2 Unix SMB/CIFS implementation.
4 dcerpc authentication operations
6 Copyright (C) Andrew Tridgell 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 do a simple ntlm style authentication on a dcerpc pipe
28 NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
29 const char *uuid, unsigned version,
35 struct ntlmssp_state *state;
37 DATA_BLOB credentials;
39 mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
41 return NT_STATUS_NO_MEMORY;
44 status = ntlmssp_client_start(&state);
45 if (!NT_STATUS_IS_OK(status)) {
49 status = ntlmssp_set_domain(state, domain);
50 if (!NT_STATUS_IS_OK(status)) {
54 status = ntlmssp_set_username(state, username);
55 if (!NT_STATUS_IS_OK(status)) {
59 status = ntlmssp_set_password(state, password);
60 if (!NT_STATUS_IS_OK(status)) {
64 p->auth_info = talloc(p->mem_ctx, sizeof(*p->auth_info));
66 status = NT_STATUS_NO_MEMORY;
70 p->auth_info->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
72 if (p->flags & DCERPC_SEAL) {
73 p->auth_info->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
74 state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL;
75 } else if (p->flags & DCERPC_SIGN) {
76 state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
77 p->auth_info->auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
79 state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
80 p->auth_info->auth_level = DCERPC_AUTH_LEVEL_NONE;
82 p->auth_info->auth_pad_length = 0;
83 p->auth_info->auth_reserved = 0;
84 p->auth_info->auth_context_id = random();
85 p->auth_info->credentials = data_blob(NULL, 0);
86 p->ntlmssp_state = NULL;
88 status = ntlmssp_update(state,
89 p->auth_info->credentials,
91 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
95 p->auth_info->credentials = data_blob_talloc(mem_ctx,
98 data_blob_free(&credentials);
100 status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
101 if (!NT_STATUS_IS_OK(status)) {
106 status = ntlmssp_update(state,
107 p->auth_info->credentials,
109 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
113 p->auth_info->credentials = data_blob_talloc(mem_ctx,
116 data_blob_free(&credentials);
118 status = dcerpc_auth3(p, mem_ctx);
120 if (!NT_STATUS_IS_OK(status)) {
124 p->ntlmssp_state = state;
126 switch (p->auth_info->auth_level) {
127 case DCERPC_AUTH_LEVEL_PRIVACY:
128 case DCERPC_AUTH_LEVEL_INTEGRITY:
129 /* setup for signing */
130 status = ntlmssp_sign_init(state);
135 talloc_destroy(mem_ctx);
137 if (!NT_STATUS_IS_OK(status)) {
138 p->ntlmssp_state = NULL;
147 do a non-athenticated dcerpc bind
149 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
150 const char *uuid, unsigned version)
155 mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
157 return NT_STATUS_NO_MEMORY;
160 status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
161 talloc_destroy(mem_ctx);