summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/ntlmssp')
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c32
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h3
-rw-r--r--source4/auth/ntlmssp/ntlmssp_client.c41
-rw-r--r--source4/auth/ntlmssp/ntlmssp_parse.c40
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c117
-rw-r--r--source4/auth/ntlmssp/ntlmssp_sign.c16
6 files changed, 102 insertions, 147 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index a2d2d22170..f957ac9dbd 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -199,7 +199,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB input, DATA_BLOB *out)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
NTSTATUS status;
uint32_t i;
@@ -229,7 +229,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
DATA_BLOB *session_key)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
if (!gensec_ntlmssp_state->session_key.data) {
return NT_STATUS_NO_USER_SESSION_KEY;
@@ -240,16 +240,16 @@ NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security,
}
void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
- uint32_t neg_flags, BOOL allow_lm)
+ uint32_t neg_flags, bool allow_lm)
{
if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
- gensec_ntlmssp_state->unicode = True;
+ gensec_ntlmssp_state->unicode = true;
} else {
gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE;
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
- gensec_ntlmssp_state->unicode = False;
+ gensec_ntlmssp_state->unicode = false;
}
if ((neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && allow_lm && !gensec_ntlmssp_state->use_ntlmv2) {
@@ -341,40 +341,40 @@ DATA_BLOB ntlmssp_weakend_key(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
return weakened_key;
}
-static BOOL gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
+static bool gensec_ntlmssp_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
if (feature & GENSEC_FEATURE_SIGN) {
if (!gensec_ntlmssp_state->session_key.length) {
- return False;
+ return false;
}
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
- return True;
+ return true;
}
}
if (feature & GENSEC_FEATURE_SEAL) {
if (!gensec_ntlmssp_state->session_key.length) {
- return False;
+ return false;
}
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
- return True;
+ return true;
}
}
if (feature & GENSEC_FEATURE_SESSION_KEY) {
if (gensec_ntlmssp_state->session_key.length) {
- return True;
+ return true;
}
}
if (feature & GENSEC_FEATURE_DCE_STYLE) {
- return True;
+ return true;
}
if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
- return True;
+ return true;
}
}
- return False;
+ return false;
}
NTSTATUS gensec_ntlmssp_start(struct gensec_security *gensec_security)
@@ -418,7 +418,7 @@ static const struct gensec_security_ops gensec_ntlmssp_security_ops = {
.session_key = gensec_ntlmssp_session_key,
.session_info = gensec_ntlmssp_session_info,
.have_feature = gensec_ntlmssp_have_feature,
- .enabled = True,
+ .enabled = true,
.priority = GENSEC_NTLMSSP
};
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 282fcbc510..e39e2d9407 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -93,7 +93,7 @@ struct gensec_ntlmssp_state
style 'challenge caching' */
char *user;
- char *domain;
+ const char *domain;
const char *workstation;
char *server_domain;
@@ -156,7 +156,6 @@ struct gensec_ntlmssp_state
DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
const char *server_name;
- const char *(*get_domain)(void);
bool doing_ntlm2;
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index 3f507908f2..61d6f1b25f 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -28,6 +28,7 @@
#include "libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
+#include "param/param.h"
/*********************************************************************
Client side NTLMSSP
@@ -47,7 +48,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
DATA_BLOB in, DATA_BLOB *out)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
if (gensec_ntlmssp_state->unicode) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
@@ -65,7 +66,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
"NTLMSSP",
NTLMSSP_NEGOTIATE,
gensec_ntlmssp_state->neg_flags,
- gensec_ntlmssp_state->get_domain(),
+ gensec_ntlmssp_state->domain,
cli_credentials_get_workstation(gensec_security->credentials));
gensec_ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;
@@ -87,7 +88,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
uint32_t chal_flags, ntlmssp_command, unkn1, unkn2;
DATA_BLOB server_domain_blob;
DATA_BLOB challenge_blob;
@@ -180,7 +181,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
if (gensec_ntlmssp_state->use_nt_response) {
flags |= CLI_CRED_NTLM_AUTH;
}
- if (lp_client_lanman_auth()) {
+ if (lp_client_lanman_auth(global_loadparm)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
@@ -205,7 +206,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
}
if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- && lp_client_lanman_auth() && lm_session_key.length == 16) {
+ && lp_client_lanman_auth(global_loadparm) && lm_session_key.length == 16) {
