diff options
Diffstat (limited to 'source4/auth/ntlmssp')
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.c | 27 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp.h | 31 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_client.c | 5 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 7 | ||||
-rw-r--r-- | source4/auth/ntlmssp/ntlmssp_sign.c | 1 |
5 files changed, 21 insertions, 50 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index e649bba4db..633199f463 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "../librpc/gen_ndr/ntlmssp.h" #include "../libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" @@ -81,30 +82,28 @@ void debug_ntlmssp_flags(uint32_t neg_flags) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n")); if (neg_flags & NTLMSSP_NEGOTIATE_SEAL) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE) - DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM\n")); if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NTLM) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED) - DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n")); - if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED) - DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n")); if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n")); if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n")); - if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE) - DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n")); - if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY) - DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n")); + if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY) + DEBUGADD(4, (" NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n")); if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n")); - if (neg_flags & NTLMSSP_CHAL_TARGET_INFO) - DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n")); + if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) + DEBUGADD(4, (" NTLMSSP_NEGOTIATE_TARGET_INFO\n")); if (neg_flags & NTLMSSP_NEGOTIATE_128) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n")); if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) @@ -295,8 +294,8 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state, /* Woop Woop - unknown flag for Windows compatibility... What does this really do ? JRA. */ - if (!(neg_flags & NTLMSSP_UNKNOWN_02000000)) { - gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_UNKNOWN_02000000; + if (!(neg_flags & NTLMSSP_NEGOTIATE_VERSION)) { + gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_VERSION; } if ((neg_flags & NTLMSSP_REQUEST_TARGET)) { diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h index ff7225bb3c..d46b12000f 100644 --- a/source4/auth/ntlmssp/ntlmssp.h +++ b/source4/auth/ntlmssp/ntlmssp.h @@ -39,37 +39,6 @@ enum ntlmssp_message_type NTLMSSP_DONE = 5 /* samba final state */ }; -/* NTLMSSP negotiation flags */ -#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 -#define NTLMSSP_NEGOTIATE_OEM 0x00000002 -#define NTLMSSP_REQUEST_TARGET 0x00000004 -#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* Message integrity */ -#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* Message confidentiality */ -#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040 -#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 -#define NTLMSSP_NEGOTIATE_NETWARE 0x00000100 -#define NTLMSSP_NEGOTIATE_NTLM 0x00000200 -#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000 -#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000 -#define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 0x00004000 -#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 -#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000 -#define NTLMSSP_TARGET_TYPE_SERVER 0x20000 -#define NTLMSSP_CHAL_INIT_RESPONSE 0x00010000 - -#define NTLMSSP_CHAL_ACCEPT_RESPONSE 0x00020000 -#define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000 -#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 -#define NTLMSSP_CHAL_TARGET_INFO 0x00800000 -#define NTLMSSP_UNKNOWN_02000000 0x02000000 -#define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */ -#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 -#define NTLMSSP_NEGOTIATE_56 0x80000000 - -#define NTLMSSP_SIGN_VERSION 1 - -#define NTLMSSP_SIG_SIZE 16 - struct gensec_ntlmssp_state { struct gensec_security *gensec_security; diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index d3c1165994..87794ae048 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "../librpc/gen_ndr/ntlmssp.h" #include "../lib/crypto/crypto.h" #include "../libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" @@ -141,14 +142,14 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, ntlmssp_handle_neg_flags(gensec_ntlmssp_state, chal_flags, gensec_ntlmssp_state->allow_lm_key); if (gensec_ntlmssp_state->unicode) { - if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) { + if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { chal_parse_string = "CdUdbddB"; } else { chal_parse_string = "CdUdbdd"; } auth_gen_string = "CdBBUUUBd"; } else { - if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) { + if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { chal_parse_string = "CdAdbddB"; } else { chal_parse_string = "CdAdbdd"; diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 8cb2b1f460..a83df7377f 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -24,6 +24,7 @@ #include "includes.h" #include "system/network.h" #include "auth/ntlmssp/ntlmssp.h" +#include "../librpc/gen_ndr/ntlmssp.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" #include "auth/gensec/gensec.h" @@ -91,7 +92,7 @@ static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlms uint32_t neg_flags, uint32_t *chal_flags) { if (neg_flags & NTLMSSP_REQUEST_TARGET) { - *chal_flags |= NTLMSSP_CHAL_TARGET_INFO; + *chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO; *chal_flags |= NTLMSSP_REQUEST_TARGET; if (gensec_ntlmssp_state->server_role == ROLE_STANDALONE) { *chal_flags |= NTLMSSP_TARGET_TYPE_SERVER; @@ -179,7 +180,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8); /* This creates the 'blob' of names that appears at the end of the packet */ - if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) { + if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) { char dnsdomname[MAXHOSTNAMELEN], dnsname[MAXHOSTNAMELEN]; const char *target_name_dns = ""; @@ -762,7 +763,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->server_multiple_authentications = false; gensec_ntlmssp_state->neg_flags = - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000; + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION; gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0); gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0); diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index 957d0a8fbc..6e5a08c5a1 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -21,6 +21,7 @@ #include "includes.h" #include "auth/ntlmssp/ntlmssp.h" +#include "../librpc/gen_ndr/ntlmssp.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/crypto.h" #include "auth/gensec/gensec.h" |