2 * Unix SMB/CIFS implementation.
4 * NTLMSSP Signing routines
5 * Copyright (C) Andrew Bartlett 2003-2005
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 /* For structures internal to the NTLMSSP implementation that should not be exposed */
23 #include "../lib/crypto/arcfour.h"
25 struct auth_session_info;
27 struct ntlmssp_crypt_direction {
30 struct arcfour_state seal_state;
33 union ntlmssp_crypt_state {
35 struct ntlmssp_crypt_direction ntlm;
39 struct ntlmssp_crypt_direction sending;
40 struct ntlmssp_crypt_direction receiving;
44 /* The following definitions come from auth/ntlmssp.c */
46 NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
47 TALLOC_CTX *out_mem_ctx,
48 struct tevent_context *ev,
49 const DATA_BLOB input, DATA_BLOB *out);
51 /* The following definitions come from auth/ntlmssp_util.c */
53 void debug_ntlmssp_flags(uint32_t neg_flags);
54 void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
55 uint32_t neg_flags, bool allow_lm);
57 /* The following definitions come from auth/ntlmssp_server.c */
59 const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
60 uint32_t neg_flags, uint32_t *chal_flags);
61 NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
62 TALLOC_CTX *out_mem_ctx,
63 const DATA_BLOB in, DATA_BLOB *out);
64 NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
65 TALLOC_CTX *out_mem_ctx,
66 const DATA_BLOB request, DATA_BLOB *reply);
67 /* The following definitions come from auth/ntlmssp/ntlmssp_client.c */
71 * Next state function for the Initial packet
73 * @param ntlmssp_state NTLMSSP State
74 * @param out_mem_ctx The DATA_BLOB *out will be allocated on this context
75 * @param in A NULL data blob (input ignored)
76 * @param out The initial negotiate request to the server, as an talloc()ed DATA_BLOB, on out_mem_ctx
77 * @return Errors or NT_STATUS_OK.
79 NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
80 TALLOC_CTX *out_mem_ctx,
81 DATA_BLOB in, DATA_BLOB *out) ;
84 * Next state function for the Challenge Packet. Generate an auth packet.
86 * @param gensec_security GENSEC state
87 * @param out_mem_ctx Memory context for *out
88 * @param in The server challnege, as a DATA_BLOB. reply.data must be NULL
89 * @param out The next request (auth packet) to the server, as an allocated DATA_BLOB, on the out_mem_ctx context
90 * @return Errors or NT_STATUS_OK.
92 NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
93 TALLOC_CTX *out_mem_ctx,
94 const DATA_BLOB in, DATA_BLOB *out) ;
95 NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security);
97 /* The following definitions come from auth/ntlmssp/ntlmssp_server.c */
101 * Next state function for the Negotiate packet (GENSEC wrapper)
103 * @param gensec_security GENSEC state
104 * @param out_mem_ctx Memory context for *out
105 * @param in The request, as a DATA_BLOB. reply.data must be NULL
106 * @param out The reply, as an allocated DATA_BLOB, caller to free.
107 * @return Errors or MORE_PROCESSING_REQUIRED if (normal) a reply is required.
109 NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security,
110 TALLOC_CTX *out_mem_ctx,
111 const DATA_BLOB request, DATA_BLOB *reply);
114 * Next state function for the Authenticate packet (GENSEC wrapper)
116 * @param gensec_security GENSEC state
117 * @param out_mem_ctx Memory context for *out
118 * @param in The request, as a DATA_BLOB. reply.data must be NULL
119 * @param out The reply, as an allocated DATA_BLOB, caller to free.
120 * @return Errors or NT_STATUS_OK if authentication sucessful
122 NTSTATUS gensec_ntlmssp_server_auth(struct gensec_security *gensec_security,
123 TALLOC_CTX *out_mem_ctx,
124 const DATA_BLOB in, DATA_BLOB *out);
127 * Return the credentials of a logged on user, including session keys
130 * Only valid after a successful authentication
132 * May only be called once per authentication.
135 NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
137 struct auth_session_info **session_info) ;
140 * Start NTLMSSP on the server side
143 NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security);
146 * Return the challenge as determined by the authentication subsystem
147 * @return an 8 byte random challenge
150 NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
154 * Some authentication methods 'fix' the challenge, so we may not be able to set it
156 * @return If the effective challenge used by the auth subsystem may be modified
158 bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state);
161 * NTLM2 authentication modifies the effective challenge,
162 * @param challenge The new challenge value
164 NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge);
167 * Check the password on an NTLMSSP login.
169 * Return the session keys used on the connection.
172 NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
174 DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key);