summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
Diffstat (limited to 'libcli')
-rw-r--r--libcli/auth/ntlmssp.c60
-rw-r--r--libcli/auth/ntlmssp_private.h7
-rw-r--r--libcli/auth/ntlmssp_server.c53
3 files changed, 120 insertions, 0 deletions
diff --git a/libcli/auth/ntlmssp.c b/libcli/auth/ntlmssp.c
index 1be764ec42..edd532ef46 100644
--- a/libcli/auth/ntlmssp.c
+++ b/libcli/auth/ntlmssp.c
@@ -74,3 +74,63 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
if (neg_flags & NTLMSSP_NEGOTIATE_56)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_56\n"));
}
+
+void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
+ uint32_t neg_flags, bool allow_lm)
+{
+ if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
+ ntlmssp_state->unicode = true;
+ } else {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE;
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
+ ntlmssp_state->unicode = false;
+ }
+
+ if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm) {
+ /* other end forcing us to use LM */
+ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
+ ntlmssp_state->use_ntlmv2 = false;
+ } else {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_56)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
+ }
+
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
+ }
+
+ /* Woop Woop - unknown flag for Windows compatibility...
+ What does this really do ? JRA. */
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_VERSION)) {
+ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_VERSION;
+ }
+
+ if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
+ ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
+ }
+}
diff --git a/libcli/auth/ntlmssp_private.h b/libcli/auth/ntlmssp_private.h
index e2044eea20..cb91987e6e 100644
--- a/libcli/auth/ntlmssp_private.h
+++ b/libcli/auth/ntlmssp_private.h
@@ -42,3 +42,10 @@ union ntlmssp_crypt_state {
/* The following definitions come from libcli/auth/ntlmssp.c */
void debug_ntlmssp_flags(uint32_t neg_flags);
+void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
+ uint32_t neg_flags, bool allow_lm);
+
+/* The following definitions come from libcli/auth/ntlmssp_server.c */
+
+const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
+ uint32_t neg_flags, uint32_t *chal_flags);
diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c
new file mode 100644
index 0000000000..30b5541880
--- /dev/null
+++ b/libcli/auth/ntlmssp_server.c
@@ -0,0 +1,53 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0
+ handle NLTMSSP, server side
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/auth/ntlmssp.h"
+#include "../libcli/auth/ntlmssp_private.h"
+
+/**
+ * Determine correct target name flags for reply, given server role
+ * and negotiated flags
+ *
+ * @param ntlmssp_state NTLMSSP State
+ * @param neg_flags The flags from the packet
+ * @param chal_flags The flags to be set in the reply packet
+ * @return The 'target name' string.
+ */
+
+const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
+ uint32_t neg_flags, uint32_t *chal_flags)
+{
+ if (neg_flags & NTLMSSP_REQUEST_TARGET) {
+ *chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
+ *chal_flags |= NTLMSSP_REQUEST_TARGET;
+ if (ntlmssp_state->server.is_standalone) {
+ *chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
+ return ntlmssp_state->server.netbios_name;
+ } else {
+ *chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
+ return ntlmssp_state->server.netbios_domain;
+ };
+ } else {
+ return "";
+ }
+}