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (lm_response.length == 24) {
SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
@@ -292,21 +293,21 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
- gensec_ntlmssp_state = gensec_security->private_data;
+ gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
- gensec_ntlmssp_state->get_domain = lp_workgroup;
+ gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm);
- gensec_ntlmssp_state->unicode = lp_parm_bool(-1, "ntlmssp_client", "unicode", True);
+ gensec_ntlmssp_state->unicode = lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "unicode", true);
- gensec_ntlmssp_state->use_nt_response = lp_parm_bool(-1, "ntlmssp_client", "send_nt_reponse", True);
+ gensec_ntlmssp_state->use_nt_response = lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "send_nt_reponse", true);
- gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth()
- && (lp_parm_bool(-1, "ntlmssp_client", "allow_lm_key", False)
- || lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)));
+ gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(global_loadparm)
+ && (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "allow_lm_key", false)
+ || lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "lm_key", false)));
- gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth();
+ gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(global_loadparm);
gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL;
@@ -314,31 +315,31 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_REQUEST_TARGET;
- if (lp_parm_bool(-1, "ntlmssp_client", "128bit", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "56bit", False)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "56bit", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "lm_key", False)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "lm_key", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "keyexchange", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "alwayssign", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(-1, "ntlmssp_client", "ntlm2", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_client", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
} else {
/* apparently we can't do ntlmv2 if we don't do ntlm2 */
- gensec_ntlmssp_state->use_ntlmv2 = False;
+ gensec_ntlmssp_state->use_ntlmv2 = false;
}
if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
diff --git a/source4/auth/ntlmssp/ntlmssp_parse.c b/source4/auth/ntlmssp/ntlmssp_parse.c
index 98594f1fc3..ea9b52e432 100644
--- a/source4/auth/ntlmssp/ntlmssp_parse.c
+++ b/source4/auth/ntlmssp/ntlmssp_parse.c
@@ -40,7 +40,7 @@
d = word (4 bytes)
C = constant ascii string
*/
-BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
+bool msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
const char *format, ...)
{
int i;
@@ -66,7 +66,7 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
head_size += 8;
n = push_ucs2_talloc(pointers, (void **)&pointers[i].data, s);
if (n == -1) {
- return False;
+ return false;
}
pointers[i].length = n;
pointers[i].length -= 2;
@@ -77,7 +77,7 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
head_size += 8;
n = push_ascii_talloc(pointers, (char **)&pointers[i].data, s);
if (n == -1) {
- return False;
+ return false;
}
pointers[i].length = n;
pointers[i].length -= 1;
@@ -89,7 +89,7 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
s = va_arg(ap, char *);
n = push_ucs2_talloc(pointers, (void **)&pointers[i].data, s);
if (n == -1) {
- return False;
+ return false;
}
pointers[i].length = n;
pointers[i].length -= 2;
@@ -175,14 +175,14 @@ BOOL msrpc_gen(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
talloc_free(pointers);
- return True;
+ return true;
}
/* a helpful macro to avoid running over the end of our blob */
#define NEED_DATA(amount) \
if ((head_ofs + amount) > blob->length) { \
- return False; \
+ return false; \
}
/*
@@ -198,7 +198,7 @@ if ((head_ofs + amount) > blob->length) { \
C = constant ascii string
*/
-BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
+bool msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
const char *format, ...)
{
int i;
@@ -226,21 +226,21 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
} else {
/* make sure its in the right format - be strict */
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
+ return false;
}
if (len1 & 1) {
/* if odd length and unicode */
- return False;
+ return false;
}
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return False;
+ return false;
if (0 < len1) {
pull_string(p, blob->data + ptr, sizeof(p),
len1, STR_UNICODE|STR_NOALIGN);
(*ps) = talloc_strdup(mem_ctx, p);
if (!(*ps)) {
- return False;
+ return false;
}
} else {
(*ps) = "";
@@ -259,18 +259,18 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
*ps = "";
} else {
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
+ return false;
}
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return False;
+ return false;
if (0 < len1) {
pull_string(p, blob->data + ptr, sizeof(p),
len1, STR_ASCII|STR_NOALIGN);
