7 files changed, 127 insertions, 75 deletions

diff --git a/libcli/auth/ntlmssp.c b/libcli/auth/ntlmssp.c
new file mode 100644
index 0000000000..1be764ec42
--- /dev/null
+++ b/libcli/auth/ntlmssp.c
@@ -0,0 +1,76 @@
+/*
+   Unix SMB/Netbios implementation.
+   Version 3.0
+   handle NLTMSSP, server side
+
+   Copyright (C) Andrew Tridgell      2001
+   Copyright (C) Andrew Bartlett 2001-2003
+   Copyright (C) Andrew Bartlett 2005 (Updated from gensec).
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/auth/ntlmssp.h"
+#include "../libcli/auth/ntlmssp_private.h"
+
+/**
+ * Print out the NTLMSSP flags for debugging
+ * @param neg_flags The flags from the packet
+ */
+void debug_ntlmssp_flags(uint32_t neg_flags)
+{
+	DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
+
+	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_UNICODE\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM\n"));
+	if (neg_flags & NTLMSSP_REQUEST_TARGET)
+		DEBUGADD(4, ("  NTLMSSP_REQUEST_TARGET\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SIGN\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SEAL\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_DATAGRAM\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_LM_KEY\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NETWARE\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
+	if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
+		DEBUGADD(4, ("  NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM2\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_VERSION)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_VERSION\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_128)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_128\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
+	if (neg_flags & NTLMSSP_NEGOTIATE_56)
+		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_56\n"));
+}
diff --git a/libcli/auth/ntlmssp.h b/libcli/auth/ntlmssp.h
index 97192b8c6f..d0a282c350 100644
--- a/libcli/auth/ntlmssp.h
+++ b/libcli/auth/ntlmssp.h
@@ -137,3 +137,25 @@ struct ntlmssp_state
 
 	union ntlmssp_crypt_state *crypt;
 };
+
+/* The following definitions come from libcli/auth/ntlmssp_sign.c  */
+
+NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
+			     TALLOC_CTX *sig_mem_ctx,
+			     const uint8_t *data, size_t length,
+			     const uint8_t *whole_pdu, size_t pdu_length,
+			     DATA_BLOB *sig);
+NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
+			      const uint8_t *data, size_t length,
+			      const uint8_t *whole_pdu, size_t pdu_length,
+			      const DATA_BLOB *sig) ;
+NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
+			     TALLOC_CTX *sig_mem_ctx,
+			     uint8_t *data, size_t length,
+			     const uint8_t *whole_pdu, size_t pdu_length,
+			     DATA_BLOB *sig);
+NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
+			       uint8_t *data, size_t length,
+			       const uint8_t *whole_pdu, size_t pdu_length,
+			       const DATA_BLOB *sig);
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
diff --git a/libcli/auth/ntlmssp_private.h b/libcli/auth/ntlmssp_private.h
new file mode 100644
index 0000000000..0f0c7dbba9
--- /dev/null
+++ b/libcli/auth/ntlmssp_private.h
@@ -0,0 +1,25 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Version 3.0
+ *  NTLMSSP Signing routines
+ *  Copyright (C) Andrew Bartlett 2003-2005
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* For structures internal to the NTLMSSP implementation that should not be exposed */
+
+/* The following definitions come from libcli/auth/ntlmssp.c  */
+
+void debug_ntlmssp_flags(uint32_t neg_flags);
diff --git a/source3/libsmb/ntlmssp_sign.c b/libcli/auth/ntlmssp_sign.c
index 8ae244b70b..61b52c6a61 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/libcli/auth/ntlmssp_sign.c
@@ -25,6 +25,7 @@
 #include "../lib/crypto/arcfour.h"
 #include "../lib/crypto/hmacmd5.h"
 #include "../lib/crypto/crc32.h"
+#include "../libcli/auth/ntlmssp_private.h"
 
 #define CLI_SIGN "session key to client-to-server signing key magic constant"
 #define CLI_SEAL "session key to client-to-server sealing key magic constant"
diff --git a/source3/Makefile.in b/source3/Makefile.in
index f411eeef8a..b8c13cadbe 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -485,7 +485,8 @@ LIBSMB_ERR_OBJ = $(LIBSMB_ERR_OBJ0) $(LIBSMB_ERR_OBJ1) \
 LIBSMB_OBJ0 = \
 	       ../libcli/auth/ntlm_check.o \
 	       libsmb/ntlmssp.o \
-	       libsmb/ntlmssp_sign.o \
+	       ../libcli/auth/ntlmssp.o \
+	       ../libcli/auth/ntlmssp_sign.o \
 	       $(LIBNDR_NTLMSSP_OBJ) \
 	       ../libcli/auth/ntlmssp_ndr.o
 
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 472e1793ca..cae51e5ee3 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3135,7 +3135,6 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status);
 
 /* The following definitions come from libsmb/ntlmssp.c  */
 
-void debug_ntlmssp_flags(uint32 neg_flags);
 NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
 NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
 			    const uint8_t lm_hash[16],
@@ -3161,28 +3160,6 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx,
 			      bool use_ntlmv2,
 			      struct ntlmssp_state **_ntlmssp_state);
 
-/* The following definitions come from libsmb/ntlmssp_sign.c  */
-
-NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
-			     TALLOC_CTX *sig_mem_ctx,
-			     const uint8_t *data, size_t length,
-			     const uint8_t *whole_pdu, size_t pdu_length,
-			     DATA_BLOB *sig);
-NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
-			      const uint8_t *data, size_t length,
-			      const uint8_t *whole_pdu, size_t pdu_length,
-			      const DATA_BLOB *sig) ;
-NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
-			     TALLOC_CTX *sig_mem_ctx,
-			     uint8_t *data, size_t length,
-			     const uint8_t *whole_pdu, size_t pdu_length,
-			     DATA_BLOB *sig);
-NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
-			       uint8_t *data, size_t length,
-			       const uint8_t *whole_pdu, size_t pdu_length,
-			       const DATA_BLOB *sig);
-NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
-
 /* The following definitions come from libsmb/passchange.c  */
 
 NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, 
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 7095426cab..1d475172fe 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -23,6 +23,7 @@
 
 #include "includes.h"
 #include "../libcli/auth/ntlmssp.h"
+#include "../libcli/auth/ntlmssp_private.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../librpc/gen_ndr/ndr_ntlmssp.h"
 #include "../libcli/auth/ntlmssp_ndr.h"
@@ -60,57 +61,6 @@ static const struct ntlmssp_callbacks {
 
 
 /**
- * Print out the NTLMSSP flags for debugging
- * @param neg_flags The flags from the packet
- */
-
-void debug_ntlmssp_flags(uint32_t neg_flags)
-{
-	DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
-
-	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_UNICODE\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_OEM)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM\n"));
-	if (neg_flags & NTLMSSP_REQUEST_TARGET)
-		DEBUGADD(4, ("  NTLMSSP_REQUEST_TARGET\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_SIGN)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SIGN\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_SEAL\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_DATAGRAM\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_LM_KEY\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NETWARE\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
-	if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
-		DEBUGADD(4, ("  NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_NTLM2\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_VERSION)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_VERSION\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_128)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_128\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_KEY_EXCH\n"));
-	if (neg_flags & NTLMSSP_NEGOTIATE_56)
-		DEBUGADD(4, ("  NTLMSSP_NEGOTIATE_56\n"));
-}
-
-/**
  * Default challenge generation code.
  *
  */