return NT_STATUS_OK;
}
+static NTSTATUS gensec_ntlmssp_may_reset_crypto(struct gensec_security *gensec_security,
+ bool full_reset)
+{
+ struct gensec_ntlmssp_context *gensec_ntlmssp =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gensec_ntlmssp_context);
+ struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
+ NTSTATUS status;
+ bool reset_seqnums = full_reset;
+
+ if (!gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ return NT_STATUS_OK;
+ }
+
+ status = ntlmssp_sign_reset(ntlmssp_state, reset_seqnums);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Could not reset NTLMSSP signing/sealing system (error was: %s)\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
static const char *gensec_ntlmssp_oids[] = {
GENSEC_OID_NTLMSSP,
NULL
.server_start = gensec_ntlmssp_server_start,
.magic = gensec_ntlmssp_magic,
.update = gensec_ntlmssp_update,
+ .may_reset_crypto= gensec_ntlmssp_may_reset_crypto,
.sig_size = gensec_ntlmssp_sig_size,
.sign_packet = gensec_ntlmssp_sign_packet,
.check_packet = gensec_ntlmssp_check_packet,
/**
Initialise the state for NTLMSSP signing.
*/
-NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
+NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
+ bool reset_seqnums)
{
DEBUG(3, ("NTLMSSP Sign/Seal - Initialising with flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
- if (ntlmssp_state->session_key.length < 8) {
- DEBUG(3, ("NO session key, cannot intialise signing\n"));
- return NT_STATUS_NO_USER_SESSION_KEY;
- }
-
- ntlmssp_state->crypt = talloc_zero(ntlmssp_state,
- union ntlmssp_crypt_state);
if (ntlmssp_state->crypt == NULL) {
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_INVALID_PARAMETER_MIX;
}
if (ntlmssp_state->force_wrap_seal &&
&ntlmssp_state->crypt->ntlm2.sending.seal_state);
/* SEND: seq num */
- ntlmssp_state->crypt->ntlm2.sending.seq_num = 0;
+ if (reset_seqnums) {
+ ntlmssp_state->crypt->ntlm2.sending.seq_num = 0;
+ }
/* RECV: sign key */
calc_ntlmv2_key(ntlmssp_state->crypt->ntlm2.receiving.sign_key,
&ntlmssp_state->crypt->ntlm2.receiving.seal_state);
/* RECV: seq num */
- ntlmssp_state->crypt->ntlm2.receiving.seq_num = 0;
+ if (reset_seqnums) {
+ ntlmssp_state->crypt->ntlm2.receiving.seq_num = 0;
+ }
} else {
uint8_t weak_session_key[8];
DATA_BLOB seal_session_key = ntlmssp_state->session_key;
dump_arc4_state("NTLMv1 arc4 state:\n",
&ntlmssp_state->crypt->ntlm.seal_state);
- ntlmssp_state->crypt->ntlm.seq_num = 0;
+ if (reset_seqnums) {
+ ntlmssp_state->crypt->ntlm.seq_num = 0;
+ }
}
return NT_STATUS_OK;
}
+
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
+{
+ if (ntlmssp_state->session_key.length < 8) {
+ DEBUG(3, ("NO session key, cannot intialise signing\n"));
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+
+ ntlmssp_state->crypt = talloc_zero(ntlmssp_state,
+ union ntlmssp_crypt_state);
+ if (ntlmssp_state->crypt == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return ntlmssp_sign_reset(ntlmssp_state, true);
+}