CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation...
[samba.git] / auth / ntlmssp / ntlmssp_client.c
1 /*
2    Unix SMB/Netbios implementation.
3    Version 3.0
4    handle NLTMSSP, client server side parsing
5
6    Copyright (C) Andrew Tridgell      2001
7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2005
8    Copyright (C) Stefan Metzmacher 2005
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 struct auth_session_info;
25
26 #include "includes.h"
27 #include "auth/ntlmssp/ntlmssp.h"
28 #include "../lib/crypto/crypto.h"
29 #include "../libcli/auth/libcli_auth.h"
30 #include "auth/credentials/credentials.h"
31 #include "auth/gensec/gensec.h"
32 #include "auth/gensec/gensec_internal.h"
33 #include "param/param.h"
34 #include "auth/ntlmssp/ntlmssp_private.h"
35 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
36 #include "../auth/ntlmssp/ntlmssp_ndr.h"
37 #include "../nsswitch/libwbclient/wbclient.h"
38
39 /*********************************************************************
40  Client side NTLMSSP
41 *********************************************************************/
42
43 /**
44  * Next state function for the Initial packet
45  *
46  * @param ntlmssp_state NTLMSSP State
47  * @param out_mem_ctx The DATA_BLOB *out will be allocated on this context
48  * @param in A NULL data blob (input ignored)
49  * @param out The initial negotiate request to the server, as an talloc()ed DATA_BLOB, on out_mem_ctx
50  * @return Errors or NT_STATUS_OK.
51  */
52
53 NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
54                                 TALLOC_CTX *out_mem_ctx,
55                                 DATA_BLOB in, DATA_BLOB *out)
56 {
57         struct gensec_ntlmssp_context *gensec_ntlmssp =
58                 talloc_get_type_abort(gensec_security->private_data,
59                                       struct gensec_ntlmssp_context);
60         struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
61         NTSTATUS status;
62         const DATA_BLOB version_blob = ntlmssp_version_blob();
63
64         /* generate the ntlmssp negotiate packet */
65         status = msrpc_gen(out_mem_ctx,
66                   out, "CddAAb",
67                   "NTLMSSP",
68                   NTLMSSP_NEGOTIATE,
69                   ntlmssp_state->neg_flags,
70                   "", /* domain */
71                   "", /* workstation */
72                   version_blob.data, version_blob.length);
73         if (!NT_STATUS_IS_OK(status)) {
74                 DEBUG(0, ("ntlmssp_client_initial: failed to generate "
75                           "ntlmssp negotiate packet\n"));
76                 return status;
77         }
78
79         if (DEBUGLEVEL >= 10) {
80                 struct NEGOTIATE_MESSAGE *negotiate = talloc(
81                         ntlmssp_state, struct NEGOTIATE_MESSAGE);
82                 if (negotiate != NULL) {
83                         status = ntlmssp_pull_NEGOTIATE_MESSAGE(
84                                 out, negotiate, negotiate);
85                         if (NT_STATUS_IS_OK(status)) {
86                                 NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE,
87                                                 negotiate);
88                         }
89                         TALLOC_FREE(negotiate);
90                 }
91         }
92
93         ntlmssp_state->negotiate_blob = data_blob_dup_talloc(ntlmssp_state,
94                                                              *out);
95         if (ntlmssp_state->negotiate_blob.length != out->length) {
96                 return NT_STATUS_NO_MEMORY;
97         }
98
99         ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
100
101         return NT_STATUS_MORE_PROCESSING_REQUIRED;
102 }
103
104 NTSTATUS gensec_ntlmssp_resume_ccache(struct gensec_security *gensec_security,
105                                 TALLOC_CTX *out_mem_ctx,
106                                 DATA_BLOB in, DATA_BLOB *out)
107 {
108         struct gensec_ntlmssp_context *gensec_ntlmssp =
109                 talloc_get_type_abort(gensec_security->private_data,
110                                       struct gensec_ntlmssp_context);
111         struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
112         uint32_t neg_flags = 0;
113         uint32_t ntlmssp_command;
114         NTSTATUS status;
115         bool ok;
116
117         *out = data_blob_null;
118
119         if (in.length == 0) {
120                 /*
121                  * This is compat code for older callers
122                  * which were missing the "initial_blob"/"negotiate_blob".
