2 Unix SMB/Netbios implementation.
4 handle NLTMSSP, server side
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Andrew Bartlett 2001-2003
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 * Default challange generation code.
32 static const uint8 *get_challenge(struct ntlmssp_state *ntlmssp_state)
35 generate_random_buffer(chal, sizeof(chal), False);
40 static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
41 uint32 neg_flags, uint32 *chal_flags)
43 if (neg_flags & NTLMSSP_REQUEST_TARGET) {
44 *chal_flags |= NTLMSSP_CHAL_TARGET_INFO;
45 *chal_flags |= NTLMSSP_REQUEST_TARGET;
46 if (ntlmssp_state->server_role == ROLE_STANDALONE) {
47 *chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
48 return ntlmssp_state->get_global_myname();
50 *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
51 return ntlmssp_state->get_domain();
58 static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
59 DATA_BLOB request, DATA_BLOB *reply)
61 DATA_BLOB struct_blob;
62 fstring dnsname, dnsdomname;
63 uint32 ntlmssp_command, neg_flags, chal_flags;
64 char *cliname=NULL, *domname=NULL;
65 const uint8 *cryptkey;
66 const char *target_name;
68 /* parse the NTLMSSP packet */
70 file_save("ntlmssp_negotiate.dat", request.data, request.length);
73 if (!msrpc_parse(&request, "CddAA",
79 return NT_STATUS_LOGON_FAILURE;
85 debug_ntlmssp_flags(neg_flags);
87 cryptkey = ntlmssp_state->get_challenge(ntlmssp_state);
89 data_blob_free(&ntlmssp_state->chal);
90 ntlmssp_state->chal = data_blob(cryptkey, 8);
92 /* Give them the challenge. For now, ignore neg_flags and just
93 return the flags we want. Obviously this is not correct */
96 NTLMSSP_NEGOTIATE_128 |
97 NTLMSSP_NEGOTIATE_NTLM;
99 if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
100 chal_flags |= NTLMSSP_NEGOTIATE_UNICODE;
101 ntlmssp_state->unicode = True;
103 chal_flags |= NTLMSSP_NEGOTIATE_OEM;
106 target_name = ntlmssp_target_name(ntlmssp_state,
107 neg_flags, &chal_flags);
109 /* This should be a 'netbios domain -> DNS domain' mapping */
110 dnsdomname[0] = '\0';
111 get_mydomname(dnsdomname);
112 strlower(dnsdomname);
115 get_myfullname(dnsname);
118 if (chal_flags & NTLMSSP_CHAL_TARGET_INFO)
120 const char *target_name_dns = "";
121 if (chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN) {
122 target_name_dns = dnsdomname;
123 } else if (chal_flags |= NTLMSSP_TARGET_TYPE_SERVER) {
124 target_name_dns = dnsname;
127 /* the numbers here are the string type flags */
128 msrpc_gen(&struct_blob, "aaaaa",
129 ntlmssp_state->unicode, NTLMSSP_NAME_TYPE_DOMAIN, target_name,
130 ntlmssp_state->unicode, NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
131 ntlmssp_state->unicode, NTLMSSP_NAME_TYPE_DOMAIN_DNS, target_name_dns,
132 ntlmssp_state->unicode, NTLMSSP_NAME_TYPE_SERVER_DNS, dnsdomname,
133 ntlmssp_state->unicode, 0, "");
135 struct_blob = data_blob(NULL, 0);
139 const char *gen_string;
140 if (ntlmssp_state->unicode) {
141 gen_string = "CdUdbddB";
143 gen_string = "CdAdbddB";
146 msrpc_gen(reply, gen_string,
