-/*
+/*
Unix SMB/Netbios implementation.
Version 3.0
handle NLTMSSP, server side
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
-static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
+static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB reply, DATA_BLOB *next_request);
static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB in, DATA_BLOB *out);
-static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
+static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB reply, DATA_BLOB *next_request);
static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB request, DATA_BLOB *reply);
/**
* Callbacks for NTLMSSP - for both client and server operating modes
- *
+ *
*/
static const struct ntlmssp_callbacks {
enum NTLMSSP_ROLE role;
enum NTLM_MESSAGE_TYPE ntlmssp_command;
- NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state,
+ NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB in, DATA_BLOB *out);
} ntlmssp_callbacks[] = {
{NTLMSSP_CLIENT, NTLMSSP_INITIAL, ntlmssp_client_initial},
/**
- * Print out the NTLMSSP flags for debugging
+ * Print out the NTLMSSP flags for debugging
* @param neg_flags The flags from the packet
*/
{
DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
- if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
+ if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n"));
- if (neg_flags & NTLMSSP_REQUEST_TARGET)
+ if (neg_flags & NTLMSSP_REQUEST_TARGET)
DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
+ if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
+ if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+ if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
+ if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
+ if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
+ if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
+ if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
+ if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE)
DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n"));
if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY)
DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
+ if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
- if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
+ if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_VERSION)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_VERSION\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_128)
+ if (neg_flags & NTLMSSP_NEGOTIATE_128)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
+ if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_56)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n"));
return NT_STATUS_OK;
}
-/**
- * Set a username on an NTLMSSP context - ensures it is talloc()ed
+/**
+ * Set a username on an NTLMSSP context - ensures it is talloc()ed
*
*/
-NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user)
+NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user)
{
ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" );
if (!ntlmssp_state->user) {
return NT_STATUS_OK;
}
-/**
- * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed
+/**
+ * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed
*
*/
NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state,
const unsigned char lm_hash[16],
- const unsigned char nt_hash[16])
+ const unsigned char nt_hash[16])
{
ntlmssp_state->lm_hash = (unsigned char *)
TALLOC_MEMDUP(ntlmssp_state, lm_hash, 16);
return NT_STATUS_OK;
}
-/**
+/**
* Converts a password to the hashes on an NTLMSSP context.
*
*/
-NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password)
+NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password)
{
if (!password) {
ntlmssp_state->lm_hash = NULL;
return NT_STATUS_OK;
}
-/**
- * Set a domain on an NTLMSSP context - ensures it is talloc()ed
+/**
+ * Set a domain on an NTLMSSP context - ensures it is talloc()ed
*
*/
-NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain)
+NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain)
{
ntlmssp_state->domain = talloc_strdup(ntlmssp_state,
domain ? domain : "" );
return NT_STATUS_OK;
}
-/**
- * Set a workstation on an NTLMSSP context - ensures it is talloc()ed
+/**
+ * Set a workstation on an NTLMSSP context - ensures it is talloc()ed
*
*/
-NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation)
+NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation)
{
ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
if (!ntlmssp_state->workstation) {
*/
NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state,
- DATA_BLOB response)
+ DATA_BLOB response)
{
ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state,
response.data,
/**
* Next state function for the NTLMSSP state machine
- *
+ *
* @param ntlmssp_state NTLMSSP State
* @param in The packet in from the NTLMSSP partner, as a DATA_BLOB
* @param out The reply, as an allocated DATA_BLOB, caller to free.
- * @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK.
+ * @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK.