123                  *
124                  * That means we can't calculate the NTLMSSP_MIC
125                  * field correctly and need to force the
126                  * old_spnego behaviour.
127                  */
128                 DEBUG(10, ("%s: in.length==%u force_old_spnego!\n",
129                            __func__, (unsigned int)in.length));
130                 ntlmssp_state->force_old_spnego = true;
131                 ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
132                 ntlmssp_state->required_flags = 0;
133                 ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
134                 return NT_STATUS_MORE_PROCESSING_REQUIRED;
135         }
136
137         /* parse the NTLMSSP packet */
138
139         if (in.length > UINT16_MAX) {
140                 DEBUG(1, ("%s: reject large request of length %u\n",
141                         __func__, (unsigned int)in.length));
142                 return NT_STATUS_INVALID_PARAMETER;
143         }
144
145         ok = msrpc_parse(ntlmssp_state, &in, "Cdd",
146                          "NTLMSSP",
147                          &ntlmssp_command,
148                          &neg_flags);
149         if (!ok) {
150                 DEBUG(1, ("%s: failed to parse NTLMSSP Negotiate of length %u\n",
151                         __func__, (unsigned int)in.length));
152                 dump_data(2, in.data, in.length);
153                 return NT_STATUS_INVALID_PARAMETER;
154         }
155
156         if (ntlmssp_command != NTLMSSP_NEGOTIATE) {
157                 DEBUG(1, ("%s: no NTLMSSP Negotiate message (length %u)\n",
158                         __func__, (unsigned int)in.length));
159                 dump_data(2, in.data, in.length);
160                 return NT_STATUS_INVALID_PARAMETER;
161         }
162
163         ntlmssp_state->neg_flags = neg_flags;
164         DEBUG(3, ("Imported Negotiate flags:\n"));
165         debug_ntlmssp_flags(neg_flags);
166
167         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
168                 ntlmssp_state->unicode = true;
169         } else {
170                 ntlmssp_state->unicode = false;
171         }
172
173         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
174                 gensec_security->want_features |= GENSEC_FEATURE_SIGN;
175
176                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
177         }
178
179         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
180                 gensec_security->want_features |= GENSEC_FEATURE_SEAL;
181
182                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
183                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
184         }
185
186         ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
187         ntlmssp_state->conf_flags = ntlmssp_state->neg_flags;
188
189         if (DEBUGLEVEL >= 10) {
190                 struct NEGOTIATE_MESSAGE *negotiate = talloc(
191                         ntlmssp_state, struct NEGOTIATE_MESSAGE);
192                 if (negotiate != NULL) {
193                         status = ntlmssp_pull_NEGOTIATE_MESSAGE(
194                                 &in, negotiate, negotiate);
195                         if (NT_STATUS_IS_OK(status)) {
196                                 NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE,
197                                                 negotiate);
198                         }
199                         TALLOC_FREE(negotiate);
200                 }
201         }
202
203         ntlmssp_state->negotiate_blob = data_blob_dup_talloc(ntlmssp_state,
204                                                              in);
205         if (ntlmssp_state->negotiate_blob.length != in.length) {
206                 return NT_STATUS_NO_MEMORY;
207         }
208
209         ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
210
211         return NT_STATUS_MORE_PROCESSING_REQUIRED;
212 }
213
214 /**
215  * Next state function for the Challenge Packet.  Generate an auth packet.
216  *
217  * @param gensec_security GENSEC state
218  * @param out_mem_ctx Memory context for *out
219  * @param in The server challnege, as a DATA_BLOB.  reply.data must be NULL
220  * @param out The next request (auth packet) to the server, as an allocated DATA_BLOB, on the out_mem_ctx context
221  * @return Errors or NT_STATUS_OK.
222  */
223
224 NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
225                                   TALLOC_CTX *out_mem_ctx,
226                                   const DATA_BLOB in, DATA_BLOB *out)
227 {
228         struct gensec_ntlmssp_context *gensec_ntlmssp =
229                 talloc_get_type_abort(gensec_security->private_data,
230                                       struct gensec_ntlmssp_context);
231         struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
232         uint32_t chal_flags, ntlmssp_command, unkn1 = 0, unkn2 = 0;
233         DATA_BLOB server_domain_blob;
234         DATA_BLOB challenge_blob;
235         DATA_BLOB target_info = data_blob(NULL, 0);
236         char *server_domain;
237         const char *chal_parse_string;
238         const char *chal_parse_string_short = NULL;
239         const char *auth_gen_string;
240         DATA_BLOB lm_response = data_blob(NULL, 0);
241         DATA_BLOB nt_response = data_blob(NULL, 0);
242         DATA_BLOB session_key = data_blob(NULL, 0);
243         DATA_BLOB lm_session_key = data_blob(NULL, 0);
244         DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
245         NTSTATUS nt_status;
246         int flags = 0;
247         const char *user = NULL, *domain = NULL, *workstation = NULL;
248         bool is_anonymous = false;
249         const DATA_BLOB version_blob = ntlmssp_version_blob();
250         const NTTIME *server_timestamp = NULL;
251         uint8_t mic_buffer[NTLMSSP_MIC_SIZE] = { 0, };
252         DATA_BLOB mic_blob = data_blob_const(mic_buffer, sizeof(mic_buffer));
253         HMACMD5Context ctx;
254
255         TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
256         if (!mem_ctx) {
257                 return NT_STATUS_NO_MEMORY;
258         }
259
260         if (!msrpc_parse(mem_ctx,
261                          &in, "CdBd",
262                          "NTLMSSP",
263                          &ntlmssp_command,
264                          &server_domain_blob,
265                          &chal_flags)) {
266                 DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
267                 dump_data(2, in.data, in.length);
268                 talloc_free(mem_ctx);
269
270                 return NT_STATUS_INVALID_PARAMETER;
271         }
272
273         data_blob_free(&server_domain_blob);
274
275         DEBUG(3, ("Got challenge flags:\n"));
276         debug_ntlmssp_flags(chal_flags);
277
278         nt_status = ntlmssp_handle_neg_flags(ntlmssp_state,
279                                              chal_flags, "challenge");
280         if (!NT_STATUS_IS_OK(nt_status)) {
281                 return nt_status;
282         }
283
284         if (ntlmssp_state->unicode) {
285                 if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
286                         chal_parse_string = "CdUdbddB";
287                 } else {
288                         chal_parse_string = "CdUdbdd";
289                         chal_parse_string_short = "CdUdb";
290                 }
291                 auth_gen_string = "CdBBUUUBdbb";
292         } else {
293                 if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
294                         chal_parse_string = "CdAdbddB";
295                 } else {
296                         chal_parse_string = "CdAdbdd";
297                         chal_parse_string_short = "CdAdb";
298                 }
299
300                 auth_gen_string = "CdBBAAABdbb";
301         }
302
303         if (!msrpc_parse(mem_ctx,
304                          &in, chal_parse_string,
305                          "NTLMSSP",
306                          &ntlmssp_command,
307                          &server_domain,
308                          &chal_flags,
309                          &challenge_blob, 8,
310                          &unkn1, &unkn2,
311                          &target_info)) {
312
313                 bool ok = false;
314
315                 DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
316
317                 if (chal_parse_string_short != NULL) {
318                         /*
319                          * In the case where NTLMSSP_NEGOTIATE_TARGET_INFO
320                          * is not used, some NTLMSSP servers don't return
321                          * the unused unkn1 and unkn2 fields.
322                          * See bug:
323                          * https://bugzilla.samba.org/show_bug.cgi?id=10016
324                          * for packet traces.
325                          * Try and parse again without them.
