diff options
34 files changed, 220 insertions, 193 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/gensec_ntlmssp.c index 72cd1549fe..55b2f8748a 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/auth/ntlmssp/gensec_ntlmssp.c @@ -22,7 +22,114 @@ #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" #include "auth/gensec/gensec.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "auth/ntlmssp/ntlmssp_private.h" + +NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, + const DATA_BLOB *first_packet) +{ + if (ntlmssp_blob_matches_magic(first_packet)) { + return NT_STATUS_OK; + } else { + return NT_STATUS_INVALID_PARAMETER; + } +} + +/** + * Return the NTLMSSP master session key + * + * @param ntlmssp_state NTLMSSP State + */ + +NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key) +{ + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; + + if (ntlmssp_state->expected_state != NTLMSSP_DONE) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + + if (!ntlmssp_state->session_key.data) { + return NT_STATUS_NO_USER_SESSION_KEY; + } + *session_key = data_blob_talloc(mem_ctx, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); + if (!session_key->data) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, + uint32_t feature) +{ + struct gensec_ntlmssp_context *gensec_ntlmssp = + talloc_get_type_abort(gensec_security->private_data, + struct gensec_ntlmssp_context); + struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; + + if (feature & GENSEC_FEATURE_SIGN) { + if (!ntlmssp_state->session_key.length) { + return false; + } + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { + return true; + } + } + if (feature & GENSEC_FEATURE_SEAL) { + if (!ntlmssp_state->session_key.length) { + return false; + } + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { + return true; + } + } + if (feature & GENSEC_FEATURE_SESSION_KEY) { + if (ntlmssp_state->session_key.length) { + return true; + } + } + if (feature & GENSEC_FEATURE_DCE_STYLE) { + return true; + } + if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { + return true; + } + } + return false; +} + +NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security) +{ + struct gensec_ntlmssp_context *gensec_ntlmssp; + struct ntlmssp_state *ntlmssp_state; + + gensec_ntlmssp = talloc_zero(gensec_security, + struct gensec_ntlmssp_context); + if (!gensec_ntlmssp) { + return NT_STATUS_NO_MEMORY; + } + + gensec_ntlmssp->gensec_security = gensec_security; + + ntlmssp_state = talloc_zero(gensec_ntlmssp, + struct ntlmssp_state); + if (!ntlmssp_state) { + return NT_STATUS_NO_MEMORY; + } + + ntlmssp_state->callback_private = gensec_ntlmssp; + + gensec_ntlmssp->ntlmssp_state = ntlmssp_state; + + gensec_security->private_data = gensec_ntlmssp; + return NT_STATUS_OK; +} NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, @@ -103,14 +210,14 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, return nt_status; } -size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) +size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) { return NTLMSSP_SIG_SIZE; } -NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, +NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - const DATA_BLOB *in, + const DATA_BLOB *in, DATA_BLOB *out) { struct gensec_ntlmssp_context *gensec_ntlmssp = @@ -123,9 +230,9 @@ NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, } -NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, +NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - const DATA_BLOB *in, + const DATA_BLOB *in, DATA_BLOB *out) { struct gensec_ntlmssp_context *gensec_ntlmssp = diff --git a/libcli/auth/ntlmssp.c b/auth/ntlmssp/ntlmssp.c index 4817329314..96793abfda 100644 --- a/libcli/auth/ntlmssp.c +++ b/auth/ntlmssp/ntlmssp.c @@ -22,8 +22,8 @@ */ #include "includes.h" -#include "../libcli/auth/ntlmssp.