*/
-NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
- const DATA_BLOB in, DATA_BLOB *out)
+NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
+ const DATA_BLOB in, DATA_BLOB *out)
{
DATA_BLOB input;
uint32 ntlmssp_command;
}
for (i=0; ntlmssp_callbacks[i].fn; i++) {
- if (ntlmssp_callbacks[i].role == ntlmssp_state->role
+ if (ntlmssp_callbacks[i].role == ntlmssp_state->role
&& ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) {
return ntlmssp_callbacks[i].fn(ntlmssp_state, input, out);
}
}
- DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n",
- ntlmssp_state->role, ntlmssp_command));
+ DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n",
+ ntlmssp_state->role, ntlmssp_command));
return NT_STATUS_INVALID_PARAMETER;
}
/**
* End an NTLMSSP state machine
- *
+ *
* @param ntlmssp_state NTLMSSP State, free()ed by this function
*/
}
/**
- * Determine correct target name flags for reply, given server role
+ * Determine correct target name flags for reply, given server role
* and negotiated flags
- *
+ *
* @param ntlmssp_state NTLMSSP State
* @param neg_flags The flags from the packet
* @param chal_flags The flags to be set in the reply packet
*/
static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
- uint32 neg_flags, uint32 *chal_flags)
+ uint32 neg_flags, uint32 *chal_flags)
{
if (neg_flags & NTLMSSP_REQUEST_TARGET) {
*chal_flags |= NTLMSSP_CHAL_TARGET_INFO;
*/
static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
- const DATA_BLOB request, DATA_BLOB *reply)
+ const DATA_BLOB request, DATA_BLOB *reply)
{
DATA_BLOB struct_blob;
const char *dnsname;
* @param ntlmssp_state NTLMSSP State
* @param request The request, as a DATA_BLOB
* @param request The reply, as an allocated DATA_BLOB, caller to free.
- * @return Errors or NT_STATUS_OK.
+ * @return Errors or NT_STATUS_OK.
*/
static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
- const DATA_BLOB request, DATA_BLOB *reply)
+ const DATA_BLOB request, DATA_BLOB *reply)
{
DATA_BLOB encrypted_session_key = data_blob_null;
DATA_BLOB user_session_key = data_blob_null;
/* now the NTLMSSP encoded auth hashes */
if (!msrpc_parse(ntlmssp_state, &request, parse_string,
- "NTLMSSP",
- &ntlmssp_command,
+ "NTLMSSP",
+ &ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- &ntlmssp_state->domain,
- &ntlmssp_state->user,
+ &ntlmssp_state->domain,
+ &ntlmssp_state->user,
&ntlmssp_state->workstation,
&encrypted_session_key,
&auth_flags)) {
/* now the NTLMSSP encoded auth hashes */
if (!msrpc_parse(ntlmssp_state, &request, parse_string,
- "NTLMSSP",
- &ntlmssp_command,
+ "NTLMSSP",
+ &ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- &ntlmssp_state->domain,
- &ntlmssp_state->user,
+ &ntlmssp_state->domain,
+ &ntlmssp_state->user,
&ntlmssp_state->workstation)) {
DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n"));
dump_data(2, request.data, request.length);
file_save("lmhash1.dat", &ntlmssp_state->lm_resp.data, &ntlmssp_state->lm_resp.length);
#endif
- /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a
- client challenge
+ /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a
+ client challenge
However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful.
*/
/* Finally, actually ask if the password is OK */
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state,
+ if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state,
&user_session_key, &lm_session_key))) {
data_blob_free(&encrypted_session_key);
return nt_status;
if (user_session_key.data && user_session_key.length == 16) {
session_key = data_blob_talloc(ntlmssp_state,
NULL, 16);
- hmac_md5(user_session_key.data, session_nonce,
+ hmac_md5(user_session_key.data, session_nonce,
sizeof(session_nonce), session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n"));
dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
if (session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
+ SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data,
session_key.data);
DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
} else {
session_key = data_blob_null;
}
- /* With KEY_EXCH, the client supplies the proposed session key,
+ /* With KEY_EXCH, the client supplies the proposed session key,
but encrypts it with the long-term key */
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
if (!encrypted_session_key.data || encrypted_session_key.length != 16) {
data_blob_free(&encrypted_session_key);
- DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n",
+ DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n",
(unsigned int)encrypted_session_key.length));
return NT_STATUS_INVALID_PARAMETER;
} else if (!session_key.data || session_key.length != 16) {
- DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n",
+ DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n",
(unsigned int)session_key.length));
ntlmssp_state->session_key = session_key;
} else {
dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length);
- arcfour_crypt_blob(encrypted_session_key.data,
- encrypted_session_key.length,
+ arcfour_crypt_blob(encrypted_session_key.data,
+ encrypted_session_key.length,
&session_key);
ntlmssp_state->session_key = data_blob_talloc(
ntlmssp_state, encrypted_session_key.data,
encrypted_session_key.length);
- dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data,
+ dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data,
encrypted_session_key.length);
}
} else {
/**
* Create an NTLMSSP state machine
- *
+ *
* @param ntlmssp_state NTLMSSP State, allocated by this function
*/
(*ntlmssp_state)->ref_count = 1;
- (*ntlmssp_state)->neg_flags =
+ (*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_56 |
NTLMSSP_NEGOTIATE_VERSION |
/**
* Next state function for the Initial packet
- *
+ *
* @param ntlmssp_state NTLMSSP State
* @param request The request, as a DATA_BLOB. reply.data must be NULL
* @param request The reply, as an allocated DATA_BLOB, caller to free.