326                          */
327                         ok = msrpc_parse(mem_ctx,
328                                 &in, chal_parse_string_short,
329                                 "NTLMSSP",
330                                 &ntlmssp_command,
331                                 &server_domain,
332                                 &chal_flags,
333                                 &challenge_blob, 8);
334                         if (!ok) {
335                                 DEBUG(1, ("Failed to short parse "
336                                         "the NTLMSSP Challenge: (#2)\n"));
337                         }
338                 }
339
340                 if (!ok) {
341                         dump_data(2, in.data, in.length);
342                         talloc_free(mem_ctx);
343                         return NT_STATUS_INVALID_PARAMETER;
344                 }
345         }
346
347         if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
348                 ntlmssp_state->server.is_standalone = true;
349         } else {
350                 ntlmssp_state->server.is_standalone = false;
351         }
352         /* TODO: parse struct_blob and fill in the rest */
353         ntlmssp_state->server.netbios_name = "";
354         ntlmssp_state->server.netbios_domain = talloc_move(ntlmssp_state, &server_domain);
355         ntlmssp_state->server.dns_name = "";
356         ntlmssp_state->server.dns_domain = "";
357
358         if (challenge_blob.length != 8) {
359                 talloc_free(mem_ctx);
360                 return NT_STATUS_INVALID_PARAMETER;
361         }
362
363         is_anonymous = cli_credentials_is_anonymous(gensec_security->credentials);
364         cli_credentials_get_ntlm_username_domain(gensec_security->credentials, mem_ctx,
365                                                  &user, &domain);
366
367         workstation = cli_credentials_get_workstation(gensec_security->credentials);
368
369         if (user == NULL) {
370                 DEBUG(10, ("User is NULL, returning INVALID_PARAMETER\n"));
371                 return NT_STATUS_INVALID_PARAMETER;
372         }
373
374         if (domain == NULL) {
375                 DEBUG(10, ("Domain is NULL, returning INVALID_PARAMETER\n"));
376                 return NT_STATUS_INVALID_PARAMETER;
377         }
378
379         if (workstation == NULL) {
380                 DEBUG(10, ("Workstation is NULL, returning INVALID_PARAMETER\n"));
381                 return NT_STATUS_INVALID_PARAMETER;
382         }
383
384         if (is_anonymous) {
385                 ntlmssp_state->neg_flags |= NTLMSSP_ANONYMOUS;
386                 /*
387                  * don't use the ccache for anonymous auth
388                  */
389                 ntlmssp_state->use_ccache = false;
390         }
391         if (ntlmssp_state->use_ccache) {
392                 struct samr_Password *nt_hash = NULL;
393
394                 /*
395                  * If we have a password given we don't
396                  * use the ccache
397                  */
398                 nt_hash = cli_credentials_get_nt_hash(gensec_security->credentials,
399                                                       mem_ctx);
400                 if (nt_hash != NULL) {
401                         ZERO_STRUCTP(nt_hash);
402                         TALLOC_FREE(nt_hash);
403                         ntlmssp_state->use_ccache = false;
404                 }
405         }
406
407         if (ntlmssp_state->use_ccache) {
408                 struct wbcCredentialCacheParams params;
409                 struct wbcCredentialCacheInfo *info = NULL;
410                 struct wbcAuthErrorInfo *error = NULL;
411                 struct wbcNamedBlob auth_blobs[2];
412                 const struct wbcBlob *wbc_auth_blob = NULL;
413                 const struct wbcBlob *wbc_session_key = NULL;
414                 wbcErr wbc_status;
415                 int i;
416                 bool new_spnego = false;
417
418                 params.account_name = user;
419                 params.domain_name = domain;
420                 params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP;
421
422                 auth_blobs[0].name = "challenge_blob";
423                 auth_blobs[0].flags = 0;
424                 auth_blobs[0].blob.data = in.data;
425                 auth_blobs[0].blob.length = in.length;
426                 auth_blobs[1].name = "negotiate_blob";
427                 auth_blobs[1].flags = 0;
428                 auth_blobs[1].blob.data = ntlmssp_state->negotiate_blob.data;
429                 auth_blobs[1].blob.length = ntlmssp_state->negotiate_blob.length;
430                 params.num_blobs = ARRAY_SIZE(auth_blobs);
431                 params.blobs = auth_blobs;
432
433                 wbc_status = wbcCredentialCache(&params, &info, &error);
434                 wbcFreeMemory(error);
435                 if (!WBC_ERROR_IS_OK(wbc_status)) {
436                         return NT_STATUS_WRONG_CREDENTIAL_HANDLE;
437                 }
438
439                 for (i=0; i<info->num_blobs; i++) {
440                         if (strequal(info->blobs[i].name, "auth_blob")) {
441                                 wbc_auth_blob = &info->blobs[i].blob;
442                         }
443                         if (strequal(info->blobs[i].name, "session_key")) {
444                                 wbc_session_key = &info->blobs[i].blob;
445                         }
446                         if (strequal(info->blobs[i].name, "new_spnego")) {
447                                 new_spnego = true;
448                         }
449                 }
450                 if ((wbc_auth_blob == NULL) || (wbc_session_key == NULL)) {