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "../auth/ntlmssp/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp_private.h" /** * Print out the NTLMSSP flags for debugging diff --git a/libcli/auth/ntlmssp.h b/auth/ntlmssp/ntlmssp.h index cf8bb8dd30..93bfb25824 100644 --- a/libcli/auth/ntlmssp.h +++ b/auth/ntlmssp/ntlmssp.h @@ -22,6 +22,14 @@ #include "../librpc/gen_ndr/ntlmssp.h" +NTSTATUS gensec_ntlmssp_init(void); + +struct gensec_ntlmssp_context { + struct gensec_security *gensec_security; + struct ntlmssp_state *ntlmssp_state; + struct auth_user_info_dc *user_info_dc; +}; + /* NTLMSSP mode */ enum ntlmssp_role { @@ -171,3 +179,49 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_stae, NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state); bool ntlmssp_blob_matches_magic(const DATA_BLOB *blob); +/* The following definitions come from ../source4/auth/ntlmssp/ntlmssp.c */ + + +/** + * Return the NTLMSSP master session key + * + * @param ntlmssp_state NTLMSSP State + */ +NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, + const DATA_BLOB *first_packet); +bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, + uint32_t feature); +NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key); +NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security); + +/* The following definitions come from ../source4/auth/ntlmssp/ntlmssp_sign.c */ + +NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_security, + TALLOC_CTX *sig_mem_ctx, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security, + const uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security, + TALLOC_CTX *sig_mem_ctx, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + DATA_BLOB *sig); +NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security, + uint8_t *data, size_t length, + const uint8_t *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig); +size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) ; +NTSTATUS gensec_ntlmssp_wrap(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); +NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + const DATA_BLOB *in, + DATA_BLOB *out); diff --git a/libcli/auth/ntlmssp_ndr.c b/auth/ntlmssp/ntlmssp_ndr.c index fd31e853d2..af24be9dc2 100644 --- a/libcli/auth/ntlmssp_ndr.c +++ b/auth/ntlmssp/ntlmssp_ndr.c @@ -20,7 +20,7 @@ #include "includes.h" #include "../librpc/gen_ndr/ndr_ntlmssp.h" -#include "../libcli/auth/ntlmssp_ndr.h" +#include "ntlmssp_ndr.h" #define NTLMSSP_PULL_MESSAGE(type, blob, mem_ctx, r) \ do { \ diff --git a/libcli/auth/ntlmssp_ndr.h b/auth/ntlmssp/ntlmssp_ndr.h index e61923170e..e61923170e 100644 --- a/libcli/auth/ntlmssp_ndr.h +++ b/auth/ntlmssp/ntlmssp_ndr.h diff --git a/libcli/auth/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h index ff7b285b41..fc74428288 100644 --- a/libcli/auth/ntlmssp_private.h +++ b/auth/ntlmssp/ntlmssp_private.h @@ -39,13 +39,13 @@ union ntlmssp_crypt_state { } ntlm2; }; -/* The following definitions come from libcli/auth/ntlmssp.c */ +/* The following definitions come from auth/ntlmssp.c */ void debug_ntlmssp_flags(uint32_t neg_flags); void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, uint32_t neg_flags, bool allow_lm); -/* The following definitions come from libcli/auth/ntlmssp_server.c */ +/* The following definitions come from auth/ntlmssp_server.c */ const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state, uint32_t neg_flags, uint32_t *chal_flags); diff --git a/libcli/auth/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index 802ac402b4..b190cf3ab7 100644 --- a/libcli/auth/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -21,10 +21,10 @@ */ #include "includes.h" -#include "../libcli/auth/ntlmssp.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "auth/ntlmssp/ntlmssp.h" +#include "auth/ntlmssp/ntlmssp_private.h" #include "../librpc/gen_ndr/ndr_ntlmssp.h" -#include "../libcli/auth/ntlmssp_ndr.h" +#include "auth/ntlmssp/ntlmssp_ndr.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" diff --git a/libcli/auth/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c index 42b459c6d4..019ea3ce3b 100644 --- a/libcli/auth/ntlmssp_sign.c +++ b/auth/ntlmssp/ntlmssp_sign.c @@ -19,12 +19,12 @@ */ #include "includes.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/md5.h" #include "../lib/crypto/hmacmd5.h" #include "../lib/crypto/crc32.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "../auth/ntlmssp/ntlmssp_private.h" #define CLI_SIGN "session key to client-to-server signing key magic constant" #define CLI_SEAL "session key to client-to-server sealing key magic constant" diff --git a/auth/ntlmssp/wscript_build b/auth/ntlmssp/wscript_build new file mode 100644 index 0000000000..16c31ac15a --- /dev/null +++ b/auth/ntlmssp/wscript_build @@ -0,0 +1,3 @@ +bld.SAMBA_SUBSYSTEM('NTLMSSP_COMMON', + source='gensec_ntlmssp.c ntlmssp.c ntlmssp_ndr.c ntlmssp_server.c ntlmssp_sign.c', + deps='samba-util NDR_NTLMSSP MSRPC_PARSE NTLM_CHECK') diff --git a/auth/wscript_build b/auth/wscript_build index 540317a401..01948151a1 