diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-25 16:04:38 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-10-18 13:13:31 +1100 |
commit | 0c6e4adcb26557ae6e55169c051f0260151dc5d9 (patch) | |
tree | ecf95f05bbc93f1da279d987856410cf79bdb736 /source4/auth | |
parent | 5e6543ad76490b5d21b99841e1f984bad7f17e33 (diff) | |
download | samba-0c6e4adcb26557ae6e55169c051f0260151dc5d9.tar.gz samba-0c6e4adcb26557ae6e55169c051f0260151dc5d9.tar.bz2 samba-0c6e4adcb26557ae6e55169c051f0260151dc5d9.zip |
ntlmssp: Move ntlmssp code to auth/ntlmssp
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 110 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.h | 37 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_client.c | 5 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 5 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_sign.c | 138 | ||||
-rw-r--r-- | source4/auth/ntlmssp/wscript_build | 2 |
6 files changed, 11 insertions, 286 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 9b3aef0c65..0c63d05d68 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -21,8 +21,11 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +struct auth_session_info; + #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "source4/auth/ntlmssp/proto.h" #include "../libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" @@ -61,16 +64,6 @@ static const struct ntlmssp_callbacks { }; -static NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, - const DATA_BLOB *first_packet) -{ - if (ntlmssp_blob_matches_magic(first_packet)) { - return NT_STATUS_OK; - } else { - return NT_STATUS_INVALID_PARAMETER; - } -} - static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB input, uint32_t *idx) { @@ -175,103 +168,6 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, return NT_STATUS_OK; } -/** - * Return the NTLMSSP master session key - * - * @param ntlmssp_state NTLMSSP State - */ - -NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - - if (ntlmssp_state->expected_state != NTLMSSP_DONE) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - if (!ntlmssp_state->session_key.data) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - *session_key = data_blob_talloc(mem_ctx, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); - if (!session_key->data) { - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -static bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, - uint32_t feature) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - - if (feature & GENSEC_FEATURE_SIGN) { - if (!ntlmssp_state->session_key.length) { - return false; - } - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { - return true; - } - } - if (feature & GENSEC_FEATURE_SEAL) { - if (!ntlmssp_state->session_key.length) { - return false; - } - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { - return true; - } - } - if (feature & GENSEC_FEATURE_SESSION_KEY) { - if (ntlmssp_state->session_key.length) { - return true; - } - } - if (feature & GENSEC_FEATURE_DCE_STYLE) { - return true; - } - if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - return true; - } - } - return false; -} - -NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp; - struct ntlmssp_state *ntlmssp_state; - - gensec_ntlmssp = talloc_zero(gensec_security, - struct gensec_ntlmssp_context); - if (!gensec_ntlmssp) { - return NT_STATUS_NO_MEMORY; - } - - gensec_ntlmssp->gensec_security = gensec_security; - - ntlmssp_state = talloc_zero(gensec_ntlmssp, - struct ntlmssp_state); - if (!ntlmssp_state) { - return NT_STATUS_NO_MEMORY; - } - - ntlmssp_state->callback_private = gensec_ntlmssp; - - gensec_ntlmssp->ntlmssp_state = ntlmssp_state; - - gensec_security->private_data = gensec_ntlmssp; - return NT_STATUS_OK; -} - static const char *gensec_ntlmssp_oids[] = { GENSEC_OID_NTLMSSP, NULL diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h deleted file mode 100644 index 1126cdfe05..0000000000 --- a/source4/auth/ntlmssp/ntlmssp.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB parameters and setup - Copyright (C) Andrew Tridgell 1992-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - Copyright (C) Paul Ashton 1997 - Copyright (C) Andrew Bartlett 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "../librpc/gen_ndr/ntlmssp.h" -#include "../libcli/auth/ntlmssp.h" - -struct gensec_ntlmssp_context { - struct gensec_security *gensec_security; - struct ntlmssp_state *ntlmssp_state; - struct auth_user_info_dc *user_info_dc; -}; - -struct loadparm_context; -struct auth_session_info; - -NTSTATUS gensec_ntlmssp_init(void); - -#include "auth/ntlmssp/proto.h" diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index 53bd7a4d23..858b16f053 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -21,14 +21,17 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +struct auth_session_info; + #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "source4/auth/ntlmssp/proto.h" #include "../lib/crypto/crypto.h" #include "../libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "param/param.h" -#include "libcli/auth/ntlmssp_private.h" +#include "auth/ntlmssp/ntlmssp_private.h" /********************************************************************* Client side NTLMSSP diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 1f281479ff..68a802ce78 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -26,14 +26,15 @@ #include "lib/tsocket/tsocket.h" #include "auth/ntlmssp/ntlmssp.h" #include "../librpc/gen_ndr/ndr_ntlmssp.h" -#include "../libcli/auth/ntlmssp_ndr.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "auth/ntlmssp/ntlmssp_ndr.h" +#include "auth/ntlmssp/ntlmssp_private.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "auth/auth.h" #include "param/param.h" +#include "source4/auth/ntlmssp/proto.h" /** * Next state function for the Negotiate packet (GENSEC wrapper) diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c deleted file mode 100644 index 72cd1549fe..0000000000 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * Version 3.0 - * NTLMSSP Signing routines - * Copyright (C) Luke Kenneth Casson Leighton 1996-2001 - * Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2005 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" -#include "auth/ntlmssp/ntlmssp.h" -#include "auth/gensec/gensec.h" -#include "../libcli/auth/ntlmssp_private.h" - -NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, - TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - NTSTATUS nt_status; - - nt_status = ntlmssp_sign_packet(gensec_ntlmssp->ntlmssp_state, - sig_mem_ctx, - data, length, - whole_pdu, pdu_length, - sig); - - return nt_status; -} - -NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - NTSTATUS nt_status; - - nt_status = ntlmssp_check_packet(gensec_ntlmssp->ntlmssp_state, - data, length, - whole_pdu, pdu_length, - sig); - - return nt_status; -} - -NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, - TALLOC_CTX *sig_mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - NTSTATUS nt_status; - - nt_status = ntlmssp_seal_packet(gensec_ntlmssp->ntlmssp_state, - sig_mem_ctx, - data, length, - whole_pdu, pdu_length, - sig); - - return nt_status; -} - -/* - wrappers for the ntlmssp_*() functions -*/ -NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - NTSTATUS nt_status; - - nt_status = ntlmssp_unseal_packet(gensec_ntlmssp->ntlmssp_state, - data, length, - whole_pdu, pdu_length, - sig); - - return nt_status; -} - -size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) -{ - return NTLMSSP_SIG_SIZE; -} - -NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, - TALLOC_CTX *out_mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - - return ntlmssp_wrap(gensec_ntlmssp->ntlmssp_state, - out_mem_ctx, - in, out); -} - - -NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, - TALLOC_CTX *out_mem_ctx, - const DATA_BLOB *in, - DATA_BLOB *out) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - - return ntlmssp_unwrap(gensec_ntlmssp->ntlmssp_state, - out_mem_ctx, - in, out); -} diff --git a/source4/auth/ntlmssp/wscript_build b/source4/auth/ntlmssp/wscript_build index adbb1fa957..4d25271a8b 100644 --- a/source4/auth/ntlmssp/wscript_build +++ b/source4/auth/ntlmssp/wscript_build @@ -1,7 +1,7 @@ #!/usr/bin/env python bld.SAMBA_MODULE('gensec_ntlmssp', - source='''ntlmssp.c ntlmssp_sign.c + source='''ntlmssp.c ntlmssp_client.c ntlmssp_server.c''', autoproto='proto.h', subsystem='gensec', |