#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
#include "../libcli/auth/ntlmssp.h"
+#include "ntlmssp_wrap.h"
#include "rpc_client/cli_netlogon.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/rpc/dcerpc.h"
return NT_STATUS_OK;
}
- if (!cli->auth->a_u.ntlmssp_state) {
+ if (!cli->auth->a_u.auth_ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
- status = ntlmssp_unseal_packet(
- cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_unseal_packet(
+ cli->auth->a_u.auth_ntlmssp_state,
pdu->data + DCERPC_RESPONSE_LENGTH,
pkt->frag_length
- DCERPC_RESPONSE_LENGTH
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = ntlmssp_check_packet(
- cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_check_packet(
+ cli->auth->a_u.auth_ntlmssp_state,
pdu->data + DCERPC_RESPONSE_LENGTH,
pkt->frag_length
- DCERPC_RESPONSE_LENGTH
const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_update(cli->auth->a_u.auth_ntlmssp_state,
null_blob,
&request);
DATA_BLOB request = data_blob_null;
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_update(cli->auth->a_u.auth_ntlmssp_state,
null_blob,
&request);
DATA_BLOB auth_blob = data_blob_null;
uint16_t data_and_pad_len = rpc_out->length - DCERPC_RESPONSE_LENGTH;
- if (!cli->auth->a_u.ntlmssp_state) {
+ if (!cli->auth->a_u.auth_ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_seal_packet(cli->auth->a_u.auth_ntlmssp_state,
rpc_out->data,
rpc_out->data
+ DCERPC_RESPONSE_LENGTH,
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_sign_packet(cli->auth->a_u.auth_ntlmssp_state,
rpc_out->data,
rpc_out->data
+ DCERPC_RESPONSE_LENGTH,
struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct rpc_pipe_client *cli,
- struct cli_pipe_auth_data *auth)
+ struct pipe_auth_data *auth)
{
struct tevent_req *req, *subreq;
struct rpc_pipe_bind_state *state;
/* TODO - check auth_type/auth_level match. */
- status = ntlmssp_update(state->cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_update(state->cli->auth->a_u.auth_ntlmssp_state,
auth.credentials, &client_reply);
if (!NT_STATUS_IS_OK(status)) {
/* We're finished with the server spnego response and the tmp_blob. */
data_blob_free(&tmp_blob);
- status = ntlmssp_update(state->cli->auth->a_u.ntlmssp_state,
+ status = auth_ntlmssp_update(state->cli->auth->a_u.auth_ntlmssp_state,
server_ntlm_response, &client_reply);
/* Finished with the server_ntlm response */
}
NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
- struct cli_pipe_auth_data *auth)
+ struct pipe_auth_data *auth)
{
TALLOC_CTX *frame = talloc_stackframe();
struct event_context *ev;
if ((rpc_cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP)
|| (rpc_cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)) {
- memcpy(nt_hash, rpc_cli->auth->a_u.ntlmssp_state->nt_hash, 16);
+ memcpy(nt_hash, auth_ntlmssp_get_nt_hash(rpc_cli->auth->a_u.auth_ntlmssp_state), 16);
return true;
}
}
NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
- struct cli_pipe_auth_data **presult)
+ struct pipe_auth_data **presult)
{
- struct cli_pipe_auth_data *result;
+ struct pipe_auth_data *result;
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ result = talloc(mem_ctx, struct pipe_auth_data);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
-static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth)
+static int cli_auth_ntlmssp_data_destructor(struct pipe_auth_data *auth)
{
- TALLOC_FREE(auth->a_u.ntlmssp_state);
+ TALLOC_FREE(auth->a_u.auth_ntlmssp_state);
return 0;
}
const char *domain,
const char *username,
const char *password,
- struct cli_pipe_auth_data **presult)
+ struct pipe_auth_data **presult)
{
- struct cli_pipe_auth_data *result;
+ struct pipe_auth_data *result;
NTSTATUS status;
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ result = talloc(mem_ctx, struct pipe_auth_data);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
goto fail;
}
- status = ntlmssp_client_start(NULL,
+ status = auth_ntlmssp_client_start(NULL,
global_myname(),
lp_workgroup(),
lp_client_ntlmv2_auth(),
- &result->a_u.ntlmssp_state);
+ &result->a_u.auth_ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
- status = ntlmssp_set_username(result->a_u.ntlmssp_state, username);
+ status = auth_ntlmssp_set_username(result->a_u.auth_ntlmssp_state,
+ username);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- status = ntlmssp_set_domain(result->a_u.ntlmssp_state, domain);
+ status = auth_ntlmssp_set_domain(result->a_u.auth_ntlmssp_state,
+ domain);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
- status = ntlmssp_set_password(result->a_u.ntlmssp_state, password);
+ status = auth_ntlmssp_set_password(result->a_u.auth_ntlmssp_state,
+ password);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
/*
* Turn off sign+seal to allow selected auth level to turn it back on.