- * @return Errors or NT_STATUS_OK.
+ * @return Errors or NT_STATUS_OK.
*/
-static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
- DATA_BLOB reply, DATA_BLOB *next_request)
+static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
+ DATA_BLOB reply, DATA_BLOB *next_request)
{
if (ntlmssp_state->unicode) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
"NTLMSSP",
NTLMSSP_NEGOTIATE,
ntlmssp_state->neg_flags,
- ntlmssp_state->get_domain(),
+ ntlmssp_state->get_domain(),
ntlmssp_state->get_global_myname());
ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
/**
* Next state function for the Challenge Packet. Generate an auth packet.
- *
+ *
* @param ntlmssp_state NTLMSSP State
* @param request The request, as a DATA_BLOB. reply.data must be NULL
* @param request The reply, as an allocated DATA_BLOB, caller to free.
- * @return Errors or NT_STATUS_OK.
+ * @return Errors or NT_STATUS_OK.
*/
-static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
- const DATA_BLOB reply, DATA_BLOB *next_request)
+static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
+ const DATA_BLOB reply, DATA_BLOB *next_request)
{
uint32 chal_flags, ntlmssp_command, unkn1, unkn2;
DATA_BLOB server_domain_blob;
if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
"NTLMSSP",
- &ntlmssp_command,
+ &ntlmssp_command,
&server_domain_blob,
&chal_flags)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
if (!msrpc_parse(ntlmssp_state, &reply, chal_parse_string,
"NTLMSSP",
- &ntlmssp_command,
+ &ntlmssp_command,
&server_domain,
&chal_flags,
&challenge_blob, 8,
/* TODO: if the remote server is standalone, then we should replace 'domain'
with the server name as supplied above */
- if (!SMBNTLMv2encrypt_hash(ntlmssp_state,
- ntlmssp_state->user,
- ntlmssp_state->domain,
- ntlmssp_state->nt_hash, &challenge_blob,
- &struct_blob,
+ if (!SMBNTLMv2encrypt_hash(ntlmssp_state,
+ ntlmssp_state->user,
+ ntlmssp_state->domain,
+ ntlmssp_state->nt_hash, &challenge_blob,
+ &struct_blob,
&lm_response, &nt_response, NULL,
&session_key)) {
data_blob_free(&challenge_blob);
nt_response.data);
session_key = data_blob_talloc(ntlmssp_state, NULL, 16);
- if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+ if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
&& lp_client_lanman_auth()) {
SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data,
session_key.data);
}
/* this generates the actual auth packet */
- if (!msrpc_gen(ntlmssp_state, next_request, auth_gen_string,
- "NTLMSSP",
- NTLMSSP_AUTH,
+ if (!msrpc_gen(ntlmssp_state, next_request, auth_gen_string,
+ "NTLMSSP",
+ NTLMSSP_AUTH,
lm_response.data, lm_response.length,
nt_response.data, nt_response.length,
- ntlmssp_state->domain,
- ntlmssp_state->user,
- ntlmssp_state->get_global_myname(),
+ ntlmssp_state->domain,
+ ntlmssp_state->user,
+ ntlmssp_state->get_global_myname(),
encrypted_session_key.data, encrypted_session_key.length,
ntlmssp_state->neg_flags)) {
(*ntlmssp_state)->ref_count = 1;
- (*ntlmssp_state)->neg_flags =
+ (*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_NTLM |
-/*
+/*
* Unix SMB/CIFS implementation.