451                         wbcFreeMemory(info);
452                         return NT_STATUS_WRONG_CREDENTIAL_HANDLE;
453                 }
454
455                 session_key = data_blob_talloc(mem_ctx,
456                                                wbc_session_key->data,
457                                                wbc_session_key->length);
458                 if (session_key.length != wbc_session_key->length) {
459                         wbcFreeMemory(info);
460                         return NT_STATUS_NO_MEMORY;
461                 }
462                 *out = data_blob_talloc(mem_ctx,
463                                         wbc_auth_blob->data,
464                                         wbc_auth_blob->length);
465                 if (out->length != wbc_auth_blob->length) {
466                         wbcFreeMemory(info);
467                         return NT_STATUS_NO_MEMORY;
468                 }
469                 ntlmssp_state->new_spnego = new_spnego;
470
471                 wbcFreeMemory(info);
472                 goto done;
473         }
474
475         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
476                 flags |= CLI_CRED_NTLM2;
477         }
478         if (ntlmssp_state->use_ntlmv2) {
479                 flags |= CLI_CRED_NTLMv2_AUTH;
480         }
481         if (ntlmssp_state->use_nt_response) {
482                 flags |= CLI_CRED_NTLM_AUTH;
483         }
484         if (ntlmssp_state->allow_lm_response) {
485                 flags |= CLI_CRED_LANMAN_AUTH;
486         }
487
488         if (target_info.length != 0 && !is_anonymous) {
489                 struct AV_PAIR *pairs = NULL;
490                 uint32_t count = 0;
491                 enum ndr_err_code err;
492                 struct AV_PAIR *timestamp = NULL;
493                 struct AV_PAIR *eol = NULL;
494                 uint32_t i = 0;
495                 const char *service = NULL;
496                 const char *hostname = NULL;
497
498                 err = ndr_pull_struct_blob(&target_info,
499                                         ntlmssp_state,
500                                         &ntlmssp_state->server.av_pair_list,
501                                         (ndr_pull_flags_fn_t)ndr_pull_AV_PAIR_LIST);
502                 if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
503                         return ndr_map_error2ntstatus(err);
504                 }
505
506                 count = ntlmssp_state->server.av_pair_list.count;
507                 /*
508                  * We need room for Flags, SingleHost,
509                  * ChannelBindings and Target
510                  */
511                 pairs = talloc_zero_array(ntlmssp_state, struct AV_PAIR,
512                                           count + 4);
513                 if (pairs == NULL) {
514                         return NT_STATUS_NO_MEMORY;
515                 }
516
517                 for (i = 0; i < count; i++) {
518                         pairs[i] = ntlmssp_state->server.av_pair_list.pair[i];
519                 }
520
521                 ntlmssp_state->client.av_pair_list.count = count;
522                 ntlmssp_state->client.av_pair_list.pair = pairs;
523
524                 eol = ndr_ntlmssp_find_av(&ntlmssp_state->client.av_pair_list,
525                                           MsvAvEOL);
526                 if (eol == NULL) {
527                         return NT_STATUS_INVALID_PARAMETER;
528                 }
529
530                 timestamp = ndr_ntlmssp_find_av(&ntlmssp_state->client.av_pair_list,
531                                                 MsvAvTimestamp);
532                 if (timestamp != NULL) {
533                         uint32_t sign_features =
534                                         GENSEC_FEATURE_SESSION_KEY |
535                                         GENSEC_FEATURE_SIGN |
536                                         GENSEC_FEATURE_SEAL;
537
538                         server_timestamp = &timestamp->Value.AvTimestamp;
539
540                         if (ntlmssp_state->force_old_spnego) {
541                                 sign_features = 0;
542                         }
543
544                         if (gensec_security->want_features & sign_features) {
545                                 struct AV_PAIR *av_flags = NULL;
546
547                                 av_flags = ndr_ntlmssp_find_av(&ntlmssp_state->client.av_pair_list,
548                                                                MsvAvFlags);
549                                 if (av_flags == NULL) {
550                                         av_flags = eol;
551                                         eol++;
552                                         count++;
553                                         *eol = *av_flags;
554                                         av_flags->AvId = MsvAvFlags;
555                                         av_flags->Value.AvFlags = 0;
556                                 }
557
558                                 av_flags->Value.AvFlags |= NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE;
559                                 ntlmssp_state->new_spnego = true;
560                         }
561                 }
562
563                 {
564                         struct AV_PAIR *SingleHost = NULL;
565
566                         SingleHost = eol;
567                         eol++;
568                         count++;
569                         *eol = *SingleHost;
570
571                         /*
572                          * This is not really used, but we want to
573                          * add some more random bytes and match
574                          * Windows.