*/
- result->a_u.ntlmssp_state->neg_flags &=
- ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
+ auth_ntlmssp_and_flags(result->a_u.auth_ntlmssp_state,
+ ~(NTLMSSP_NEGOTIATE_SIGN |
+ NTLMSSP_NEGOTIATE_SEAL));
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ auth_ntlmssp_or_flags(result->a_u.auth_ntlmssp_state,
+ NTLMSSP_NEGOTIATE_SIGN);
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- result->a_u.ntlmssp_state->neg_flags
- |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
+ auth_ntlmssp_or_flags(result->a_u.auth_ntlmssp_state,
+ NTLMSSP_NEGOTIATE_SEAL |
+ NTLMSSP_NEGOTIATE_SIGN);
}
*presult = result;
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
enum dcerpc_AuthLevel auth_level,
struct netlogon_creds_CredentialState *creds,
- struct cli_pipe_auth_data **presult)
+ struct pipe_auth_data **presult)
{
- struct cli_pipe_auth_data *result;
+ struct pipe_auth_data *result;
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ result = talloc(mem_ctx, struct pipe_auth_data);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
const char *service_princ,
const char *username,
const char *password,
- struct cli_pipe_auth_data **presult)
+ struct pipe_auth_data **presult)
{
#ifdef HAVE_KRB5
- struct cli_pipe_auth_data *result;
+ struct pipe_auth_data *result;
if ((username != NULL) && (password != NULL)) {
int ret = kerberos_kinit_password(username, password, 0, NULL);
}
}
- result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ result = talloc(mem_ctx, struct pipe_auth_data);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
{
NTSTATUS status;
struct rpc_pipe_client *epm_pipe = NULL;
- struct cli_pipe_auth_data *auth = NULL;
+ struct pipe_auth_data *auth = NULL;
struct dcerpc_binding *map_binding = NULL;
struct dcerpc_binding *res_binding = NULL;
struct epm_twr_t *map_tower = NULL;
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
- struct cli_pipe_auth_data *auth;
+ struct pipe_auth_data *auth;
NTSTATUS status;
result = talloc(mem_ctx, struct rpc_pipe_client);
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
- struct cli_pipe_auth_data *auth;
+ struct pipe_auth_data *auth;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
- struct cli_pipe_auth_data *auth;
+ struct pipe_auth_data *auth;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
- struct cli_pipe_auth_data *auth;
+ struct pipe_auth_data *auth;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, transport, interface, &result);
{
#ifdef HAVE_KRB5
struct rpc_pipe_client *result;
- struct cli_pipe_auth_data *auth;
+ struct pipe_auth_data *auth;
NTSTATUS status;
status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result);
struct rpc_pipe_client *cli,
DATA_BLOB *session_key)
{
+ DATA_BLOB sk;
+
if (!session_key || !cli) {
return NT_STATUS_INVALID_PARAMETER;
}
break;
case PIPE_AUTH_TYPE_NTLMSSP:
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- *session_key = data_blob_talloc(mem_ctx,
- cli->auth->a_u.ntlmssp_state->session_key.data,
- cli->auth->a_u.ntlmssp_state->session_key.length);
+ sk = auth_ntlmssp_get_session_key(cli->auth->a_u.auth_ntlmssp_state);
+ *session_key = data_blob_dup_talloc(mem_ctx, &sk);
break;
case PIPE_AUTH_TYPE_KRB5:
case PIPE_AUTH_TYPE_SPNEGO_KRB5: