diff options
-rw-r--r-- | source3/include/ntlmssp.h | 24 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 192 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_sign.c | 58 |
3 files changed, 137 insertions, 137 deletions
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index 67cdd5a551..1662eaa616 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1997 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 Copyright (C) Paul Ashton 1997 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -70,7 +70,7 @@ enum NTLM_MESSAGE_TYPE #define NTLMSSP_SIG_SIZE 16 -typedef struct ntlmssp_state +typedef struct ntlmssp_state { unsigned int ref_count; enum NTLMSSP_ROLE role; @@ -98,7 +98,7 @@ typedef struct ntlmssp_state void *auth_context; /** - * Callback to get the 'challenge' used for NTLM authentication. + * Callback to get the 'challenge' used for NTLM authentication. * * @param ntlmssp_state This structure * @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication @@ -108,10 +108,10 @@ typedef struct ntlmssp_state uint8_t challenge[8]); /** - * Callback to find if the challenge used by NTLM authentication may be modified + * Callback to find if the challenge used by NTLM authentication may be modified * * The NTLM2 authentication scheme modifies the effective challenge, but this is not compatiable with the - * current 'security=server' implementation.. + * current 'security=server' implementation.. * * @param ntlmssp_state This structure * @return Can the challenge be set to arbitary values? @@ -120,7 +120,7 @@ typedef struct ntlmssp_state bool (*may_set_challenge)(const struct ntlmssp_state *ntlmssp_state); /** - * Callback to set the 'challenge' used for NTLM authentication. + * Callback to set the 'challenge' used for NTLM authentication. * * The callback may use the void *auth_context to store state information, but the same value is always available * from the DATA_BLOB chal on this structure. @@ -132,9 +132,9 @@ typedef struct ntlmssp_state NTSTATUS (*set_challenge)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge); /** - * Callback to check the user's password. + * Callback to check the user's password. * - * The callback must reads the feilds of this structure for the information it needs on the user + * The callback must reads the feilds of this structure for the information it needs on the user * @param ntlmssp_state This structure * @param nt_session_key If an NT session key is returned by the authentication process, return it here * @param lm_session_key If an LM session key is returned by the authentication process, return it here @@ -165,5 +165,5 @@ typedef struct ntlmssp_state /* it turns out that we don't always get the response in at the time we want to process it. Store it here, until we need it */ - DATA_BLOB stored_response; + DATA_BLOB stored_response; } NTLMSSP_STATE; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index c5d271cdba..023d356001 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/Netbios implementation. Version 3.0 handle NLTMSSP, server side @@ -24,24 +24,24 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" -static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, +static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, DATA_BLOB reply, DATA_BLOB *next_request); static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB in, DATA_BLOB *out); -static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, +static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB reply, DATA_BLOB *next_request); static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, const DATA_BLOB request, DATA_BLOB *reply); /** * Callbacks for NTLMSSP - for both client and server operating modes - * + * */ static const struct ntlmssp_callbacks { enum NTLMSSP_ROLE role; enum NTLM_MESSAGE_TYPE ntlmssp_command; - NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state, + NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB in, DATA_BLOB *out); } ntlmssp_callbacks[] = { {NTLMSSP_CLIENT, NTLMSSP_INITIAL, ntlmssp_client_initial}, @@ -54,7 +54,7 @@ static const struct ntlmssp_callbacks { /** - * Print out the NTLMSSP flags for debugging + * Print out the NTLMSSP flags for debugging * @param neg_flags The flags from the packet */ @@ -62,45 +62,45 @@ void debug_ntlmssp_flags(uint32 neg_flags) { DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags)); - if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) + if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_OEM) + if (neg_flags & NTLMSSP_NEGOTIATE_OEM) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM\n")); - if (neg_flags & NTLMSSP_REQUEST_TARGET) + if (neg_flags & NTLMSSP_REQUEST_TARGET) DEBUGADD(4, (" NTLMSSP_REQUEST_TARGET\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) + if (neg_flags & NTLMSSP_NEGOTIATE_SIGN) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) + if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n")); if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) + if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) + if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_NTLM) + if (neg_flags & NTLMSSP_NEGOTIATE_NTLM) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED) + if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED) + if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL) + if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) + if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n")); if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE) DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n")); if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY) DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) + if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n")); - if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) + if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n")); if (neg_flags & NTLMSSP_NEGOTIATE_VERSION) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_VERSION\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_128) + if (neg_flags & NTLMSSP_NEGOTIATE_128) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) + if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_KEY_EXCH\n")); if (neg_flags & NTLMSSP_NEGOTIATE_56) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n")); @@ -140,12 +140,12 @@ static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *ch return NT_STATUS_OK; } -/** - * Set a username on an NTLMSSP context - ensures it is talloc()ed +/** + * Set a username on an NTLMSSP context - ensures it is talloc()ed * */ -NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) +NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) { ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" ); if (!ntlmssp_state->user) { @@ -154,13 +154,13 @@ NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) return NT_STATUS_OK; } -/** - * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed +/** + * Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed * */ NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state, const unsigned char lm_hash[16], - const unsigned char nt_hash[16]) + const unsigned char nt_hash[16]) { ntlmssp_state->lm_hash = (unsigned char *) TALLOC_MEMDUP(ntlmssp_state, lm_hash, 16); @@ -174,11 +174,11 @@ NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state, return NT_STATUS_OK; } -/** +/** * Converts a password to the hashes on an NTLMSSP context. * */ -NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password) +NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password) { if (!password) { ntlmssp_state->lm_hash = NULL; @@ -194,11 +194,11 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password return NT_STATUS_OK; } -/** - * Set a domain on an NTLMSSP context - ensures it is talloc()ed +/** + * Set a domain on an NTLMSSP context - ensures it is talloc()ed * */ -NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) +NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) { ntlmssp_state->domain = talloc_strdup(ntlmssp_state, domain ? domain : "" ); @@ -208,11 +208,11 @@ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) return NT_STATUS_OK; } -/** - * Set a workstation on an NTLMSSP context - ensures it is talloc()ed +/** + * Set a workstation on an NTLMSSP context - ensures it is talloc()ed * */ -NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) +NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) { ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation); if (!ntlmssp_state->workstation) { @@ -227,7 +227,7 @@ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *works */ NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state, - DATA_BLOB response) + DATA_BLOB response) { ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, response.data, @@ -281,15 +281,15 @@ void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature) /** * Next state function for the NTLMSSP state machine - * + * * @param ntlmssp_state NTLMSSP State * @param in The packet in from the NTLMSSP partner, as a DATA_BLOB * @param out The reply, as an allocated DATA_BLOB, caller to free. - * @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK. + * @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK. */ -NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, - const DATA_BLOB in, DATA_BLOB *out) +NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, + const DATA_BLOB in, DATA_BLOB *out) { DATA_BLOB input; uint32 ntlmssp_command; @@ -338,21 +338,21 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, } for (i=0; ntlmssp_callbacks[i].fn; i++) { - if (ntlmssp_callbacks[i].role == ntlmssp_state->role + if (ntlmssp_callbacks[i].role == ntlmssp_state->role && ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) { return ntlmssp_callbacks[i].fn(ntlmssp_state, input, out); } } - DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n", - ntlmssp_state->role, ntlmssp_command)); + DEBUG(1, ("failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n", + ntlmssp_state->role, ntlmssp_command)); return NT_STATUS_INVALID_PARAMETER; } /** * End an NTLMSSP state machine - * + * * @param ntlmssp_state NTLMSSP State, free()ed by this function */ @@ -372,9 +372,9 @@ void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state) } /** - * Determine correct target name flags for reply, given server role + * Determine correct target name flags for reply, given server role * and negotiated flags - * + * * @param ntlmssp_state NTLMSSP State * @param neg_flags The flags from the packet * @param chal_flags The flags to be set in the reply packet @@ -382,7 +382,7 @@ void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state) */ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state, - uint32 neg_flags, uint32 *chal_flags) + uint32 neg_flags, uint32 *chal_flags) { if (neg_flags & NTLMSSP_REQUEST_TARGET) { *chal_flags |= NTLMSSP_CHAL_TARGET_INFO; @@ -509,7 +509,7 @@ DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx) */ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, - const DATA_BLOB request, DATA_BLOB *reply) + const DATA_BLOB request, DATA_BLOB *reply) { DATA_BLOB struct_blob; const char *dnsname; @@ -624,11 +624,11 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, * @param ntlmssp_state NTLMSSP State * @param request The request, as a DATA_BLOB * @param request The reply, as an allocated DATA_BLOB, caller to free. - * @return Errors or NT_STATUS_OK. + * @return Errors or NT_STATUS_OK. */ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, - const DATA_BLOB request, DATA_BLOB *reply) + const DATA_BLOB request, DATA_BLOB *reply) { DATA_BLOB encrypted_session_key = data_blob_null; DATA_BLOB user_session_key = data_blob_null; @@ -667,12 +667,12 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* now the NTLMSSP encoded auth hashes */ if (!msrpc_parse(ntlmssp_state, &request, parse_string, - "NTLMSSP", - &ntlmssp_command, + "NTLMSSP", + &ntlmssp_command, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, - &ntlmssp_state->domain, - &ntlmssp_state->user, + &ntlmssp_state->domain, + &ntlmssp_state->user, &ntlmssp_state->workstation, &encrypted_session_key, &auth_flags)) { @@ -687,12 +687,12 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* now the NTLMSSP encoded auth hashes */ if (!msrpc_parse(ntlmssp_state, &request, parse_string, - "NTLMSSP", - &ntlmssp_command, + "NTLMSSP", + &ntlmssp_command, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, - &ntlmssp_state->domain, - &ntlmssp_state->user, + &ntlmssp_state->domain, + &ntlmssp_state->user, &ntlmssp_state->workstation)) { DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP (tried both formats):\n")); dump_data(2, request.data, request.length); @@ -712,8 +712,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, file_save("lmhash1.dat", &ntlmssp_state->lm_resp.data, &ntlmssp_state->lm_resp.length); #endif - /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a - client challenge + /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a + client challenge However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful. */ @@ -757,7 +757,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* Finally, actually ask if the password is OK */ - if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state, + if (!NT_STATUS_IS_OK(nt_status = ntlmssp_state->check_password(ntlmssp_state, &user_session_key, &lm_session_key))) { data_blob_free(&encrypted_session_key); return nt_status; @@ -771,7 +771,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, if (user_session_key.data && user_session_key.length == 16) { session_key = data_blob_talloc(ntlmssp_state, NULL, 16); - hmac_md5(user_session_key.data, session_nonce, + hmac_md5(user_session_key.data, session_nonce, sizeof(session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); @@ -788,7 +788,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } - SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, + SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state->lm_resp.data, session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n")); } else { @@ -822,27 +822,27 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, session_key = data_blob_null; } - /* With KEY_EXCH, the client supplies the proposed session key, + /* With KEY_EXCH, the client supplies the proposed session key, but encrypts it with the long-term key */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { if (!encrypted_session_key.data || encrypted_session_key.length != 16) { data_blob_free(&encrypted_session_key); - DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n", + DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n", (unsigned int)encrypted_session_key.length)); return NT_STATUS_INVALID_PARAMETER; } else if (!session_key.data || session_key.length != 16) { - DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n", + DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n", (unsigned int)session_key.length)); ntlmssp_state->session_key = session_key; } else { dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length); - arcfour_crypt_blob(encrypted_session_key.data, - encrypted_session_key.length, + arcfour_crypt_blob(encrypted_session_key.data, + encrypted_session_key.length, &session_key); ntlmssp_state->session_key = data_blob_talloc( ntlmssp_state, encrypted_session_key.data, encrypted_session_key.length); - dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, + dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length); } } else { @@ -865,7 +865,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /** * Create an NTLMSSP state machine - * + * * @param ntlmssp_state NTLMSSP State, allocated by this function */ @@ -892,7 +892,7 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) (*ntlmssp_state)->ref_count = 1; - (*ntlmssp_state)->neg_flags = + (*ntlmssp_state)->neg_flags = NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_56 | NTLMSSP_NEGOTIATE_VERSION | @@ -912,15 +912,15 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) /** * Next state function for the Initial packet - * + * * @param ntlmssp_state NTLMSSP State * @param request The request, as a DATA_BLOB. reply.data must be NULL * @param request The reply, as an allocated DATA_BLOB, caller to free. - * @return Errors or NT_STATUS_OK. + * @return Errors or NT_STATUS_OK. */ -static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, - DATA_BLOB reply, DATA_BLOB *next_request) +static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, + DATA_BLOB reply, DATA_BLOB *next_request) { if (ntlmssp_state->unicode) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE; @@ -937,7 +937,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, "NTLMSSP", NTLMSSP_NEGOTIATE, ntlmssp_state->neg_flags, - ntlmssp_state->get_domain(), + ntlmssp_state->get_domain(), ntlmssp_state->get_global_myname()); ntlmssp_state->expected_state = NTLMSSP_CHALLENGE; @@ -947,15 +947,15 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, /** * Next state function for the Challenge Packet. Generate an auth packet. - * + * * @param ntlmssp_state NTLMSSP State * @param request The request, as a DATA_BLOB. reply.data must be NULL * @param request The reply, as an allocated DATA_BLOB, caller to free. - * @return Errors or NT_STATUS_OK. + * @return Errors or NT_STATUS_OK. */ -static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, - const DATA_BLOB reply, DATA_BLOB *next_request) +static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, + const DATA_BLOB reply, DATA_BLOB *next_request) { uint32 chal_flags, ntlmssp_command, unkn1, unkn2; DATA_BLOB server_domain_blob; @@ -972,7 +972,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", "NTLMSSP", - &ntlmssp_command, + &ntlmssp_command, &server_domain_blob, &chal_flags)) { DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n")); @@ -1010,7 +1010,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, if (!msrpc_parse(ntlmssp_state, &reply, chal_parse_string, "NTLMSSP", - &ntlmssp_command, + &ntlmssp_command, &server_domain, &chal_flags, &challenge_blob, 8, @@ -1049,11 +1049,11 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* TODO: if the remote server is standalone, then we should replace 'domain' with the server name as supplied above */ - if (!SMBNTLMv2encrypt_hash(ntlmssp_state, - ntlmssp_state->user, - ntlmssp_state->domain, - ntlmssp_state->nt_hash, &challenge_blob, - &struct_blob, + if (!SMBNTLMv2encrypt_hash(ntlmssp_state, + ntlmssp_state->user, + ntlmssp_state->domain, + ntlmssp_state->nt_hash, &challenge_blob, + &struct_blob, &lm_response, &nt_response, NULL, &session_key)) { data_blob_free(&challenge_blob); @@ -1106,7 +1106,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, nt_response.data); session_key = data_blob_talloc(ntlmssp_state, NULL, 16); - if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) + if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && lp_client_lanman_auth()) { SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data, session_key.data); @@ -1139,14 +1139,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, } /* this generates the actual auth packet */ - if (!msrpc_gen(ntlmssp_state, next_request, auth_gen_string, - "NTLMSSP", - NTLMSSP_AUTH, + if (!msrpc_gen(ntlmssp_state, next_request, auth_gen_string, + "NTLMSSP", + NTLMSSP_AUTH, lm_response.data, lm_response.length, nt_response.data, nt_response.length, - ntlmssp_state->domain, - ntlmssp_state->user, - ntlmssp_state->get_global_myname(), + ntlmssp_state->domain, + ntlmssp_state->user, + ntlmssp_state->get_global_myname(), encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags)) { @@ -1194,7 +1194,7 @@ NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state) (*ntlmssp_state)->ref_count = 1; - (*ntlmssp_state)->neg_flags = + (*ntlmssp_state)->neg_flags = NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_NTLM | diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index 030161f76c..752749cdd8 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -1,19 +1,19 @@ -/* +/* * Unix SMB/CIFS implementation. * Version 