(*ps) = talloc_strdup(mem_ctx, p);
if (!(*ps)) {
- return False;
+ return false;
}
} else {
(*ps) = "";
@@ -289,11 +289,11 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
} else {
/* make sure its in the right format - be strict */
if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) {
- return False;
+ return false;
}
if (blob->data + ptr < (uint8_t *)ptr || blob->data + ptr < blob->data)
- return False;
+ return false;
*b = data_blob_talloc(mem_ctx, blob->data + ptr, len1);
}
@@ -304,7 +304,7 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
/* make sure its in the right format - be strict */
NEED_DATA(len1);
if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return False;
+ return false;
*b = data_blob_talloc(mem_ctx, blob->data + head_ofs, len1);
head_ofs += len1;
@@ -318,18 +318,18 @@ BOOL msrpc_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob,
s = va_arg(ap, char *);
if (blob->data + head_ofs < (uint8_t *)head_ofs || blob->data + head_ofs < blob->data)
- return False;
+ return false;
head_ofs += pull_string(p, blob->data+head_ofs, sizeof(p),
blob->length - head_ofs,
STR_ASCII|STR_TERMINATE);
if (strcmp(s, p) != 0) {
- return False;
+ return false;
}
break;
}
}
va_end(ap);
- return True;
+ return true;
}
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 18e38cf6bf..79a17e5733 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -25,12 +25,12 @@
#include "auth/ntlmssp/ntlmssp.h"
#include "auth/ntlmssp/msrpc_parse.h"
#include "lib/crypto/crypto.h"
-#include "pstring.h"
#include "system/filesys.h"
#include "libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/auth.h"
+#include "param/param.h"
/**
* Set a username on an NTLMSSP context - ensures it is talloc()ed
@@ -98,66 +98,13 @@ static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlms
return gensec_ntlmssp_state->server_name;
} else {
*chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
- return gensec_ntlmssp_state->get_domain();
+ return gensec_ntlmssp_state->domain;
};
} else {
return "";
}
}
-/*
- Andrew, please remove these totally bogus calls when you get time
-*/
-static BOOL get_myfullname(char *my_name)
-{
- pstring hostname;
-
- *hostname = 0;
-
- /* get my host name */
- if (gethostname(hostname, sizeof(hostname)) == -1) {
- DEBUG(0,("gethostname failed\n"));
- return False;
- }
-
- /* Ensure null termination. */
- hostname[sizeof(hostname)-1] = '\0';
-
- if (my_name)
- fstrcpy(my_name, hostname);
- return True;
-}
-
-static BOOL get_mydomname(char *my_domname)
-{
- pstring hostname;
- char *p;
-
- /* arrgh! relies on full name in system */
-
- *hostname = 0;
- /* get my host name */
- if (gethostname(hostname, sizeof(hostname)) == -1) {
- DEBUG(0,("gethostname failed\n"));
- return False;
- }
-
- /* Ensure null termination. */
- hostname[sizeof(hostname)-1] = '\0';
-
- p = strchr_m(hostname, '.');
-
- if (!p)
- return False;
-
- p++;
-
- if (my_domname)
- fstrcpy(my_domname, p);
-
- return True;
-}
-
/**
@@ -174,9 +121,10 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
DATA_BLOB struct_blob;
- fstring dnsname, dnsdomname;
+ char dnsname[MAXHOSTNAMELEN], dnsdomname[MAXHOSTNAMELEN];
+ const char *p;
uint32_t neg_flags = 0;
uint32_t ntlmssp_command, chal_flags;
const uint8_t *cryptkey;
@@ -227,13 +175,20 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
gensec_ntlmssp_state->chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
- /* This should be a 'netbios domain -> DNS domain' mapping */
- dnsdomname[0] = '\0';
- get_mydomname(dnsdomname);
- strlower_m(dnsdomname);
-
dnsname[0] = '\0';
- get_myfullname(dnsname);
+ if (gethostname(dnsname, sizeof(dnsname)) == -1) {
+ DEBUG(0,("gethostname failed\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* This should be a 'netbios domain -> DNS domain' mapping */
+ p = strchr(dnsname, '.');
+ if (p != NULL) {
+ safe_strcpy(dnsdomname, p+1, sizeof(dnsdomname));
+ strlower_m(dnsdomname);
+ } else {
+ dnsdomname[0] = '\0';
+ }
/* This creates the 'blob' of names that appears at the end of the packet */
if (chal_flags & NTLMSSP_CHAL_TARGET_INFO)
@@ -404,7 +359,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_ntlmssp_state *gensec_ntlms
SMB_ASSERT(gensec_ntlmssp_state->internal_chal.data
&& gensec_ntlmssp_state->internal_chal.length == 8);
- gensec_ntlmssp_state->doing_ntlm2 = True;
+ gensec_ntlmssp_state->doing_ntlm2 = true;
memcpy(gensec_ntlmssp_state->crypt.ntlm2.session_nonce, gensec_ntlmssp_state->internal_chal.data, 8);
memcpy(&gensec_ntlmssp_state->crypt.ntlm2.session_nonce[8], gensec_ntlmssp_state->lm_resp.data, 8);
@@ -447,7 +402,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
DATA_BLOB *user_session_key,
DATA_BLOB *lm_session_key)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
NTSTATUS nt_status;
DATA_BLOB session_key = data_blob(NULL, 0);
@@ -594,7 +549,7 @@ NTSTATUS ntlmssp_server_auth(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
DATA_BLOB user_session_key = data_blob(NULL, 0);
DATA_BLOB lm_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
@@ -662,7 +617,7 @@ static const uint8_t *auth_ntlmssp_get_challenge(const struct gensec_ntlmssp_sta