153 struct_blob.data, struct_blob.length);
156 data_blob_free(&struct_blob);
158 return NT_STATUS_MORE_PROCESSING_REQUIRED;
161 static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
162 DATA_BLOB request, DATA_BLOB *reply)
165 uint32 ntlmssp_command, neg_flags;
168 const char *parse_string;
170 /* parse the NTLMSSP packet */
172 file_save("ntlmssp_auth.dat", request.data, request.length);
175 if (ntlmssp_state->unicode) {
176 parse_string = "CdBBUUUBd";
178 parse_string = "CdBBAAABd";
181 data_blob_free(&ntlmssp_state->lm_resp);
182 data_blob_free(&ntlmssp_state->nt_resp);
184 SAFE_FREE(ntlmssp_state->user);
185 SAFE_FREE(ntlmssp_state->domain);
186 SAFE_FREE(ntlmssp_state->workstation);
188 /* now the NTLMSSP encoded auth hashes */
189 if (!msrpc_parse(&request, parse_string,
192 &ntlmssp_state->lm_resp,
193 &ntlmssp_state->nt_resp,
194 &ntlmssp_state->domain,
195 &ntlmssp_state->user,
196 &ntlmssp_state->workstation,
199 return NT_STATUS_LOGON_FAILURE;
202 data_blob_free(&sess_key);
204 DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%d len2=%d\n",
205 ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->workstation, ntlmssp_state->lm_resp.length, ntlmssp_state->nt_resp.length));
208 file_save("nthash1.dat", &ntlmssp_state->nt_resp.data, &ntlmssp_state->nt_resp.length);
209 file_save("lmhash1.dat", &ntlmssp_state->lm_resp.data, &ntlmssp_state->lm_resp.length);
212 nt_status = ntlmssp_state->check_password(ntlmssp_state);
214 *reply = data_blob(NULL, 0);
219 NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
223 mem_ctx = talloc_init("NTLMSSP context");
225 *ntlmssp_state = talloc_zero(mem_ctx, sizeof(**ntlmssp_state));
226 if (!*ntlmssp_state) {
227 DEBUG(0,("ntlmssp_start: talloc failed!\n"));
228 talloc_destroy(mem_ctx);
229 return NT_STATUS_NO_MEMORY;
232 ZERO_STRUCTP(*ntlmssp_state);
234 (*ntlmssp_state)->mem_ctx = mem_ctx;
235 (*ntlmssp_state)->get_challenge = get_challenge;
237 (*ntlmssp_state)->get_global_myname = global_myname;
238 (*ntlmssp_state)->get_domain = lp_workgroup;
239 (*ntlmssp_state)->server_role = ROLE_DOMAIN_MEMBER; /* a good default */
244 NTSTATUS ntlmssp_server_end(NTLMSSP_STATE **ntlmssp_state)
246 TALLOC_CTX *mem_ctx = (*ntlmssp_state)->mem_ctx;
248 data_blob_free(&(*ntlmssp_state)->chal);
249 data_blob_free(&(*ntlmssp_state)->lm_resp);
250 data_blob_free(&(*ntlmssp_state)->nt_resp);
252 SAFE_FREE((*ntlmssp_state)->user);
253 SAFE_FREE((*ntlmssp_state)->domain);
254 SAFE_FREE((*ntlmssp_state)->workstation);
256 talloc_destroy(mem_ctx);
257 *ntlmssp_state = NULL;
261 NTSTATUS ntlmssp_server_update(NTLMSSP_STATE *ntlmssp_state,
262 DATA_BLOB request, DATA_BLOB *reply)
264 uint32 ntlmssp_command;
265 *reply = data_blob(NULL, 0);
267 if (!msrpc_parse(&request, "Cd",
271 return NT_STATUS_LOGON_FAILURE;
274 if (ntlmssp_command == NTLMSSP_NEGOTIATE) {
275 return ntlmssp_server_negotiate(ntlmssp_state, request, reply);
276 } else if (ntlmssp_command == NTLMSSP_AUTH) {
277 return ntlmssp_server_auth(ntlmssp_state, request, reply);
279 return NT_STATUS_LOGON_FAILURE;