summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-01-28 12:07:02 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-01-28 12:07:02 +0000
commit1cba0a757970ffd8b81d61c88965010968ab3eff (patch)
treed776df92ed188a6818033b1dc1f1b3eadc22fe1e /source3/libsmb
parent23265259508e2a89c0386608c5f034fac635ca62 (diff)
downloadsamba-1cba0a757970ffd8b81d61c88965010968ab3eff.tar.gz
samba-1cba0a757970ffd8b81d61c88965010968ab3eff.tar.bz2
samba-1cba0a757970ffd8b81d61c88965010968ab3eff.zip
Merge from HEAD:
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/cliconnect.c7
-rw-r--r--source3/libsmb/clispnego.c124
2 files changed, 68 insertions, 63 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index b758af41c4..389b7a1733 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -465,7 +465,8 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
neg_flags = NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_128 |
- NTLMSSP_NEGOTIATE_NTLM;
+ NTLMSSP_NEGOTIATE_NTLM |
+ NTLMSSP_REQUEST_TARGET;
memset(sess_key, 0, 16);
@@ -476,8 +477,8 @@ static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
"NTLMSSP",
NTLMSSP_NEGOTIATE,
neg_flags,
- workgroup, strlen(workgroup),
- cli->calling.name, strlen(cli->calling.name) + 1);
+ workgroup,
+ cli->calling.name);
DEBUG(10, ("neg_flags: %0X, workgroup: %s, calling name %s\n",
neg_flags, workgroup, cli->calling.name));
/* and wrap it in a SPNEGO wrapper */
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 55f49c5987..3e28baa417 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -387,51 +387,6 @@ BOOL spnego_parse_challenge(DATA_BLOB blob,
/*
- generate a spnego NTLMSSP challenge packet given two security blobs
- The second challenge is optional
-*/
-BOOL spnego_gen_challenge(DATA_BLOB *blob,
- DATA_BLOB *chal1, DATA_BLOB *chal2)
-{
- ASN1_DATA data;
-
- ZERO_STRUCT(data);
-
- asn1_push_tag(&data,ASN1_CONTEXT(1));
- asn1_push_tag(&data,ASN1_SEQUENCE(0));
-
- asn1_push_tag(&data,ASN1_CONTEXT(0));
- asn1_write_enumerated(&data,1);
- asn1_pop_tag(&data);
-
- asn1_push_tag(&data,ASN1_CONTEXT(1));
- asn1_write_OID(&data, OID_NTLMSSP);
- asn1_pop_tag(&data);
-
- asn1_push_tag(&data,ASN1_CONTEXT(2));
- asn1_write_OctetString(&data, chal1->data, chal1->length);
- asn1_pop_tag(&data);
-
- /* the second challenge is optional (XP doesn't send it) */
- if (chal2) {
- asn1_push_tag(&data,ASN1_CONTEXT(3));
- asn1_write_OctetString(&data, chal2->data, chal2->length);
- asn1_pop_tag(&data);
- }
-
- asn1_pop_tag(&data);
- asn1_pop_tag(&data);
-
- if (data.has_error) {
- return False;
- }
-
- *blob = data_blob(data.data, data.length);
- asn1_free(&data);
- return True;
-}
-
-/*
generate a SPNEGO NTLMSSP auth packet. This will contain the encrypted passwords
*/
DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
@@ -485,18 +440,37 @@ BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
/*
generate a minimal SPNEGO NTLMSSP response packet. Doesn't contain much.
