)
{
return ntlmssp_set_password(ans->ntlmssp_state, password);
}
-void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
-{
- ans->ntlmssp_state->neg_flags &= flags;
-}
-
-void auth_ntlmssp_or_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
-{
- ans->ntlmssp_state->neg_flags |= flags;
-}
-
void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
{
- ntlmssp_want_feature(ans->ntlmssp_state, feature);
+ if (ans->gensec_security) {
+ if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
+ gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SESSION_KEY);
+ }
+ if (feature & NTLMSSP_FEATURE_SIGN) {
+ gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
+ }
+ if (feature & NTLMSSP_FEATURE_SEAL) {
+ gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
+ }
+ } else {
+ ntlmssp_want_feature(ans->ntlmssp_state, feature);
+ }
}
-DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans)
+DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx)
{
- return ans->ntlmssp_state->session_key;
+ if (ans->gensec_security) {
+ DATA_BLOB session_key;
+ NTSTATUS status = gensec_session_key(ans->gensec_security, mem_ctx, &session_key);
+ if (NT_STATUS_IS_OK(status)) {
+ return session_key;
+ } else {
+ return data_blob_null;
+ }
+ }
+ return data_blob_talloc(mem_ctx, ans->ntlmssp_state->session_key.data, ans->ntlmssp_state->session_key.length);
}
NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
+ TALLOC_CTX *mem_ctx,
const DATA_BLOB request, DATA_BLOB *reply)
{
- return ntlmssp_update(ans->ntlmssp_state, request, reply);
+ NTSTATUS status;
+ if (ans->gensec_security) {
+ return gensec_update(ans->gensec_security, mem_ctx, request, reply);
+ }
+ status = ntlmssp_update(ans->ntlmssp_state, request, reply);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ return status;
+ }
+ talloc_steal(mem_ctx, reply->data);
+ return status;
}
NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,