100644 --- a/auth/wscript_build +++ b/auth/wscript_build @@ -8,4 +8,5 @@ bld.SAMBA_LIBRARY('auth_sam_reply', ) bld.RECURSE('gensec') +bld.RECURSE('ntlmssp') bld.RECURSE('credentials') diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index 2afab44ac2..a140df2cc0 100644 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -2,20 +2,19 @@ bld.SAMBA_LIBRARY('cliauth', source='', - deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors', + deps='NTLMSSP_COMMON MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE KRB5_WRAP errors NTLM_CHECK', private_library=True, grouping_library=True) -bld.SAMBA_SUBSYSTEM('NTLMSSP_COMMON', - source='ntlmssp.c ntlmssp_ndr.c ntlmssp_server.c ntlmssp_sign.c ntlm_check.c', - deps='samba-util NDR_NTLMSSP MSRPC_PARSE') - - bld.SAMBA_SUBSYSTEM('MSRPC_PARSE', source='msrpc_parse.c', deps='talloc' ) +bld.SAMBA_SUBSYSTEM('NTLM_CHECK', + source='ntlm_check.c', + deps = 'talloc' + ) bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH', source='credentials.c session.c smbencrypt.c smbdes.c', diff --git a/source3/Makefile.in b/source3/Makefile.in index 9e74d08ad9..89f3ec99bf 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -562,11 +562,11 @@ LIBSMB_OBJ0 = \ ../auth/gensec/gensec_start.o \ ../auth/credentials/credentials.o \ ../auth/credentials/credentials_samba3.o \ - ../libcli/auth/ntlmssp.o \ - ../libcli/auth/ntlmssp_sign.o \ + ../auth/ntlmssp/ntlmssp.o \ + ../auth/ntlmssp/ntlmssp_sign.o \ $(LIBNDR_NTLMSSP_OBJ) \ - ../libcli/auth/ntlmssp_ndr.o \ - ../libcli/auth/ntlmssp_server.o + ../auth/ntlmssp/ntlmssp_ndr.o \ + ../auth/ntlmssp/ntlmssp_server.o LIBSAMBA_OBJ = $(LIBSMB_OBJ0) \ $(LIBSMB_ERR_OBJ) diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 6f006bd38d..b4bc9f9c15 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -22,7 +22,7 @@ #include "includes.h" #include "auth.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "../librpc/gen_ndr/netlogon.h" #include "../lib/tsocket/tsocket.h" diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index a3001863b8..a39971eafb 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -19,7 +19,7 @@ #include "includes.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ads.h" #include "smb_krb5.h" diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index 63a84a8838..3420e20d27 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -21,7 +21,7 @@ #include "../libcli/auth/spnego.h" #include "include/ntlmssp_wrap.h" #include "librpc/gen_ndr/ntlmssp.h" -#include "libcli/auth/ntlmssp.h" +#include "auth/ntlmssp/ntlmssp.h" #include "librpc/crypto/gse.h" #include "librpc/crypto/spnego.h" diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index b53587ddb3..32dbfdfe48 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -24,7 +24,7 @@ #include "librpc/gen_ndr/ndr_schannel.h" #include "../libcli/auth/schannel.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "librpc/crypto/gse.h" #include "librpc/crypto/spnego.h" diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index e4402ba20f..da47bc512c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -26,7 +26,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../libcli/auth/spnego.h" #include "smb_krb5.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "libads/kerberos_proto.h" #include "krb5_env.h" #include "../lib/util/tevent_ntstatus.h" diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 9005d4dac4..12961c9390 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -21,7 +21,7 @@ #include "includes.h" #include "libsmb/libsmb.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "../lib/util/tevent_ntstatus.h" #include "async_smb.h" #include "smb_crypt.h" diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 9436ca1c3f..01cc1cc02e 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -22,11 +22,11 @@ */ #include "includes.h" -#include "../libcli/auth/ntlmssp.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "../auth/ntlmssp/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp_private.h" #include "../libcli/auth/libcli_auth.h" #include "../librpc/gen_ndr/ndr_ntlmssp.h" -#include "../libcli/auth/ntlmssp_ndr.h" +#include "../auth/ntlmssp/ntlmssp_ndr.h" #include "../lib/crypto/md5.h" #include "../lib/crypto/arcfour.h" #include "../lib/crypto/hmacmd5.h" diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c index 0f6991c92f..b90399c559 100644 --- a/source3/libsmb/ntlmssp_wrap.c +++ b/source3/libsmb/ntlmssp_wrap.c @@ -19,7 +19,7 @@ */ #include "includes.h" -#include "libcli/auth/ntlmssp.h" +#include "auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "auth/gensec/gensec.h" diff --git a/source3/libsmb/smb2cli_session.c b/source3/libsmb/smb2cli_session.c index 58204be772..f09932a5d5 100644 --- a/source3/libsmb/smb2cli_session.c +++ b/source3/libsmb/smb2cli_session.c @@ -25,7 +25,7 @@ #include "libsmb/proto.h" #include "lib/util/tevent_ntstatus.