575                          */
576                         SingleHost->AvId = MsvAvSingleHost;
577                         SingleHost->Value.AvSingleHost.token_info.Flags = 0;
578                         SingleHost->Value.AvSingleHost.token_info.TokenIL = 0;
579                         generate_random_buffer(SingleHost->Value.AvSingleHost.token_info.MachineId,
580                                         sizeof(SingleHost->Value.AvSingleHost.token_info.MachineId));
581                         SingleHost->Value.AvSingleHost.remaining = data_blob_null;
582                 }
583
584                 {
585                         struct AV_PAIR *ChannelBindings = NULL;
586
587                         ChannelBindings = eol;
588                         eol++;
589                         count++;
590                         *eol = *ChannelBindings;
591
592                         /*
593                          * gensec doesn't support channel bindings yet,
594                          * but we want to match Windows on the wire
595                          */
596                         ChannelBindings->AvId = MsvChannelBindings;
597                         memset(ChannelBindings->Value.ChannelBindings, 0,
598                                sizeof(ChannelBindings->Value.ChannelBindings));
599                 }
600
601                 service = gensec_get_target_service(gensec_security);
602                 hostname = gensec_get_target_hostname(gensec_security);
603                 if (service != NULL && hostname != NULL) {
604                         struct AV_PAIR *target = NULL;
605
606                         target = eol;
607                         eol++;
608                         count++;
609                         *eol = *target;
610
611                         target->AvId = MsvAvTargetName;
612                         target->Value.AvTargetName = talloc_asprintf(pairs, "%s/%s",
613                                                                      service,
614                                                                      hostname);
615                         if (target->Value.AvTargetName == NULL) {
616                                 return NT_STATUS_NO_MEMORY;
617                         }
618                 }
619
620                 ntlmssp_state->client.av_pair_list.count = count;
621                 ntlmssp_state->client.av_pair_list.pair = pairs;
622
623                 err = ndr_push_struct_blob(&target_info,
624                                         ntlmssp_state,
625                                         &ntlmssp_state->client.av_pair_list,
626                                         (ndr_push_flags_fn_t)ndr_push_AV_PAIR_LIST);
627                 if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
628                         return NT_STATUS_NO_MEMORY;
629                 }
630         }
631
632         nt_status = cli_credentials_get_ntlm_response(gensec_security->credentials, mem_ctx,
633                                                       &flags, challenge_blob,
634                                                       server_timestamp, target_info,
635                                                       &lm_response, &nt_response,
636                                                       &lm_session_key, &session_key);
637         if (!NT_STATUS_IS_OK(nt_status)) {
638                 return nt_status;
639         }
640
641         if (!(flags & CLI_CRED_LANMAN_AUTH)) {
642                 /* LM Key is still possible, just silly, so we do not
643                  * allow it. Fortunetly all LM crypto is off by
644                  * default and we require command line options to end
645                  * up here */
646                 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
647         }
648
649         if (!(flags & CLI_CRED_NTLM2)) {
650                 /* NTLM2 is incompatible... */
651                 ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
652         }
653
654         if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
655             && ntlmssp_state->allow_lm_key && lm_session_key.length == 16) {
656                 DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
657                 if (lm_response.length == 24) {
658                         SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
659                                                   new_session_key.data);
660                 } else {
661                         static const uint8_t zeros[24];
662                         SMBsesskeygen_lm_sess_key(lm_session_key.data, zeros,
663                                                   new_session_key.data);
664                 }
665                 session_key = new_session_key;
666                 dump_data_pw("LM session key\n", session_key.data, session_key.length);
667         }
668
669
670         /* Key exchange encryptes a new client-generated session key with
671            the password-derived key */
672         if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
673                 /* Make up a new session key */
674                 uint8_t client_session_key[16];
675                 generate_secret_buffer(client_session_key, sizeof(client_session_key));
