diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-05-05 12:58:15 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-05-05 12:58:15 +1000 |
commit | fe7d46067133131189faf7aebae62fa9c48626d9 (patch) | |
tree | c167d18a67dc50f242940dd668203fd9cb11c7e0 /source4/auth/credentials/credentials_ntlm.c | |
parent | f8fb5d8c4da11cdb8ac79649fd74047d4cc42c68 (diff) | |
download | samba-fe7d46067133131189faf7aebae62fa9c48626d9.tar.gz samba-fe7d46067133131189faf7aebae62fa9c48626d9.tar.bz2 samba-fe7d46067133131189faf7aebae62fa9c48626d9.zip |
Allow an NTLM response to be specified into the auth subsystem.
This allows it to be proxied for NTLM pass-though authentication (aka
security=server and associated man-in-the-middle attacks).
Andrew Bartlett
(This used to be commit 6ffabb38d03ad90d8731ab3e0eb692438db967ee)
Diffstat (limited to 'source4/auth/credentials/credentials_ntlm.c')
-rw-r--r-- | source4/auth/credentials/credentials_ntlm.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c index b88f2018df..22e273c35a 100644 --- a/source4/auth/credentials/credentials_ntlm.c +++ b/source4/auth/credentials/credentials_ntlm.c @@ -52,6 +52,20 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred const struct samr_Password *nt_hash; lm_session_key = data_blob(NULL, 0); + /* We may already have an NTLM response we prepared earlier. + * This is used for NTLM pass-though authentication */ + if (cred->nt_response.data || cred->lm_response.data) { + *_nt_response = cred->nt_response; + *_lm_response = cred->lm_response; + + if (!cred->lm_response.data) { + *flags = *flags & ~CLI_CRED_LANMAN_AUTH; + } + *_lm_session_key = data_blob(NULL, 0); + *_session_key = data_blob(NULL, 0); + return NT_STATUS_OK; + } + nt_hash = cli_credentials_get_nt_hash(cred, mem_ctx); cli_credentials_get_ntlm_username_domain(cred, mem_ctx, &user, &domain); @@ -215,3 +229,41 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred return NT_STATUS_OK; } +_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, + const struct samr_Password *nt_hash, + enum credentials_obtained obtained) +{ + if (obtained >= cred->password_obtained) { + cli_credentials_set_password(cred, NULL, obtained); + if (nt_hash) { + cred->nt_hash = talloc(cred, struct samr_Password); + *cred->nt_hash = *nt_hash; + } else { + cred->nt_hash = NULL; + } + return true; + } + + return false; +} + +_PUBLIC_ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred, + const DATA_BLOB *lm_response, + const DATA_BLOB *nt_response, + enum credentials_obtained obtained) +{ + if (obtained >= cred->password_obtained) { + cli_credentials_set_password(cred, NULL, obtained); + if (nt_response) { + cred->nt_response = data_blob_talloc(cred, nt_response->data, nt_response->length); + talloc_steal(cred, cred->nt_response.data); + } + if (nt_response) { + cred->lm_response = data_blob_talloc(cred, lm_response->data, lm_response->length); + } + return true; + } + + return false; +} + |