#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
-#include "auth/ntlmssp/msrpc_parse.h"
-#include "lib/crypto/crypto.h"
-#include "libcli/auth/libcli_auth.h"
+#include "../lib/crypto/crypto.h"
+#include "../libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "param/param.h"
/*********************************************************************
Client side NTLMSSP
DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
+ const char *domain = gensec_ntlmssp_state->domain;
+ const char *workstation = cli_credentials_get_workstation(gensec_security->credentials);
+
+ /* These don't really matter in the initial packet, so don't panic if they are not set */
+ if (!domain) {
+ domain = "";
+ }
+
+ if (!workstation) {
+ workstation = "";
+ }
if (gensec_ntlmssp_state->unicode) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
"NTLMSSP",
NTLMSSP_NEGOTIATE,
gensec_ntlmssp_state->neg_flags,
- gensec_ntlmssp_state->get_domain(),
- cli_credentials_get_workstation(gensec_security->credentials));
+ domain,
+ workstation);
gensec_ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
ntlmssp_handle_neg_flags(gensec_ntlmssp_state, chal_flags, gensec_ntlmssp_state->allow_lm_key);
if (gensec_ntlmssp_state->unicode) {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
}
auth_gen_string = "CdBBUUUBd";
} else {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
if (gensec_ntlmssp_state->use_nt_response) {
flags |= CLI_CRED_NTLM_AUTH;
}
- if (lp_client_lanman_auth()) {
+ if (lp_client_lanman_auth(gensec_security->settings->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
}
if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- && lp_client_lanman_auth() && lm_session_key.length == 16) {
+ && lp_client_lanman_auth(gensec_security->settings->lp_ctx) && lm_session_key.length == 16) {
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (lm_response.length == 24) {
SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
/* Make up a new session key */
uint8_t client_session_key[16];
- generate_random_buffer(client_session_key, sizeof(client_session_key));
+ generate_secret_buffer(client_session_key, sizeof(client_session_key));
/* Encrypt the new session key with the old one */
encrypted_session_key = data_blob_talloc(gensec_ntlmssp_state,
gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
- gensec_ntlmssp_state->get_domain = lp_workgroup;
+ gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx);
- gensec_ntlmssp_state->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True);
+ gensec_ntlmssp_state->unicode = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "unicode", true);
- gensec_ntlmssp_state->use_nt_response = lp_parm_bool(-1, "ntlmssp_client", "send_nt_reponse", True);
+ gensec_ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true);
- gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth()
- && (lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False)
- || lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)));
+ gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->settings->lp_ctx)
+ && (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false)
+ || gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)));
- gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth();
+ gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->settings->lp_ctx);
gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL;
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_REQUEST_TARGET;
- if (lp_parm_bool(-1, "ntlmssp_client", "128bit", True)) {
+ if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "56bit", False)) {
+ if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "56bit", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)) {
+ if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "keyexchange", True)) {
+ if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "alwayssign", True)) {
+ if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "ntlm2", True)) {
+ if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
} else {
/* apparently we can't do ntlmv2 if we don't do ntlm2 */
- gensec_ntlmssp_state->use_ntlmv2 = False;
+ gensec_ntlmssp_state->use_ntlmv2 = false;
}
if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+ gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}