summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c27
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h31
-rw-r--r--source4/auth/ntlmssp/ntlmssp_client.c5
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c7
-rw-r--r--source4/auth/ntlmssp/ntlmssp_sign.c1
5 files changed, 21 insertions, 50 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index e649bba4db..633199f463 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
@@ -81,30 +82,28 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SIGN\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_SEAL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_SEAL\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM_STYLE)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM_STYLE\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DATAGRAM\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_LM_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NETWARE)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NETWARE\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n"));
- if (neg_flags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
- DEBUGADD(4, (" NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_ALWAYS_SIGN\n"));
- if (neg_flags & NTLMSSP_CHAL_ACCEPT_RESPONSE)
- DEBUGADD(4, (" NTLMSSP_CHAL_ACCEPT_RESPONSE\n"));
- if (neg_flags & NTLMSSP_CHAL_NON_NT_SESSION_KEY)
- DEBUGADD(4, (" NTLMSSP_CHAL_NON_NT_SESSION_KEY\n"));
+ if (neg_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
+ DEBUGADD(4, (" NTLMSSP_REQUEST_NON_NT_SESSION_KEY\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_NTLM2\n"));
- if (neg_flags & NTLMSSP_CHAL_TARGET_INFO)
- DEBUGADD(4, (" NTLMSSP_CHAL_TARGET_INFO\n"));
+ if (neg_flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+ DEBUGADD(4, (" NTLMSSP_NEGOTIATE_TARGET_INFO\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_128)
DEBUGADD(4, (" NTLMSSP_NEGOTIATE_128\n"));
if (neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
@@ -295,8 +294,8 @@ void ntlmssp_handle_neg_flags(struct gensec_ntlmssp_state *gensec_ntlmssp_state,
/* Woop Woop - unknown flag for Windows compatibility...
What does this really do ? JRA. */
- if (!(neg_flags & NTLMSSP_UNKNOWN_02000000)) {
- gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_UNKNOWN_02000000;
+ if (!(neg_flags & NTLMSSP_NEGOTIATE_VERSION)) {
+ gensec_ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_VERSION;
}
if ((neg_flags & NTLMSSP_REQUEST_TARGET)) {
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index ff7225bb3c..d46b12000f 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -39,37 +39,6 @@ enum ntlmssp_message_type
NTLMSSP_DONE = 5 /* samba final state */
};
-/* NTLMSSP negotiation flags */
-#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
-#define NTLMSSP_NEGOTIATE_OEM 0x00000002
-#define NTLMSSP_REQUEST_TARGET 0x00000004
-#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* Message integrity */
-#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* Message confidentiality */
-#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
-#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
-#define NTLMSSP_NEGOTIATE_NETWARE 0x00000100
-#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
-#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
-#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
-#define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 0x00004000
-#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
-#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000
-#define NTLMSSP_TARGET_TYPE_SERVER 0x20000
-#define NTLMSSP_CHAL_INIT_RESPONSE 0x00010000
-
-#define NTLMSSP_CHAL_ACCEPT_RESPONSE 0x00020000
-#define NTLMSSP_CHAL_NON_NT_SESSION_KEY 0x00040000
-#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
-#define NTLMSSP_CHAL_TARGET_INFO 0x00800000
-#define NTLMSSP_UNKNOWN_02000000 0x02000000
-#define NTLMSSP_NEGOTIATE_128 0x20000000 /* 128-bit encryption */
-#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
-#define NTLMSSP_NEGOTIATE_56 0x80000000
-
-#define NTLMSSP_SIGN_VERSION 1
-
-#define NTLMSSP_SIG_SIZE 16
-
struct gensec_ntlmssp_state
{
struct gensec_security *gensec_security;
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c
index d3c1165994..87794ae048 100644
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../lib/crypto/crypto.h"
#include "../libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
@@ -141,14 +142,14 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
ntlmssp_handle_neg_flags(gensec_ntlmssp_state, chal_flags, gensec_ntlmssp_state->allow_lm_key);
if (gensec_ntlmssp_state->unicode) {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdUdbddB";
} else {
chal_parse_string = "CdUdbdd";
}
auth_gen_string = "CdBBUUUBd";
} else {
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
chal_parse_string = "CdAdbddB";
} else {
chal_parse_string = "CdAdbdd";
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index 8cb2b1f460..a83df7377f 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "system/network.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"
@@ -91,7 +92,7 @@ static const char *ntlmssp_target_name(struct gensec_ntlmssp_state *gensec_ntlms
uint32_t neg_flags, uint32_t *chal_flags)
{
if (neg_flags & NTLMSSP_REQUEST_TARGET) {
- *chal_flags |= NTLMSSP_CHAL_TARGET_INFO;
+ *chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
*chal_flags |= NTLMSSP_REQUEST_TARGET;
if (gensec_ntlmssp_state->server_role == ROLE_STANDALONE) {
*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
@@ -179,7 +180,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
gensec_ntlmssp_state->internal_chal = data_blob_talloc(gensec_ntlmssp_state, cryptkey, 8);
/* This creates the 'blob' of names that appears at the end of the packet */
- if (chal_flags & NTLMSSP_CHAL_TARGET_INFO) {
+ if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
char dnsdomname[MAXHOSTNAMELEN], dnsname[MAXHOSTNAMELEN];
const char *target_name_dns = "";
@@ -762,7 +763,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
gensec_ntlmssp_state->server_multiple_authentications = false;
gensec_ntlmssp_state->neg_flags =
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_UNKNOWN_02000000;
+ NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
gensec_ntlmssp_state->lm_resp = data_blob(NULL, 0);
gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 957d0a8fbc..6e5a08c5a1 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "auth/ntlmssp/ntlmssp.h"
+#include "../librpc/gen_ndr/ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/crypto.h"
#include "auth/gensec/gensec.h"