#include "includes.h"
/*
- wrappers for the ntlmssp_*() functions
-*/
-static NTSTATUS ntlm_unseal_packet(struct dcerpc_security *dcerpc_security,
- uchar *data, size_t length, DATA_BLOB *sig)
-{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- return ntlmssp_unseal_packet(ntlmssp_state, data, length, sig);
-}
-
-static NTSTATUS ntlm_check_packet(struct dcerpc_security *dcerpc_security,
- const uchar *data, size_t length,
- const DATA_BLOB *sig)
-{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- return ntlmssp_check_packet(ntlmssp_state, data, length, sig);
-}
-
-static NTSTATUS ntlm_seal_packet(struct dcerpc_security *dcerpc_security,
- uchar *data, size_t length,
- DATA_BLOB *sig)
-{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- return ntlmssp_seal_packet(ntlmssp_state, data, length, sig);
-}
-
-static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
- const uchar *data, size_t length,
- DATA_BLOB *sig)
-{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- return ntlmssp_sign_packet(ntlmssp_state, data, length, sig);
-}
-
-static void ntlm_security_end(struct dcerpc_security *dcerpc_security)
-{
- struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- ntlmssp_end(&ntlmssp_state);
-}
-
-
-
-/*
- do ntlm style authentication on a dcerpc pipe
+ do ntlm style authentication on a gensec pipe
*/
NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
- const char *uuid, unsigned version,
+ const char *uuid, uint_t version,
const char *domain,
const char *username,
const char *password)
{
NTSTATUS status;
- struct ntlmssp_state *state;
- TALLOC_CTX *mem_ctx;
- DATA_BLOB credentials;
- mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
+ if (!(p->conn->flags & (DCERPC_SIGN | DCERPC_SEAL))) {
+ p->conn->flags |= DCERPC_CONNECT;
}
- status = ntlmssp_client_start(&state);
+ status = gensec_client_start(p, &p->conn->security_state.generic_state);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
return status;
}
- status = ntlmssp_set_domain(state, domain);
+ status = gensec_set_domain(p->conn->security_state.generic_state, domain);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = ntlmssp_set_username(state, username);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
+ DEBUG(1, ("Failed to start set GENSEC client domain to %s: %s\n",
+ domain, nt_errstr(status)));
+ return status;
}
- status = ntlmssp_set_password(state, password);
+ status = gensec_set_username(p->conn->security_state.generic_state, username);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- p->auth_info = talloc(p->mem_ctx, sizeof(*p->auth_info));
- if (!p->auth_info) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
-
- if (p->flags & DCERPC_SEAL) {
- p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL;
- } else {
- /* ntlmssp does not work on dcerpc with
- AUTH_LEVEL_NONE */
- state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- }
- p->auth_info->auth_pad_length = 0;
- p->auth_info->auth_reserved = 0;
- p->auth_info->auth_context_id = random();
- p->auth_info->credentials = data_blob(NULL, 0);
- p->security_state = NULL;
-
- status = ntlmssp_update(state,
- p->auth_info->credentials,
- &credentials);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto done;
+ DEBUG(1, ("Failed to start set GENSEC client username to %s: %s\n",
+ username, nt_errstr(status)));
+ return status;
}
- p->auth_info->credentials = data_blob_talloc(mem_ctx,
- credentials.data,
- credentials.length);
- data_blob_free(&credentials);
-
- status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
+ status = gensec_set_password(p->conn->security_state.generic_state, password);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
-
- status = ntlmssp_update(state,
- p->auth_info->credentials,
- &credentials);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- goto done;
+ DEBUG(1, ("Failed to start set GENSEC client password: %s\n",
+ nt_errstr(status)));
+ return status;
}
- p->auth_info->credentials = data_blob_talloc(mem_ctx,
- credentials.data,
- credentials.length);
- data_blob_free(&credentials);
-
- status = dcerpc_auth3(p, mem_ctx);
-
+ status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state,
+ DCERPC_AUTH_TYPE_NTLMSSP, dcerpc_auth_level(p->conn));
if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- p->security_state = talloc_p(p->mem_ctx, struct dcerpc_security);
- if (!p->security_state) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- p->security_state->private = state;
- p->security_state->unseal_packet = ntlm_unseal_packet;
- p->security_state->check_packet = ntlm_check_packet;
- p->security_state->seal_packet = ntlm_seal_packet;
- p->security_state->sign_packet = ntlm_sign_packet;
- p->security_state->security_end = ntlm_security_end;
-
- switch (p->auth_info->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- /* setup for signing */
- status = ntlmssp_sign_init(state);
- break;
+ DEBUG(1, ("Failed to start set GENSEC client NTLMSSP mechanism: %s\n",
+ nt_errstr(status)));
+ return status;
}
-
-done:
- talloc_destroy(mem_ctx);
+
+ status = dcerpc_bind_auth(p, DCERPC_AUTH_TYPE_NTLMSSP,
+ dcerpc_auth_level(p->conn),
+ uuid, version);
if (!NT_STATUS_IS_OK(status)) {
- p->security_state = NULL;
- p->auth_info = NULL;
+ DEBUG(2, ("Failed to bind to pipe with NTLMSSP: %s\n", nt_errstr(status)));
+ return status;
}
return status;
}
-
-