676
677                 /* Encrypt the new session key with the old one */
678                 encrypted_session_key = data_blob_talloc(ntlmssp_state,
679                                                          client_session_key, sizeof(client_session_key));
680                 dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length);
681                 arcfour_crypt(encrypted_session_key.data, session_key.data, encrypted_session_key.length);
682                 dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
683
684                 /* Mark the new session key as the 'real' session key */
685                 session_key = data_blob_talloc(mem_ctx, client_session_key, sizeof(client_session_key));
686         }
687
688         /* this generates the actual auth packet */
689         nt_status = msrpc_gen(mem_ctx,
690                        out, auth_gen_string,
691                        "NTLMSSP",
692                        NTLMSSP_AUTH,
693                        lm_response.data, lm_response.length,
694                        nt_response.data, nt_response.length,
695                        domain,
696                        user,
697                        workstation,
698                        encrypted_session_key.data, encrypted_session_key.length,
699                        ntlmssp_state->neg_flags,
700                        version_blob.data, version_blob.length,
701                        mic_blob.data, mic_blob.length);
702         if (!NT_STATUS_IS_OK(nt_status)) {
703                 talloc_free(mem_ctx);
704                 return nt_status;
705         }
706
707         /*
708          * We always include the MIC, even without:
709          * av_flags->Value.AvFlags |= NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE;
710          * ntlmssp_state->new_spnego = true;
711          *
712          * This matches a Windows client.
713          */
714         hmac_md5_init_limK_to_64(session_key.data,
715                                  session_key.length,
716                                  &ctx);
717         hmac_md5_update(ntlmssp_state->negotiate_blob.data,
718                         ntlmssp_state->negotiate_blob.length,
719                         &ctx);
720         hmac_md5_update(in.data, in.length, &ctx);
721         hmac_md5_update(out->data, out->length, &ctx);
722         hmac_md5_final(mic_buffer, &ctx);
723         memcpy(out->data + NTLMSSP_MIC_OFFSET, mic_buffer, NTLMSSP_MIC_SIZE);
724
725 done:
726         data_blob_free(&ntlmssp_state->negotiate_blob);
727
728         ntlmssp_state->session_key = session_key;
729         talloc_steal(ntlmssp_state, session_key.data);
730
731         DEBUG(3, ("NTLMSSP: Set final flags:\n"));
732         debug_ntlmssp_flags(ntlmssp_state->neg_flags);
733
734         talloc_steal(out_mem_ctx, out->data);
735
736         ntlmssp_state->expected_state = NTLMSSP_DONE;
737
738         if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
739                 nt_status = ntlmssp_sign_init(ntlmssp_state);
740                 if (!NT_STATUS_IS_OK(nt_status)) {
741                         DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n",
742                                   nt_errstr(nt_status)));
743                         talloc_free(mem_ctx);
744                         return nt_status;
745                 }
746         }
747
748         talloc_free(mem_ctx);
749         return NT_STATUS_OK;
750 }
751
752 NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
753 {
754         struct gensec_ntlmssp_context *gensec_ntlmssp;
755         struct ntlmssp_state *ntlmssp_state;
756         NTSTATUS nt_status;
757
758         nt_status = gensec_ntlmssp_start(gensec_security);
759         NT_STATUS_NOT_OK_RETURN(nt_status);
760
761         gensec_ntlmssp =
762                 talloc_get_type_abort(gensec_security->private_data,
763                                       struct gensec_ntlmssp_context);
764
765         ntlmssp_state = talloc_zero(gensec_ntlmssp,
766                                     struct ntlmssp_state);
767         if (!ntlmssp_state) {
768                 return NT_STATUS_NO_MEMORY;
769         }
770
771         gensec_ntlmssp->ntlmssp_state = ntlmssp_state;
772
773         ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
774
775         ntlmssp_state->role = NTLMSSP_CLIENT;
776
777         ntlmssp_state->client.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
778         ntlmssp_state->client.netbios_name = cli_credentials_get_workstation(gensec_security->credentials);
779
780         ntlmssp_state->unicode = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "unicode", true);
781
782         ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true);
783
784         ntlmssp_state->allow_lm_response = lpcfg_client_lanman_auth(gensec_security->settings->lp_ctx);
785
786         ntlmssp_state->allow_lm_key = (ntlmssp_state->allow_lm_response
787                                               && (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false)
788                                                   || gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)));
789
