4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Andrew Bartlett 2001-2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libcli/auth/ntlmssp.h"
23 #include "ntlmssp_wrap.h"
24 #include "auth/gensec/gensec.h"
26 NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans,
27 TALLOC_CTX *sig_mem_ctx,
30 const uint8_t *whole_pdu,
34 if (ans->gensec_security) {
35 return gensec_sign_packet(ans->gensec_security,
36 sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
38 return ntlmssp_sign_packet(ans->ntlmssp_state,
41 whole_pdu, pdu_length,
45 NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans,
48 const uint8_t *whole_pdu,
52 if (ans->gensec_security) {
53 return gensec_check_packet(ans->gensec_security,
54 data, length, whole_pdu, pdu_length, sig);
56 return ntlmssp_check_packet(ans->ntlmssp_state,
58 whole_pdu, pdu_length,
62 NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans,
63 TALLOC_CTX *sig_mem_ctx,
66 const uint8_t *whole_pdu,
70 if (ans->gensec_security) {
71 return gensec_seal_packet(ans->gensec_security,
72 sig_mem_ctx, data, length, whole_pdu, pdu_length, sig);
74 return ntlmssp_seal_packet(ans->ntlmssp_state,
77 whole_pdu, pdu_length,
81 NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
84 const uint8_t *whole_pdu,
88 if (ans->gensec_security) {
89 return gensec_unseal_packet(ans->gensec_security,
90 data, length, whole_pdu, pdu_length, sig);
92 return ntlmssp_unseal_packet(ans->ntlmssp_state,
94 whole_pdu, pdu_length,
98 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans)
100 if (ans->gensec_security) {
101 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
103 return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN;
106 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
108 if (ans->gensec_security) {
109 return gensec_have_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
111 return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
114 /* Needed for 'smb username' processing */
115 const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
117 if (ans->gensec_security) {
118 return ""; /* We can't get at this value, and it's just for the %U macros */
120 return ans->ntlmssp_state->user;
123 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
126 return ntlmssp_set_username(ans->ntlmssp_state, user);
129 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,
132 return ntlmssp_set_domain(ans->ntlmssp_state, domain);
135 NTSTATUS auth_ntlmssp_set_password(struct auth_ntlmssp_state *ans,
136 const char *password)
138 return ntlmssp_set_password(ans->ntlmssp_state, password);
141 void auth_ntlmssp_and_flags(struct auth_ntlmssp_state *ans, uint32_t flags)
143 ans->ntlmssp_state->neg_flags &= flags;
146 void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature)
148 if (ans->gensec_security) {
149 /* You need to negotiate signing to get a windows server to calculate a session key */
150 if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
151 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SESSION_KEY);
153 if (feature & NTLMSSP_FEATURE_SIGN) {
154 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SIGN);
156 if (feature & NTLMSSP_FEATURE_SEAL) {
157 return gensec_want_feature(ans->gensec_security, GENSEC_FEATURE_SEAL);
160 ntlmssp_want_feature(ans->ntlmssp_state, feature);
164 DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx)
166 if (ans->gensec_security) {
167 DATA_BLOB session_key;
168 NTSTATUS status = gensec_session_key(ans->gensec_security, mem_ctx, &session_key);
169 if (NT_STATUS_IS_OK(status)) {
172 return data_blob_null;
175 return data_blob_talloc(mem_ctx, ans->ntlmssp_state->session_key.data, ans->ntlmssp_state->session_key.length);
178 NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
180 const DATA_BLOB request, DATA_BLOB *reply)
183 if (ans->gensec_security) {
184 return gensec_update(ans->gensec_security, mem_ctx, request, reply);
186 status = ntlmssp_update(ans->ntlmssp_state, request, reply);
187 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
190 talloc_steal(mem_ctx, reply->data);
194 NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx,
195 const char *netbios_name,
196 const char *netbios_domain,
198 struct auth_ntlmssp_state **_ans)
200 struct auth_ntlmssp_state *ans;
203 ans = talloc_zero(mem_ctx, struct auth_ntlmssp_state);
205 status = ntlmssp_client_start(ans,
206 netbios_name, netbios_domain,
207 use_ntlmv2, &ans->ntlmssp_state);
208 if (!NT_STATUS_IS_OK(status)) {