summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/ntlmssp.c
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2004-06-28 06:46:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:48 -0500
commit25bf685da5c037d1875f96e7e7127106dee2865d (patch)
treef204ac4b192220a1156c5394940a609ea1d6253f /source4/libcli/auth/ntlmssp.c
parent4cc054b4f9cda60a302ee197e917a10ff7c59e64 (diff)
downloadsamba-25bf685da5c037d1875f96e7e7127106dee2865d.tar.gz
samba-25bf685da5c037d1875f96e7e7127106dee2865d.tar.bz2
samba-25bf685da5c037d1875f96e7e7127106dee2865d.zip
r1274: revert -r 1239 as discussed with abartlet
metze (This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc)
Diffstat (limited to 'source4/libcli/auth/ntlmssp.c')
-rw-r--r--source4/libcli/auth/ntlmssp.c213
1 files changed, 95 insertions, 118 deletions
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index f72f98d8a0..6830db3f90 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -1,7 +1,7 @@
/*
Unix SMB/Netbios implementation.
-
- NLTMSSP code
+ Version 3.0
+ handle NLTMSSP, server side
Copyright (C) Andrew Tridgell 2001
Copyright (C) Andrew Bartlett 2001-2003
@@ -221,7 +221,6 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- NTSTATUS nt_status;
DATA_BLOB input;
uint32_t ntlmssp_command;
int i;
@@ -258,15 +257,13 @@ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
break;
}
} else {
- nt_status = ndr_pull_format_blob(&input, ntlmssp_state->mem_ctx,
- "Cd",
- "NTLMSSP",
- &ntlmssp_command);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &input, "Cd",
+ "NTLMSSP",
+ &ntlmssp_command)) {
DEBUG(1, ("Failed to parse NTLMSSP packet, could not extract NTLMSSP command\n"));
dump_data(2, (const char *)input.data, input.length);
- return nt_status;
+ return NT_STATUS_INVALID_PARAMETER;
}
}
@@ -445,7 +442,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- NTSTATUS nt_status;
DATA_BLOB struct_blob;
fstring dnsname, dnsdomname;
uint32_t neg_flags = 0;
@@ -460,18 +456,16 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
#endif
if (in.length) {
- nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
- "CddAA",
- "NTLMSSP",
- &ntlmssp_command,
- &neg_flags,
- &cliname,
- &domname);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &in, "CddAA",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &neg_flags,
+ &cliname,
+ &domname)) {
DEBUG(1, ("ntlmssp_server_negotiate: failed to parse NTLMSSP:\n"));
dump_data(2, (const char *)in.data, in.length);
- return nt_status;
+ return NT_STATUS_INVALID_PARAMETER;
}
debug_ntlmssp_flags(neg_flags);
@@ -521,14 +515,13 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
target_name_dns = dnsname;
}
- /* TODO: do we need to check the result here? --metze */
- ndr_push_format_blob(&struct_blob, out_mem_ctx,
- "aaaaa",
- NTLMSSP_NAME_TYPE_DOMAIN, target_name,
- NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
- NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
- NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
- 0, "");
+ msrpc_gen(out_mem_ctx,
+ &struct_blob, "aaaaa",
+ NTLMSSP_NAME_TYPE_DOMAIN, target_name,
+ NTLMSSP_NAME_TYPE_SERVER, ntlmssp_state->get_global_myname(),
+ NTLMSSP_NAME_TYPE_DOMAIN_DNS, dnsdomname,
+ NTLMSSP_NAME_TYPE_SERVER_DNS, dnsname,
+ 0, "");
} else {
struct_blob = data_blob(NULL, 0);
}
@@ -541,17 +534,16 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
} else {
gen_string = "CdAdbddB";
}
-
- /* TODO: do we need to check the result here? --metze */
- ndr_push_format_blob(out, out_mem_ctx,
- gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length);
+
+ msrpc_gen(out_mem_ctx,
+ out, gen_string,
+ "NTLMSSP",
+ NTLMSSP_CHALLENGE,
+ target_name,
+ chal_flags,
+ cryptkey, 8,
+ 0, 0,
+ struct_blob.data, struct_blob.length);
}
ntlmssp_state->expected_state = NTLMSSP_AUTH;
@@ -599,20 +591,18 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->workstation = NULL;
/* now the NTLMSSP encoded auth hashes */
- nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx,
- parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &ntlmssp_state->lm_resp,
- &ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation,
- &ntlmssp_state->encrypted_session_key,
- &auth_flags);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("ntlmssp_server_preauth: failed to parse NTLMSSP (nonfatal):\n"));
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &request, parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &ntlmssp_state->lm_resp,
+ &ntlmssp_state->nt_resp,
+ &domain,
+ &user,
+ &workstation,