790         ntlmssp_state->use_ntlmv2 = lpcfg_client_ntlmv2_auth(gensec_security->settings->lp_ctx);
791
792         ntlmssp_state->expected_state = NTLMSSP_INITIAL;
793
794         ntlmssp_state->neg_flags =
795                 NTLMSSP_NEGOTIATE_NTLM |
796                 NTLMSSP_NEGOTIATE_VERSION |
797                 NTLMSSP_REQUEST_TARGET;
798
799         if (ntlmssp_state->unicode) {
800                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
801         } else {
802                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
803         }
804
805         if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "128bit", true)) {
806                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
807         }
808
809         if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "56bit", false)) {
810                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
811         }
812
813         if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)) {
814                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
815         }
816
817         if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "keyexchange", true)) {
818                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
819         }
820
821         if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "alwayssign", true)) {
822                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
823         }
824
825         if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "ntlm2", true)) {
826                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
827         } else {
828                 /* apparently we can't do ntlmv2 if we don't do ntlm2 */
829                 ntlmssp_state->use_ntlmv2 = false;
830         }
831
832         if (ntlmssp_state->use_ntlmv2) {
833                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2;
834                 ntlmssp_state->allow_lm_response = false;
835                 ntlmssp_state->allow_lm_key = false;
836         }
837
838         if (ntlmssp_state->allow_lm_key) {
839                 ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
840         }
841
842         if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
843                 /*
844                  * We need to set this to allow a later SetPassword
845                  * via the SAMR pipe to succeed. Strange.... We could
846                  * also add  NTLMSSP_NEGOTIATE_SEAL here. JRA.
847                  *
848                  * Without this, Windows will not create the master key
849                  * that it thinks is only used for NTLMSSP signing and
850                  * sealing.  (It is actually pulled out and used directly)
851                  */
852                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
853         }
854         if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
855                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
856
857                 if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
858                         /*
859                          * We need to handle NTLMSSP_NEGOTIATE_SIGN as
860                          * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
861                          * is requested.
862                          */
863                         ntlmssp_state->force_wrap_seal = true;
864                         /*
865                          * We want also work against old Samba servers
866                          * which didn't had GENSEC_FEATURE_LDAP_STYLE
867                          * we negotiate SEAL too. We may remove this
868                          * in a few years. As all servers should have
869                          * GENSEC_FEATURE_LDAP_STYLE by then.
870                          */
871                         ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
872                 }
873         }
874         if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
875                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
876                 ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
877         }
878         if (gensec_security->want_features & GENSEC_FEATURE_NTLM_CCACHE) {
879                 ntlmssp_state->use_ccache = true;
880         }
881
882         ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
883         ntlmssp_state->conf_flags = ntlmssp_state->neg_flags;
884
885         return NT_STATUS_OK;
886 }
887
888 NTSTATUS gensec_ntlmssp_resume_ccache_start(struct gensec_security *gensec_security)
889 {
890         struct gensec_ntlmssp_context *gensec_ntlmssp = NULL;
891         NTSTATUS status;
892
893         status = gensec_ntlmssp_client_start(gensec_security);
894         if (!NT_STATUS_IS_OK(status)) {
895                 return status;
896         }
897
898         gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
899                                                struct gensec_ntlmssp_context);
900         gensec_ntlmssp->ntlmssp_state->use_ccache = false;
901         gensec_ntlmssp->ntlmssp_state->resume_ccache = true;
902         gensec_ntlmssp->ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
903
904         return NT_STATUS_OK;
905 }