diff options
-rw-r--r-- | source3/Makefile.in | 1 | ||||
-rw-r--r-- | source3/auth/auth_ntlmssp.c | 78 | ||||
-rw-r--r-- | source3/include/ntlmssp_wrap.h | 69 | ||||
-rw-r--r-- | source3/include/proto.h | 27 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_wrap.c | 118 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 1 | ||||
-rw-r--r-- | source3/smbd/seal.c | 1 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 1 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 1 |
9 files changed, 194 insertions, 103 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 26879c4412..45bf8fd738 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -495,6 +495,7 @@ LIBSMB_ERR_OBJ = $(LIBSMB_ERR_OBJ0) $(LIBSMB_ERR_OBJ1) \ LIBSMB_OBJ0 = \ ../libcli/auth/ntlm_check.o \ libsmb/ntlmssp.o \ + libsmb/ntlmssp_wrap.o \ ../libcli/auth/ntlmssp.o \ ../libcli/auth/ntlmssp_sign.o \ $(LIBNDR_NTLMSSP_OBJ) \ diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index efeca5c403..66adc6ff1a 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -22,56 +22,7 @@ #include "includes.h" #include "../libcli/auth/ntlmssp.h" - -struct auth_ntlmssp_state { - struct auth_context *auth_context; - struct auth_serversupplied_info *server_info; - struct ntlmssp_state *ntlmssp_state; -}; - -NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) -{ - return ntlmssp_sign_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig); -} - -NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) -{ - return ntlmssp_check_packet(auth_ntlmssp_state->ntlmssp_state, data, length, whole_pdu, pdu_length, sig); -} - -NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - TALLOC_CTX *sig_mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) -{ - return ntlmssp_seal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, whole_pdu, pdu_length, sig); -} - -NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) -{ - return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, data, length, whole_pdu, pdu_length, sig); -} - -bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *auth_ntlmssp_state) -{ - return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN; -} - -bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state) -{ - return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL; -} +#include "ntlmssp_wrap.h" void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state) { @@ -105,27 +56,6 @@ NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state) -{ - return auth_ntlmssp_state->ntlmssp_state; -} - -/* Needed for 'map to guest' and 'smb username' processing */ -const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state) -{ - return auth_ntlmssp_state->ntlmssp_state->user; -} - -const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state) -{ - return auth_ntlmssp_state->ntlmssp_state->domain; -} - -const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *auth_ntlmssp_state) -{ - return auth_ntlmssp_state->ntlmssp_state->client.netbios_name; -} - /** * Return the challenge as determined by the authentication subsystem * @return an 8 byte random challenge @@ -329,9 +259,3 @@ static int auth_ntlmssp_state_destructor(void *ptr) TALLOC_FREE(ans->ntlmssp_state); return 0; } - -NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state, - const DATA_BLOB request, DATA_BLOB *reply) -{ - return ntlmssp_update(auth_ntlmssp_state->ntlmssp_state, request, reply); -} diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h new file mode 100644 index 0000000000..7905b9be65 --- /dev/null +++ b/source3/include/ntlmssp_wrap.h @@ -0,0 +1,69 @@ +/* + NLTMSSP wrappers + + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Andrew Bartlett 2001-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _NTLMSSP_WRAP_ +#define _NTLMSSP_WRAP_ + +struct auth_ntlmssp_state { + /* used only by server implementation */ + struct auth_context *auth_context; + struct auth_serversupplied_info *server_info; + + /* used by both client and server implementation */ + struct ntlmssp_state *ntlmssp_state; +}; + +NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans, + TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans, + const uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + const DATA_BLOB *sig); +NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans, + TALLOC_CTX *sig_mem_ctx, + uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans, + uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + const DATA_BLOB *sig); +bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans); +bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans); +struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state( + struct auth_ntlmssp_state *ans); +const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans); +const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans); +const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *ans); +NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, + const DATA_BLOB request, DATA_BLOB *reply); + +#endif /* _NTLMSSP_WRAP_ */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 7c7611d672..2628763420 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -57,35 +57,10 @@ NTSTATUS auth_netlogond_init(void); NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx, struct auth_ntlmssp_state *auth_ntlmssp_state, struct auth_serversupplied_info **server_info); -struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state); -const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *auth_ntlmssp_state); -const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *auth_ntlmssp_state); -const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *auth_ntlmssp_state); -bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *auth_ntlmssp_state); -bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state); void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state); void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state); NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state); -NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *auth_ntlmssp_state, - const DATA_BLOB request, DATA_BLOB *reply) ; -NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - TALLOC_CTX *sig_mem_ctx, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); -NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - const uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) ; -NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - TALLOC_CTX *sig_mem_ctx, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - DATA_BLOB *sig); -NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *auth_ntlmssp_state, - uint8_t *data, size_t length, - const uint8_t *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig); + /* The following definitions come from auth/auth_sam.c */ diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c new file mode 100644 index 0000000000..8b8c199ff5 --- /dev/null +++ b/source3/libsmb/ntlmssp_wrap.c @@ -0,0 +1,118 @@ +/* + NLTMSSP wrappers + + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Andrew Bartlett 2001-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "libcli/auth/ntlmssp.h" +#include "ntlmssp_wrap.h" + +NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans, + TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + DATA_BLOB *sig) +{ + return ntlmssp_sign_packet(ans->ntlmssp_state, + sig_mem_ctx, + data, length, + whole_pdu, pdu_length, + sig); +} + +NTSTATUS auth_ntlmssp_check_packet(struct auth_ntlmssp_state *ans, + const uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + const DATA_BLOB *sig) +{ + return ntlmssp_check_packet(ans->ntlmssp_state, + data, length, + whole_pdu, pdu_length, + sig); +} + +NTSTATUS auth_ntlmssp_seal_packet(struct auth_ntlmssp_state *ans, + TALLOC_CTX *sig_mem_ctx, + uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + DATA_BLOB *sig) +{ + return ntlmssp_seal_packet(ans->ntlmssp_state, + sig_mem_ctx, + data, length, + whole_pdu, pdu_length, + sig); +} + +NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans, + uint8_t *data, + size_t length, + const uint8_t *whole_pdu, + size_t pdu_length, + const DATA_BLOB *sig) +{ + return ntlmssp_unseal_packet(ans->ntlmssp_state, + data, length, + whole_pdu, pdu_length, + sig); +} + +bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans) +{ + return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN; +} + +bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans) +{ + return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL; +} + +struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state( + struct auth_ntlmssp_state *ans) +{ + return ans->ntlmssp_state; +} + +/* Needed for 'map to guest' and 'smb username' processing */ +const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans) +{ + return ans->ntlmssp_state->user; +} + +const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans) +{ + return ans->ntlmssp_state->domain; +} + +const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *ans) +{ + return ans->ntlmssp_state->client.netbios_name; +} + +NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, + const DATA_BLOB request, DATA_BLOB *reply) +{ + return ntlmssp_update(ans->ntlmssp_state, request, reply); +} + diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 6211d3b87e..3d4e6c3300 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -33,6 +33,7 @@ #include "../libcli/auth/schannel.h" #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" +#include "ntlmssp_wrap.h" #include "rpc_server.h" #undef DBGC_CLASS diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index ad785a4588..81b545aabf 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -21,6 +21,7 @@ #include "smbd/globals.h" #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" +#include "ntlmssp_wrap.h" /****************************************************************************** Server side encryption. diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 8ff8e08a46..5381122e2b 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -26,6 +26,7 @@ #include "smbd/globals.h" #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" +#include "ntlmssp_wrap.h" #include "librpc/gen_ndr/messaging.h" /* For split krb5 SPNEGO blobs. */ diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index a6adf8a66f..a8172d3ee3 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -24,6 +24,7 @@ #include "../libcli/smb/smb_common.h" #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" +#include "ntlmssp_wrap.h" static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req, uint64_t in_session_id, |