+ &ntlmssp_state->encrypted_session_key,
+ &auth_flags)) {
+ DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n"));
dump_data(10, (const char *)request.data, request.length);
/* zero this out */
@@ -627,20 +617,19 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
}
/* now the NTLMSSP encoded auth hashes */
- nt_status = ndr_pull_format_blob(&request, ntlmssp_state->mem_ctx,
- parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &ntlmssp_state->lm_resp,
- &ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("ntlmssp_server_preauth: failed to parse NTLMSSP:\n"));
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &request, parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &ntlmssp_state->lm_resp,
+ &ntlmssp_state->nt_resp,
+ &domain,
+ &user,
+ &workstation)) {
+ DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n"));
dump_data(2, (const char *)request.data, request.length);
- return nt_status;
+
+ return NT_STATUS_INVALID_PARAMETER;
}
}
@@ -969,8 +958,6 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *out_mem_ctx,
DATA_BLOB in, DATA_BLOB *out)
{
- NTSTATUS nt_status;
-
if (ntlmssp_state->unicode) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
} else {
@@ -982,17 +969,13 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
}
/* generate the ntlmssp negotiate packet */
- nt_status = ndr_push_format_blob(out, out_mem_ctx,
- "CddAA",
- "NTLMSSP",
- NTLMSSP_NEGOTIATE,
- ntlmssp_state->neg_flags,
- ntlmssp_state->get_domain(),
- ntlmssp_state->get_global_myname());
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
+ msrpc_gen(out_mem_ctx,
+ out, "CddAA",
+ "NTLMSSP",
+ NTLMSSP_NEGOTIATE,
+ ntlmssp_state->neg_flags,
+ ntlmssp_state->get_domain(),
+ ntlmssp_state->get_global_myname());
ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
@@ -1027,17 +1010,16 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
- nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
- "CdBd",
- "NTLMSSP",
- &ntlmssp_command,
- &server_domain_blob,
- &chal_flags);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &in, "CdBd",
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain_blob,
+ &chal_flags)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
dump_data(2, (const char *)in.data, in.length);
- return nt_status;
+
+ return NT_STATUS_INVALID_PARAMETER;
}
data_blob_free(&server_domain_blob);
@@ -1067,20 +1049,18 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
DEBUG(3, ("NTLMSSP: Set final flags:\n"));
debug_ntlmssp_flags(ntlmssp_state->neg_flags);
- nt_status = ndr_pull_format_blob(&in, ntlmssp_state->mem_ctx,
- chal_parse_string,
- "NTLMSSP",
- &ntlmssp_command,
- &server_domain,
- &chal_flags,
- &challenge_blob, 8,
- &unkn1, &unkn2,
- &struct_blob);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!msrpc_parse(ntlmssp_state->mem_ctx,
+ &in, chal_parse_string,
+ "NTLMSSP",
+ &ntlmssp_command,
+ &server_domain,
+ &chal_flags,
+ &challenge_blob, 8,
+ &unkn1, &unkn2,
+ &struct_blob)) {
DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#2)\n"));
dump_data(2, (const char *)in.data, in.length);
- return nt_status;
+ return NT_STATUS_INVALID_PARAMETER;
}
ntlmssp_state->server_domain = server_domain;
@@ -1236,20 +1216,19 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
}
/* this generates the actual auth packet */
- nt_status = ndr_push_format_blob(out, out_mem_ctx,
- auth_gen_string,
- "NTLMSSP",
- NTLMSSP_AUTH,
- lm_response.data, lm_response.length,
- nt_response.data, nt_response.length,
- ntlmssp_state->domain,
- ntlmssp_state->user,
- ntlmssp_state->get_global_myname(),
- encrypted_session_key.data, encrypted_session_key.length,
- ntlmssp_state->neg_flags);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
+ if (!msrpc_gen(out_mem_ctx,
+ out, auth_gen_string,
+ "NTLMSSP",
+ NTLMSSP_AUTH,
+ lm_response.data, lm_response.length,
+ nt_response.data, nt_response.length,
+ ntlmssp_state->domain,
+ ntlmssp_state->user,
+ ntlmssp_state->get_global_myname(),
+ encrypted_session_key.data, encrypted_session_key.length,
+ ntlmssp_state->neg_flags)) {
+
+ return NT_STATUS_NO_MEMORY;
}
ntlmssp_state->session_key = session_key;
@@ -1263,9 +1242,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->expected_state = NTLMSSP_DONE;
- nt_status = ntlmssp_sign_init(ntlmssp_state);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+ if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
DEBUG(1, ("Could not setup NTLMSSP signing/sealing system (error was: %s)\n",
nt_errstr(nt_status)));
return nt_status;