3.0 * NTLMSSP Signing routines * Copyright (C) Andrew Bartlett 2003-2005 - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ @@ -36,7 +36,7 @@ * */ -static void dump_arc4_state(const char *description, +static void dump_arc4_state(const char *description, struct arcfour_state *state) { dump_data_pw(description, state->sbox, sizeof(state->sbox)); @@ -59,7 +59,7 @@ enum ntlmssp_direction { }; static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, - const uchar *data, size_t length, + const uchar *data, size_t length, const uchar *whole_pdu, size_t pdu_length, enum ntlmssp_direction direction, DATA_BLOB *sig, @@ -128,7 +128,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, if (!msrpc_gen(ntlmssp_state, sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) { return NT_STATUS_NO_MEMORY; } - + ntlmssp_state->ntlmv1_seq_num++; dump_arc4_state("ntlmssp hash: \n", &ntlmssp_state->ntlmv1_arc4_state); @@ -138,9 +138,9 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, } NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state, - const uchar *data, size_t length, - const uchar *whole_pdu, size_t pdu_length, - DATA_BLOB *sig) + const uchar *data, size_t length, + const uchar *whole_pdu, size_t pdu_length, + DATA_BLOB *sig) { NTSTATUS nt_status; @@ -163,15 +163,15 @@ NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state, } /** - * Check the signature of an incoming packet - * @note caller *must* check that the signature is the size it expects + * Check the signature of an incoming packet + * @note caller *must* check that the signature is the size it expects * */ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state, - const uchar *data, size_t length, - const uchar *whole_pdu, size_t pdu_length, - const DATA_BLOB *sig) + const uchar *data, size_t length, + const uchar *whole_pdu, size_t pdu_length, + const DATA_BLOB *sig) { DATA_BLOB local_sig; NTSTATUS nt_status; @@ -182,7 +182,7 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state, } if (sig->length < 8) { - DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", + DEBUG(0, ("NTLMSSP packet check failed due to short signature (%lu bytes)!\n", (unsigned long)sig->length)); } @@ -190,13 +190,13 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state, data, length, whole_pdu, pdu_length, NTLMSSP_RECEIVE, &local_sig, True); - + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status))); data_blob_free(&local_sig); return nt_status; } - + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (local_sig.length != sig->length || memcmp(local_sig.data, sig->data, sig->length) != 0) { @@ -240,7 +240,7 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, uchar *data, size_t length, uchar *whole_pdu, size_t pdu_length, DATA_BLOB *sig) -{ +{ if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n")); return NT_STATUS_INVALID_PARAMETER; @@ -279,12 +279,12 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, /* The order of these two operations matters - we must first seal the packet, then seal the sequence number - this is becouse the ntlmv1_arc4_state is not constant, but is is rather updated with each iteration */ - - dump_arc4_state("ntlmv1 arc4 state:\n", + + dump_arc4_state("ntlmv1 arc4 state:\n", &ntlmssp_state->ntlmv1_arc4_state); arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, data, length); - dump_arc4_state("ntlmv1 arc4 state:\n", + dump_arc4_state("ntlmv1 arc4 state:\n", &ntlmssp_state->ntlmv1_arc4_state); arcfour_crypt_sbox(&ntlmssp_state->ntlmv1_arc4_state, sig->data+4, sig->length-4); @@ -406,10 +406,10 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) send_seal_key_blob.data = ntlmssp_state->send_seal_key; send_seal_key_blob.length = 16; - arcfour_init(&ntlmssp_state->send_seal_arc4_state, + arcfour_init(&ntlmssp_state->send_seal_arc4_state, &send_seal_key_blob); - dump_arc4_state("NTLMSSP send seal arc4 state:\n", + dump_arc4_state("NTLMSSP send seal arc4 state:\n", &ntlmssp_state->send_seal_arc4_state); /* RECV: sign key */ @@ -421,16 +421,16 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) /* RECV: seal ARCFOUR pad */ calc_ntlmv2_key(ntlmssp_state->recv_seal_key, weak_session_key, recv_seal_const); - + dump_data_pw("NTLMSSP recv seal key:\n", ntlmssp_state->recv_seal_key, 16); - + recv_seal_blob.data = ntlmssp_state->recv_seal_key; recv_seal_blob.length = 16; arcfour_init(&ntlmssp_state->recv_seal_arc4_state, &recv_seal_blob); - dump_arc4_state("NTLMSSP recv seal arc4 state:\n", + dump_arc4_state("NTLMSSP recv seal arc4 state:\n", &ntlmssp_state->recv_seal_arc4_state); ntlmssp_state->ntlm2_send_seq_num = 0; @@ -463,10 +463,10 @@ NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state) DEBUG(5, ("NTLMSSP Sign/Seal - using NTLM1\n")); - arcfour_init(&ntlmssp_state->ntlmv1_arc4_state, + arcfour_init(&ntlmssp_state->ntlmv1_arc4_state, &weak_session_key); - dump_arc4_state("NTLMv1 arc4 state:\n", + dump_arc4_state("NTLMv1 arc4 state:\n", &ntlmssp_state->ntlmv1_arc4_state); ntlmssp_state->ntlmv1_seq_num = 0; |