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" struct smb2cli_session_setup_state { uint8_t fixed[24]; diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 65ccdbbeab..1c7bec3889 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -18,7 +18,7 @@ */ #include "includes.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "smb_crypt.h" #include "libsmb/libsmb.h" #include "ntlmssp_wrap.h" diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index ae5b88f02c..65bc028c41 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -25,7 +25,7 @@ #include "../librpc/gen_ndr/ndr_dssetup.h" #include "../libcli/auth/schannel.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/rpc/dcerpc.h" diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c index a31bb36284..076a48da43 100644 --- a/source3/rpc_server/dcesrv_ntlmssp.c +++ b/source3/rpc_server/dcesrv_ntlmssp.c @@ -20,7 +20,7 @@ #include "includes.h" #include "rpc_server/dcesrv_ntlmssp.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "auth.h" diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index c0aaa5ab7d..b19c9ede3d 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -21,7 +21,7 @@ #include "smbd/smbd.h" #include "smbd/globals.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "smb_crypt.h" #include "../lib/util/asn1.h" diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 28ae24e95f..4d48e73f92 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -27,7 +27,7 @@ #include "smbd/smbd.h" #include "smbd/globals.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "../librpc/gen_ndr/krb5pac.h" #include "libads/kerberos_proto.h" diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index e645770014..ece5de1282 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -24,8 +24,8 @@ #include "smbd/globals.h" #include "../libcli/smb/smb_common.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" #include "../auth/gensec/gensec.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "ntlmssp_wrap.h" #include "../librpc/gen_ndr/krb5pac.h" #include "libads/kerberos_proto.h" diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 9cd47d0611..00c7d4dbba 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -28,7 +28,7 @@ #include "utils/ntlm_auth.h" #include "../libcli/auth/libcli_auth.h" #include "../libcli/auth/spnego.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #include "smb_krb5.h" #include <iniparser.h> #include "../lib/crypto/arcfour.h" diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c index 0b52ae2eb9..37e8eee727 100644 --- a/source3/winbindd/winbindd_ccache_access.c +++ b/source3/winbindd/winbindd_ccache_access.c @@ -23,7 +23,7 @@ #include "includes.h" #include "winbindd.h" -#include "../libcli/auth/ntlmssp.h" +#include "../auth/ntlmssp/ntlmssp.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 9b3aef0c65..0c63d05d68 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -21,8 +21,11 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +struct auth_session_info; + #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "source4/auth/ntlmssp/proto.h" #include "../libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" @@ -61,16 +64,6 @@ static const struct ntlmssp_callbacks { }; -static NTSTATUS gensec_ntlmssp_magic(struct gensec_security *gensec_security, - const DATA_BLOB *first_packet) -{ - if (ntlmssp_blob_matches_magic(first_packet)) { - return NT_STATUS_OK; - } else { - return NT_STATUS_INVALID_PARAMETER; - } -} - static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB input, uint32_t *idx) { @@ -175,103 +168,6 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, return NT_STATUS_OK; } -/** - * Return the NTLMSSP master session key - * - * @param ntlmssp_state NTLMSSP State - */ - -NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, - TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - - if (ntlmssp_state->expected_state != NTLMSSP_DONE) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - if (!ntlmssp_state->session_key.data) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - *session_key = data_blob_talloc(mem_ctx, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); - if (!session_key->data) { - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -static bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security, - uint32_t feature) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp = - talloc_get_type_abort(gensec_security->private_data, - struct gensec_ntlmssp_context); - struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - - if (feature & GENSEC_FEATURE_SIGN) { - if (!ntlmssp_state->session_key.length) { - return false; - } - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { - return true; - } - } - if (feature & GENSEC_FEATURE_SEAL) { - if (!ntlmssp_state->session_key.length) { - return false; - } - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { - return true; - } - } - if (feature & GENSEC_FEATURE_SESSION_KEY) { - if (ntlmssp_state->session_key.length) { - return true; - } - } - if (feature & GENSEC_FEATURE_DCE_STYLE) { - return true; - } - if (feature & GENSEC_FEATURE_ASYNC_REPLIES) { - if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - return true; - } - } - return false; -} - -NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security) -{ - struct gensec_ntlmssp_context *gensec_ntlmssp; - struct ntlmssp_state *ntlmssp_state; - - gensec_ntlmssp = talloc_zero(gensec_security, - struct gensec_ntlmssp_context); - if (!gensec_ntlmssp) { - return NT_STATUS_NO_MEMORY; - } - - gensec_ntlmssp->gensec_security = gensec_security; - - ntlmssp_state = talloc_zero(gensec_ntlmssp, - struct ntlmssp_state); - if (!ntlmssp_state) { - return NT_STATUS_NO_MEMORY; - } - - ntlmssp_state->callback_private = gensec_ntlmssp; - - gensec_ntlmssp->ntlmssp_state = ntlmssp_state; - - gensec_security->private_data = gensec_ntlmssp; - return NT_STATUS_OK; -} - static const char *gensec_ntlmssp_oids[] = { GENSEC_OID_NTLMSSP, NULL diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h deleted file mode 100644 index 1126cdfe05..0000000000 --- a/source4/auth/ntlmssp/ntlmssp.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB parameters and setup - Copyright (C) Andrew Tridgell 1992-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - Copyright (C) Paul Ashton 1997 - Copyright (C) Andrew Bartlett 2010 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "../librpc/gen_ndr/ntlmssp.h" -#include "../libcli/auth/ntlmssp.h" - -struct gensec_ntlmssp_context { - struct gensec_security *gensec_security; - struct ntlmssp_state *ntlmssp_state; - struct auth_user_info_dc *user_info_dc; -}; - -struct loadparm_context; -struct auth_session_info; - -NTSTATUS gensec_ntlmssp_init(void); - -#include "auth/ntlmssp/proto.h" diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index 53bd7a4d23..858b16f053 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -21,14 +21,17 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +struct auth_session_info; + #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "source4/auth/ntlmssp/proto.h" #include "../lib/crypto/crypto.h" #include "../libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" #include "param/param.h" -#include "libcli/auth/ntlmssp_private.h" +#include "auth/ntlmssp/ntlmssp_private.h" /********************************************************************* Client side NTLMSSP diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 1f281479ff..68a802ce78 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -26,14 +26,15 @@ #include "lib/tsocket/tsocket.h" #include "auth/ntlmssp/ntlmssp.h" #include "../librpc/gen_ndr/ndr_ntlmssp.h" -#include "../libcli/auth/ntlmssp_ndr.h" -#include "../libcli/auth/ntlmssp_private.h" +#include "auth/ntlmssp/ntlmssp_ndr.h" +#include "auth/ntlmssp/ntlmssp_private.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "auth/auth.h" #include "param/param.h" +#include "source4/auth/ntlmssp/proto.h" /** * Next state function for the Negotiate packet (GENSEC wrapper) diff --git a/source4/auth/ntlmssp/wscript_build b/source4/auth/ntlmssp/wscript_build index adbb1fa957..4d25271a8b 100644 --- a/source4/auth/ntlmssp/wscript_build +++ b/source4/auth/ntlmssp/wscript_build @@ -1,7 +1,7 @@ #!/usr/bin/env python bld.SAMBA_MODULE('gensec_ntlmssp', - source='''ntlmssp.c ntlmssp_sign.c + source='''ntlmssp.c ntlmssp_client.c ntlmssp_server.c''', autoproto='proto.h', subsystem='gensec', |