*
* @return If the effective challenge used by the auth subsystem may be modified
*/
-static BOOL auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
+static bool auth_ntlmssp_may_set_challenge(const struct gensec_ntlmssp_state *gensec_ntlmssp_state)
{
return auth_challenge_may_be_modified(gensec_ntlmssp_state->auth_context);
}
@@ -706,7 +661,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct gensec_ntlmssp_state *gensec_
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
user_info->flags = 0;
- user_info->mapped_state = False;
+ user_info->mapped_state = false;
user_info->client.account_name = gensec_ntlmssp_state->user;
user_info->client.domain_name = gensec_ntlmssp_state->domain;
user_info->workstation_name = gensec_ntlmssp_state->workstation;
@@ -760,7 +715,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_ntlmssp_state->server_info, session_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -784,21 +739,21 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
- gensec_ntlmssp_state = gensec_security->private_data;
+ gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
gensec_ntlmssp_state->role = NTLMSSP_SERVER;
gensec_ntlmssp_state->workstation = NULL;
- gensec_ntlmssp_state->server_name = lp_netbios_name();
+ gensec_ntlmssp_state->server_name = lp_netbios_name(global_loadparm);
- gensec_ntlmssp_state->get_domain = lp_workgroup;
+ gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm);
gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
- gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth()
- && lp_parm_bool(-1, "ntlmssp_server", "allow_lm_key", False));
+ gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(global_loadparm)
+ && lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "allow_lm_key", false));
- gensec_ntlmssp_state->server_multiple_authentications = False;
+ gensec_ntlmssp_state->server_multiple_authentications = false;
gensec_ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000;
@@ -807,23 +762,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
- if (lp_parm_bool(-1, "ntlmssp_server", "128bit", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "56bit", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "56bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "keyexchange", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "alwayssign", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(-1, "ntlmssp_server", "ntlm2", True)) {
+ if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
@@ -844,7 +799,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
- gensec_ntlmssp_state->server_role = lp_server_role();
+ gensec_ntlmssp_state->server_role = lp_server_role(global_loadparm);
return NT_STATUS_OK;
}
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 4eb6156deb..dd8dd450c8 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -65,7 +65,7 @@ static NTSTATUS ntlmssp_make_packet_signature(struct gensec_ntlmssp_state *gense
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
enum ntlmssp_direction direction,
- DATA_BLOB *sig, BOOL encrypt_sig)
+ DATA_BLOB *sig, bool encrypt_sig)
{
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
@@ -137,12 +137,12 @@ _PUBLIC_ NTSTATUS gensec_ntlmssp_sign_packet(struct gensec_security *gensec_secu
const uint8_t *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
return ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
- NTLMSSP_SEND, sig, True);
+ NTLMSSP_SEND, sig, true);
}
/**
@@ -156,7 +156,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
DATA_BLOB local_sig;
NTSTATUS nt_status;
@@ -169,7 +169,7 @@ NTSTATUS gensec_ntlmssp_check_packet(struct gensec_security *gensec_security,
nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
- NTLMSSP_RECEIVE, &local_sig, True);
+ NTLMSSP_RECEIVE, &local_sig, true);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
@@ -220,7 +220,7 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
const uint8_t *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
NTSTATUS nt_status;
if (!gensec_ntlmssp_state->session_key.length) {
DEBUG(3, ("NO session key, cannot seal packet\n"));
@@ -236,7 +236,7 @@ NTSTATUS gensec_ntlmssp_seal_packet(struct gensec_security *gensec_security,
nt_status = ntlmssp_make_packet_signature(gensec_ntlmssp_state, sig_mem_ctx,
data, length,
whole_pdu, pdu_length,
- NTLMSSP_SEND, sig, False);
+ NTLMSSP_SEND, sig, false);
arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, data, length);
if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm2.send_seal_arcfour_state, sig->data+4, 8);
@@ -281,7 +281,7 @@ NTSTATUS gensec_ntlmssp_unseal_packet(struct gensec_security *gensec_security,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
{
- struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security->private_data;
+ struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
if (!gensec_ntlmssp_state->session_key.length) {
DEBUG(3, ("NO session key, cannot unseal packet\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
generated by cgit (git 2.34.1) at 2025-08-21 01:50:16 +0000