*/
-DATA_BLOB spnego_gen_auth_response(void)
+DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status)
{
ASN1_DATA data;
DATA_BLOB ret;
+ uint8 negResult;
- memset(&data, 0, sizeof(data));
+ if (NT_STATUS_IS_OK(nt_status)) {
+ negResult = SPNGEO_NEG_RESULT_ACCEPT;
+ } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ negResult = SPNGEO_NEG_RESULT_INCOMPLETE;
+ } else {
+ negResult = SPNGEO_NEG_RESULT_REJECT;
+ }
+
+ ZERO_STRUCT(data);
asn1_push_tag(&data, ASN1_CONTEXT(1));
asn1_push_tag(&data, ASN1_SEQUENCE(0));
asn1_push_tag(&data, ASN1_CONTEXT(0));
- asn1_write_enumerated(&data, 0);
+ asn1_write_enumerated(&data, negResult);
asn1_pop_tag(&data);
+ if (negResult == SPNGEO_NEG_RESULT_INCOMPLETE) {
+ asn1_push_tag(&data,ASN1_CONTEXT(1));
+ asn1_write_OID(&data, OID_NTLMSSP);
+ asn1_pop_tag(&data);
+
+ asn1_push_tag(&data,ASN1_CONTEXT(2));
+ asn1_write_OctetString(&data, ntlmssp_reply->data, ntlmssp_reply->length);
+ asn1_pop_tag(&data);
+ }
+
asn1_pop_tag(&data);
asn1_pop_tag(&data);
@@ -514,8 +488,9 @@ DATA_BLOB spnego_gen_auth_response(void)
format specifiers are:
U = unicode string (input is unix string)
- a = address (1 byte type, 1 byte length, unicode string, all inline)
- A = ASCII string (pointer + length) Actually same as B
+ a = address (input is BOOL unicode, char *unix_string)
+ (1 byte type, 1 byte length, unicode/ASCII string, all inline)
+ A = ASCII string (input is unix string)
B = data blob (pointer + length)
b = data blob in header (pointer + length)
D
@@ -531,6 +506,7 @@ BOOL msrpc_gen(DATA_BLOB *blob,
uint8 *b;
int head_size=0, data_size=0;
int head_ofs, data_ofs;
+ BOOL unicode;
/* first scan the format to work out the header and body size */
va_start(ap, format);
@@ -541,12 +517,21 @@ BOOL msrpc_gen(DATA_BLOB *blob,
head_size += 8;
data_size += str_charnum(s) * 2;
break;
+ case 'A':
+ s = va_arg(ap, char *);
+ head_size += 8;
+ data_size += str_ascii_charnum(s);
+ break;
case 'a':
+ unicode = va_arg(ap, BOOL);
n = va_arg(ap, int);
s = va_arg(ap, char *);
- data_size += (str_charnum(s) * 2) + 4;
+ if (unicode) {
+ data_size += (str_charnum(s) * 2) + 4;
+ } else {
+ data_size += (str_ascii_charnum(s)) + 4;
+ }
break;
- case 'A':
case 'B':
b = va_arg(ap, uint8 *);
head_size += 8;
@@ -586,20 +571,39 @@ BOOL msrpc_gen(DATA_BLOB *blob,
push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
data_ofs += n*2;
break;
+ case 'A':
+ s = va_arg(ap, char *);
+ n = str_ascii_charnum(s);
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+ SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+ push_string(NULL, blob->data+data_ofs, s, n, STR_ASCII|STR_NOALIGN);
+ data_ofs += n;
+ break;
case 'a':
+ unicode = va_arg(ap, BOOL);
n = va_arg(ap, int);
SSVAL(blob->data, data_ofs, n); data_ofs += 2;
s = va_arg(ap, char *);
- n = str_charnum(s);
- SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
- if (0 < n) {
- push_string(NULL, blob->data+data_ofs, s, n*2,
- STR_UNICODE|STR_NOALIGN);
+ if (unicode) {
+ n = str_charnum(s);
+ SSVAL(blob->data, data_ofs, n*2); data_ofs += 2;
+ if (0 < n) {
+ push_string(NULL, blob->data+data_ofs, s, n*2,
+ STR_UNICODE|STR_NOALIGN);
+ }
+ data_ofs += n*2;
+ } else {
+ n = str_ascii_charnum(s);
+ SSVAL(blob->data, data_ofs, n); data_ofs += 2;
+ if (0 < n) {
+ push_string(NULL, blob->data+data_ofs, s, n,
+ STR_ASCII|STR_NOALIGN);
+ }
+ data_ofs += n;
}
- data_ofs += n*2;
break;
- case 'A':
case 'B':
b = va_arg(ap, uint8 *);
n = va_arg(ap, int);
@@ -714,7 +718,7 @@ BOOL msrpc_parse(DATA_BLOB *blob,
break;
case 'C':
s = va_arg(ap, char *);
- head_ofs += pull_string(NULL, p, blob->data+head_ofs, -1,
+ head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p),
blob->length - head_ofs,
STR_ASCII|STR_TERMINATE);
if (strcmp(s, p) != 0) {