* Version 3.0
* NTLMSSP Signing routines
* Copyright (C) Andrew Bartlett 2003-2005
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
*
*/
-static void dump_arc4_state(const char *description,
+static void dump_arc4_state(const char *description,
struct arcfour_state *state)
{
dump_data_pw(description, state->sbox, sizeof(state->sbox));
};
static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
- const uchar *data, size_t length,
+ const uchar *data, size_t length,
const uchar *whole_pdu, size_t pdu_length,
enum ntlmssp_direction direction,
DATA_BLOB *sig,
if (!msrpc_gen(ntlmssp_state, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
return NT_STATUS_NO_MEMORY;
}
-
+
ntlmssp_state->ntlmv1_seq_num++;
dump_arc4_state("ntlmssp hash: \n", &ntlmssp_state->ntlmv1_arc4_state);
}
NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
- const uchar *data, size_t length,
- const uchar *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig)
+ const uchar *data, size_t length,
+ const uchar *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig)
{
NTSTATUS nt_status;
}
/**
- * Check the signature of an incoming packet
- * @note caller *must* check that the signature is the size it expects
+ * Check the signature of an incoming packet
+ * @note caller *must* check that the signature is the size it expects
*
*/
NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
- const uchar *data, size_t length,
- const uchar *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig)
+ const uchar *data, size_t length,
+ const uchar *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig)
{
DATA_BLOB local_sig;
NTSTATUS nt_status;
}
if (sig->length < 8) {
- DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n",
+ DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n",
(unsigned long)sig->length));
}
data, length,
whole_pdu, pdu_length,
NTLMSSP_RECEIVE, &local_sig, True);
-
+
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
data_blob_free(&local_sig);
return nt_status;
}
-
+
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
if (local_sig.length != sig->length ||
memcmp(local_sig.data, sig->data, sig->length) != 0) {
uchar *data, size_t length,
uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
-{
+{
if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
return NT_STATUS_INVALID_PARAMETER;
/* The order of these two operations matters - we must first seal the packet,
then seal the sequence number - this is becouse the ntlmv1_arc4_state is not
constant, but is is rather updated with each iteration */
-
- dump_arc4_state("ntlmv1 arc4 state:\n",
+
+ dump_arc4_state("ntlmv1 arc4 state:\n",
&ntlmssp_state->ntlmv1_arc4_state);
arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length);
- dump_arc4_state("ntlmv1 arc4 state:\n",
+ dump_arc4_state("ntlmv1 arc4 state:\n",
&ntlmssp_state->ntlmv1_arc4_state);
arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4);
send_seal_key_blob.data = ntlmssp_state->send_seal_key;
send_seal_key_blob.length = 16;
- arcfour_init(&ntlmssp_state->send_seal_arc4_state,
+ arcfour_init(&ntlmssp_state->send_seal_arc4_state,
&send_seal_key_blob);
- dump_arc4_state("NTLMSSP send seal arc4 state:\n",
+ dump_arc4_state("NTLMSSP send seal arc4 state:\n",
&ntlmssp_state->send_seal_arc4_state);
/* RECV: sign key */
/* RECV: seal ARCFOUR pad */
calc_ntlmv2_key(ntlmssp_state->recv_seal_key,
weak_session_key, recv_seal_const);
-
+
dump_data_pw("NTLMSSP recv seal key:\n",
ntlmssp_state->recv_seal_key, 16);
-
+
recv_seal_blob.data = ntlmssp_state->recv_seal_key;
recv_seal_blob.length = 16;
arcfour_init(&ntlmssp_state->recv_seal_arc4_state,
&recv_seal_blob);
- dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
+ dump_arc4_state("NTLMSSP recv seal arc4 state:\n",
&ntlmssp_state->recv_seal_arc4_state);
ntlmssp_state->ntlm2_send_seq_num = 0;
DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n"));
- arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
+ arcfour_init(&ntlmssp_state->ntlmv1_arc4_state,
&weak_session_key);
- dump_arc4_state("NTLMv1 arc4 state:\n",
+ dump_arc4_state("NTLMv1 arc4 state:\n",
&ntlmssp_state->ntlmv1_arc4_state);
ntlmssp_state->ntlmv1_seq_num = 0;
git.samba.org / abartlet / samba.git / .git / commitdiff